Connection fails after IP change

theprestigebeefhorn

Hello everyone,

I am using a OpenVPN server running on a pfsense to connect to a network remotely.

Once I get connected, everything works fine this is not the issue.

But as soon as the IP changes the clients (Windows/Android) do not reconnect.

They even resolve the new ip but nothing happens.

Here is a log of an example:

Thu Jan 13 08:05:39 2022 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
Thu Jan 13 08:05:39 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Thu Jan 13 08:05:39 2022 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Thu Jan 13 08:05:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:05:44 2022 UDPv4 link local (bound): [AF_INET][undef]:0
Thu Jan 13 08:05:44 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:05:45 2022 [OpenVPN_Server_Cert] Peer Connection Initiated with [AF_INET]OLD_IP:PORT
Thu Jan 13 08:05:45 2022 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Thu Jan 13 08:05:45 2022 open_tun
Thu Jan 13 08:05:45 2022 tap-windows6 device [OpenVPN TAP-Windows6] opened
Thu Jan 13 08:05:45 2022 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.8.0/10.0.8.41/255.255.255.0 [SUCCEEDED]
Thu Jan 13 08:05:45 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.8.41/255.255.255.0 on interface {C85736C4-5569-43B7-8D07-5DF9595849D4} [DHCP-serv: 10.0.8.254, lease-time: 31536000]
Thu Jan 13 08:05:45 2022 Successful ARP Flush on interface [27] {C84736C7-5269-43B7-8D07-5DF1215847D4}
Thu Jan 13 08:05:45 2022 IPv4 MTU set to 1500 on interface 27 using service
Thu Jan 13 08:05:45 2022 Blocking outside dns using service succeeded.
Thu Jan 13 08:05:51 2022 Initialization Sequence Completed
Thu Jan 13 08:05:51 2022 Register_dns request sent to the service
Thu Jan 13 08:17:26 2022 Connection reset command was pushed by server ('')
Thu Jan 13 08:17:26 2022 Unblocking outside dns using service succeeded.
Thu Jan 13 08:17:26 2022 SIGUSR1[soft,server-pushed-connection-reset] received, process restarting
Thu Jan 13 08:17:33 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:17:33 2022 UDPv4 link local (bound): [AF_INET][undef]:0
Thu Jan 13 08:17:33 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:18:33 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Jan 13 08:18:33 2022 Unblocking outside dns using service succeeded.
Thu Jan 13 08:18:33 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 13 08:18:38 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:18:38 2022 UDPv4 link local (bound): [AF_INET][undef]:0
Thu Jan 13 08:18:38 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:19:38 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Jan 13 08:19:38 2022 Unblocking outside dns using service succeeded.
Thu Jan 13 08:19:38 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 13 08:19:43 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:19:43 2022 UDPv4 link local (bound): [AF_INET][undef]:0
Thu Jan 13 08:19:43 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:20:43 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Jan 13 08:20:43 2022 Unblocking outside dns using service succeeded.
Thu Jan 13 08:20:43 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 13 08:20:48 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:20:48 2022 UDPv4 link local (bound): [AF_INET][undef]:0
Thu Jan 13 08:20:48 2022 UDPv4 link remote: [AF_INET]OLD_IP:PORT
Thu Jan 13 08:21:48 2022 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Jan 13 08:21:48 2022 Unblocking outside dns using service succeeded.
Thu Jan 13 08:21:48 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 13 08:21:53 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]NEW_IP:PORT
Thu Jan 13 08:21:53 2022 UDPv4 link local (bound): [AF_INET][undef]:0
Thu Jan 13 08:21:53 2022 UDPv4 link remote: [AF_INET]NEW_IP:PORT 

In this case i forced a router restart to get a new ip but it would be the same if the pppoe connection got reset on its own.

Only when i press the reconnect button in the windows app and get a

SIGHUP[hard,] received, process restarting

does it then start to work again. However this is a bit unpractical in day to day use.

Any help is more than welcome.

JKnott

@theprestigebeefhorn

I assume you mean the WAN address on pfsense changes. Well, when you created the clients, did you use an IP address? Or host name? If you used an IP address, you'll have to re-export the clients. If a host name, you'll have update the DNS server. With my ISP, the host name doesn't change, unless I change hardware, so I have an alias for that host name on the DNS server. Prior to that, I used the hosts file on the client computer and if the IP address changed, I had to update it to the new address.

viragomann

@theprestigebeefhorn
In the server settings tick Client Settings > Dynamic IP (Allow connected clients to retain their connections if their IP address changes.).

theprestigebeefhorn

@jknott
Yes i mean wan address.
the clients are pointed towards a dynamic dns address which updates correctly to the new ip every time.

@viragomann
Thats already ticked.