Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site OpenVPN get service stop after two days

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rduarteoliveira
      last edited by

      Hi everyone!

      I have experience Site to Site OpenVPN issue since 2.5.2-RELEASE (amd64) version.
      The issue that I facing happens two or three days after connected. When the services of both sites get the message: Unable to contact daemon Service not running?

      bb96b9b0-17ee-4827-8259-d3c86e58c41c-image.png

      At the Service Status, I see the service stopped:

      3e071464-6421-4370-99bc-c23db8eb42f1-image.png

      If I just play the Service on both sites, the connection get established, however few days later the scenario get again and again without automatically reconnection....

      I noticed since the new version have got this kind of problem.

      Could someone guide me through it and figure out I can be done?

      Rodolfo.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @rduarteoliveira
        last edited by

        @rduarteoliveira
        Does this happen to the same instance every time?

        Are there hints in the logs? Maybe OpenVPN or System log.

        R 1 Reply Last reply Reply Quote 1
        • R
          rduarteoliveira @viragomann
          last edited by

          @viragomann said in Site to Site OpenVPN get service stop after two days:

          @rduarteoliveira
          Does this happen to the same instance every time?

          Are there hints in the logs? Maybe OpenVPN or System log.

          @viragomann thanks for replying!
          I just take later to reply to get the issue. Last night around 2am local time, I got the issue. I am sharing the OpenVPN, NTP and System logs:

          SYSTEM LOG:
          Dec 2 16:57:40 php-fpm 56589 /index.php: User logged out for user 'admin' from: 172.168.2.154 (Local Database)
          Dec 6 02:17:51 kernel ovpns2: link state changed to DOWN
          Dec 6 02:17:51 check_reload_status 376 Reloading filter
          Dec 6 08:20:14 php-fpm 27441 /index.php: Successful login for user 'admin' from: 172.168.7.3 (Local Database)

          NTP LOG:
          Dec 2 09:51:29 ntpd 45004 Listen normally on 144 ovpns2 [fe80::21c:7fff:fe57:e8c%18]:123
          Dec 6 02:17:53 ntpd 45004 Deleting interface #143 ovpns2, 172.168.8.1#123, interface stats: received=0, sent=0, dropped=0, active_time=318684 secs
          Dec 6 02:17:53 ntpd 45004 Deleting interface #144 ovpns2, fe80::21c:7fff:fe57:e8c%18#123, interface stats: received=0, sent=0, dropped=0, active_time=318384 secs
          Dec 6 08:38:41 ntpd 45004 Listen normally on 145 ovpns2 172.168.8.1:123

          OPENVPN SITE TO SITE LOG:

          Dec 6 02:12:44 openvpn 88857 Inactivity timeout (--ping-restart), restarting
          Dec 6 02:12:44 openvpn 88857 SIGUSR1[soft,ping-restart] received, process restarting
          Dec 6 02:12:49 openvpn 88857 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
          Dec 6 02:12:49 openvpn 88857 Re-using pre-shared static key
          Dec 6 02:12:49 openvpn 88857 Preserving previous TUN/TAP instance: ovpns2
          Dec 6 02:12:49 openvpn 88857 UDPv4 link local (bound): [AF_INET]191.209.30.247:1195
          Dec 6 02:12:49 openvpn 88857 UDPv4 link remote: [AF_UNSPEC]
          Dec 6 02:17:50 openvpn 88857 Inactivity timeout (--inactive), exiting
          Dec 6 02:17:50 openvpn 88857 SIGTERM received, sending exit notification to peer
          Dec 6 02:17:51 openvpn 88857 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1572 172.168.8.1 172.168.8.2 init
          Dec 6 02:17:51 openvpn 88857 SIGTERM[soft,exit-with-notification] received, process exiting

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @rduarteoliveira
            last edited by

            @rduarteoliveira
            Possibly the client is sending an explicit-exit-notify?
            This should not be used in a shared-key setup: https://redmine.pfsense.org/issues/6718

            R 1 Reply Last reply Reply Quote 0
            • R
              rduarteoliveira @viragomann
              last edited by

              @viragomann
              Great! I just applied the recommendation from the issue 6718.
              Let´s wait couple of days to check.

              R 1 Reply Last reply Reply Quote 0
              • R
                rduarteoliveira @rduarteoliveira
                last edited by

                @rduarteoliveira said in Site to Site OpenVPN get service stop after two days:

                @viragomann
                Great! I just applied the recommendation from the issue 6718.
                Let´s wait couple of days to check.

                I have waiting couple of days to be sure it is fixed. I can say it is solved after apply the fix https://redmine.pfsense.org/issues/6718, in order to solve, it is necessary to change on the server too.

                At server, change Exit Notify to Disabled:
                c9dc475d-2eb3-40fd-ac27-e82eab6e5210-image.png

                After this change, my VPN Site-to-site keep always connected.
                Any question please let me know.

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @rduarteoliveira
                  last edited by

                  @rduarteoliveira
                  Thanx for feedback.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.