Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED! Open-VPN Tunnel stalls after 1 minute

    Scheduled Pinned Locked Moved 1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BobC
      last edited by

      Applies to 1.2.3_RC2 of July 23, 2009, earlier version don't work either.

      We used to use a Linux box to tunnel our local office LAN via nat to our headoffice for internet-traffic. This works perfectly with the Linux box, but with pfSense it never worked, because the virtual tunnel port was not appearing in the GUI. Starting with 1.2.3_RC2 it is now possible to nat thru' the tunnel too.

      This seems to be a often searched feature.

      So I set up a test installation and connected  the same OVPN server.

      This works for about one minute, even with continous pings. Then the connection stalls until the OpenVPN client restarts after the set timeout period. This repeats endless.

      A Linux box running in parallel to the same server works ok (no connetion stall).

      When this happens, I can not ping to the remote tunnel end, but to the local end (from the local LAN and from inside the pfSense shell). ifconfig is still showing the tunnel up.

      I tested it with two different hardware scenarios: a standard PC with two NICs (Live-CD) and with a Alix board (nanoBSD image).

      The same setup, but with version 2.0 alpha-alpha works.

      SOLUTION:
      The problem was in the client-certificate. I had multiple dots in the common name (CN) (i.e.  xyz.abcdef.com). Recreating the certificate with another hostname without dots solved the issue  :'(

      Is this descibed eswhere?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.