Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection fails after IP change

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 694 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theprestigebeefhorn
      last edited by

      Hello everyone,

      I am using a OpenVPN server running on a pfsense to connect to a network remotely.

      Once I get connected, everything works fine this is not the issue.

      But as soon as the IP changes the clients (Windows/Android) do not reconnect.

      They even resolve the new ip but nothing happens.

      Here is a log of an example:

      Thu Jan 13 08:05:39 2022 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
      Thu Jan 13 08:05:39 2022 Windows version 10.0 (Windows 10 or greater) 64bit
      Thu Jan 13 08:05:39 2022 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
      Thu Jan 13 08:05:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:05:44 2022 UDPv4 link local (bound): [AF_INET][undef]:0
      Thu Jan 13 08:05:44 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:05:45 2022 [OpenVPN_Server_Cert] Peer Connection Initiated with [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:05:45 2022 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
      Thu Jan 13 08:05:45 2022 open_tun
      Thu Jan 13 08:05:45 2022 tap-windows6 device [OpenVPN TAP-Windows6] opened
      Thu Jan 13 08:05:45 2022 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.8.0/10.0.8.41/255.255.255.0 [SUCCEEDED]
      Thu Jan 13 08:05:45 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.8.41/255.255.255.0 on interface {C85736C4-5569-43B7-8D07-5DF9595849D4} [DHCP-serv: 10.0.8.254, lease-time: 31536000]
      Thu Jan 13 08:05:45 2022 Successful ARP Flush on interface [27] {C84736C7-5269-43B7-8D07-5DF1215847D4}
      Thu Jan 13 08:05:45 2022 IPv4 MTU set to 1500 on interface 27 using service
      Thu Jan 13 08:05:45 2022 Blocking outside dns using service succeeded.
      Thu Jan 13 08:05:51 2022 Initialization Sequence Completed
      Thu Jan 13 08:05:51 2022 Register_dns request sent to the service
      Thu Jan 13 08:17:26 2022 Connection reset command was pushed by server ('')
      Thu Jan 13 08:17:26 2022 Unblocking outside dns using service succeeded.
      Thu Jan 13 08:17:26 2022 SIGUSR1[soft,server-pushed-connection-reset] received, process restarting
      Thu Jan 13 08:17:33 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:17:33 2022 UDPv4 link local (bound): [AF_INET][undef]:0
      Thu Jan 13 08:17:33 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:18:33 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
      Thu Jan 13 08:18:33 2022 Unblocking outside dns using service succeeded.
      Thu Jan 13 08:18:33 2022 SIGUSR1[soft,ping-restart] received, process restarting
      Thu Jan 13 08:18:38 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:18:38 2022 UDPv4 link local (bound): [AF_INET][undef]:0
      Thu Jan 13 08:18:38 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:19:38 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
      Thu Jan 13 08:19:38 2022 Unblocking outside dns using service succeeded.
      Thu Jan 13 08:19:38 2022 SIGUSR1[soft,ping-restart] received, process restarting
      Thu Jan 13 08:19:43 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:19:43 2022 UDPv4 link local (bound): [AF_INET][undef]:0
      Thu Jan 13 08:19:43 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:20:43 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
      Thu Jan 13 08:20:43 2022 Unblocking outside dns using service succeeded.
      Thu Jan 13 08:20:43 2022 SIGUSR1[soft,ping-restart] received, process restarting
      Thu Jan 13 08:20:48 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:20:48 2022 UDPv4 link local (bound): [AF_INET][undef]:0
      Thu Jan 13 08:20:48 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
      Thu Jan 13 08:21:48 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
      Thu Jan 13 08:21:48 2022 Unblocking outside dns using service succeeded.
      Thu Jan 13 08:21:48 2022 SIGUSR1[soft,ping-restart] received, process restarting
      Thu Jan 13 08:21:53 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]NEW_IP:PORT
      Thu Jan 13 08:21:53 2022 UDPv4 link local (bound): [AF_INET][undef]:0
      Thu Jan 13 08:21:53 2022 UDPv4 link remote: [AF_INET]NEW_IP:PORT 
      

      In this case i forced a router restart to get a new ip but it would be the same if the pppoe connection got reset on its own.

      Only when i press the reconnect button in the windows app and get a

      SIGHUP[hard,] received, process restarting
      

      does it then start to work again. However this is a bit unpractical in day to day use.

      Any help is more than welcome.

      JKnottJ V 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @theprestigebeefhorn
        last edited by

        @theprestigebeefhorn

        I assume you mean the WAN address on pfsense changes. Well, when you created the clients, did you use an IP address? Or host name? If you used an IP address, you'll have to re-export the clients. If a host name, you'll have update the DNS server. With my ISP, the host name doesn't change, unless I change hardware, so I have an alias for that host name on the DNS server. Prior to that, I used the hosts file on the client computer and if the IP address changed, I had to update it to the new address.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        T 1 Reply Last reply Reply Quote 0
        • V
          viragomann @theprestigebeefhorn
          last edited by

          @theprestigebeefhorn
          In the server settings tick Client Settings > Dynamic IP (Allow connected clients to retain their connections if their IP address changes.).

          1 Reply Last reply Reply Quote 0
          • T
            theprestigebeefhorn @JKnott
            last edited by theprestigebeefhorn

            @jknott
            Yes i mean wan address.
            the clients are pointed towards a dynamic dns address which updates correctly to the new ip every time.

            @viragomann
            Thats already ticked.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.