OPVPN client disconnects on MAC.
-
Hello, my OpenVPN client disconnects all the time on Mac. I have ping going on this and it drops. After som seconds I can see that the client icon on top show disconnect and then it reconnect. Some times it does not reconnect, in the logs on the client it says it have no username or password. When I manually disconnect and connect is all fine.
I see this in the client logs:
⏎[Jan 30, 2022, 22:07:15] SSL Handshake: peer certificate: CN=Pfsense_openvpn_cert, 4096 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
⏎[Jan 30, 2022, 22:07:15] Session is ACTIVE
⏎[Jan 30, 2022, 22:07:15] EVENT: GET_CONFIG ⏎[Jan 30, 2022, 22:07:15] Sending PUSH_REQUEST to server...
⏎[Jan 30, 2022, 22:07:15] OPTIONS:
0 [dhcp-option] [DNS] [8.8.8.8]
1 [dhcp-option] [DNS] [10.200.0.3]
2 [redirect-gateway] [def1]
3 [route-gateway] [10.210.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [30]
7 [ifconfig] [10.210.0.2] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-256-CBC]⏎[Jan 30, 2022, 22:07:15] TunPersist: new tun context
⏎[Jan 30, 2022, 22:07:15] EVENT: ASSIGN_IP ⏎[Jan 30, 2022, 22:07:15] PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0
control channel: tls-auth enabled
⏎[Jan 30, 2022, 22:07:15] TunPersist: short-term connection scope
⏎[Jan 30, 2022, 22:07:15] CAPTURED OPTIONS:
Session Name: Public IP
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: Public IP
Tunnel Addresses:
10.210.0.2/24 -> 10.210.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
8.8.8.8
10.200.0.3
Search Domains:⏎[Jan 30, 2022, 22:07:15] MacLifeCycle NET_IFACE en0
⏎[Jan 30, 2022, 22:07:15] SetupClient: transmitting tun setup list to /var/run/agent_ovpnconnect.sock
{
"config" :
{
"iface_name" : "",
"layer" : "OSI_LAYER_3",
"tun_prefix" : false
},
"pid" : 543,
"tun" :
{
"adapter_domain_suffix" : "",
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "8.8.8.8",
"ipv6" : false
},
{
"address" : "10.200.0.3",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 1500,
"remote_address" :
{
"address" : "Public IP",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 275,
"ipv4" : true,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "Public IP",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.210.0.2",
"gateway" : "10.210.0.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
}
}
POST unix://[/var/run/agent_ovpnconnect.sock]/tun-setup : 200 OK
{
"iface_name" : "utun7",
"layer" : "OSI_LAYER_3",
"tun_prefix" : true
}
/sbin/ifconfig utun7 down
/sbin/ifconfig utun7 10.210.0.2 10.210.0.1 netmask 255.255.255.0 mtu 1500 up
/sbin/route add -net 10.210.0.0 -netmask 255.255.255.0 10.210.0.2
add net 10.210.0.0: gateway 10.210.0.2
/sbin/route add -net Public IP -netmask 255.255.255.255 10.10.0.1
add net Public IP: gateway 10.10.0.1
/sbin/route add -net 0.0.0.0 -netmask 128.0.0.0 10.210.0.1
add net 0.0.0.0: gateway 10.210.0.1
/sbin/route add -net 128.0.0.0 -netmask 128.0.0.0 10.210.0.1
add net 128.0.0.0: gateway 10.210.0.1
MacDNSAction: FLAGS=F RD=1 SO=5000 DNS=8.8.8.8 DOM= ADS=
open utun7 SUCCEEDED
⏎[Jan 30, 2022, 22:07:15] Connected via utun7
⏎[Jan 30, 2022, 22:07:15] EVENT: CONNECTED user@Public IP:PORT (Public IP) via /UDPv4 on utun7/10.210.0.2/ gw=[10.210.0.1/]⏎[Jan 30, 2022, 22:07:15] MacLifeCycle NET_IFACE en0
⏎[Jan 30, 2022, 22:07:15] MacLifeCycle NET_STATE 1 status=ReachableViaWiFi flags=-R -------
⏎[Jan 30, 2022, 22:10:24] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Jan 30, 2022, 22:10:24] Client terminated, restarting in 2000 ms...
⏎[Jan 30, 2022, 22:10:24] MacLifeCycle NET_IFACE en0
⏎[Jan 30, 2022, 22:10:25] SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
/sbin/route delete -net 10.210.0.0 -netmask 255.255.255.0 10.210.0.2
delete net 10.210.0.0: gateway 10.210.0.2
/sbin/route delete -net Public IP -netmask 255.255.255.255 10.10.0.1
delete net Public IP: gateway 10.10.0.1
/sbin/route delete -net 0.0.0.0 -netmask 128.0.0.0 10.210.0.1
delete net 0.0.0.0: gateway 10.210.0.1
/sbin/route delete -net 128.0.0.0 -netmask 128.0.0.0 10.210.0.1
delete net 128.0.0.0: gateway 10.210.0.1
/sbin/ifconfig utun7 down
MacDNSAction: FLAGS=F
⏎[Jan 30, 2022, 22:10:25] MacLifeCycle NET_IFACE en0
⏎[Jan 30, 2022, 22:10:25] MacLifeCycle NET_STATE 1 status=ReachableViaWiFi flags=-R -------
⏎[Jan 30, 2022, 22:10:26] EVENT: RECONNECTING ⏎[Jan 30, 2022, 22:10:26] EVENT: RESOLVE ⏎[Jan 30, 2022, 22:10:26] Contacting Public IP:PORT via UDP
⏎[Jan 30, 2022, 22:10:26] EVENT: WAIT ⏎[Jan 30, 2022, 22:10:26] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "Public IP",
"ipv6" : false,
"pid" : 543
}⏎[Jan 30, 2022, 22:10:26] Connecting to [Public IP]:PORT (Public IP) via UDPv4
⏎[Jan 30, 2022, 22:10:26] EVENT: CONNECTING ⏎[Jan 30, 2022, 22:10:26] Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
⏎[Jan 30, 2022, 22:10:26] Creds: Username/Password
⏎[Jan 30, 2022, 22:10:26] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_GUI_VER=OCmacOS_3.3.3-4163
IV_SSO=webauth,openurl,crtext⏎[Jan 30, 2022, 22:10:27] SSL Handshake: peer certificate: CN=Pfsense_openvpn_cert, 4096 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
⏎[Jan 30, 2022, 22:10:27] Session is ACTIVE
⏎[Jan 30, 2022, 22:10:27] EVENT: GET_CONFIG ⏎[Jan 30, 2022, 22:10:27] Sending PUSH_REQUEST to server...
⏎[Jan 30, 2022, 22:10:28] OPTIONS:
0 [dhcp-option] [DNS] [8.8.8.8]
2 [redirect-gateway] [def1]
3 [route-gateway] [10.210.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [30]
7 [ifconfig] [10.210.0.2] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-256-CBC]⏎[Jan 30, 2022, 22:10:28] TunPersist: new tun context
⏎[Jan 30, 2022, 22:10:28] EVENT: ASSIGN_IP ⏎[Jan 30, 2022, 22:10:28] PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0
control channel: tls-auth enabled
⏎[Jan 30, 2022, 22:10:28] TunPersist: short-term connection scope
⏎[Jan 30, 2022, 22:10:28] CAPTURED OPTIONS:
Session Name: Public IP
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: Public IP
Tunnel Addresses:
10.210.0.2/24 -> 10.210.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
8.8.8.8
Search Domains:⏎[Jan 30, 2022, 22:10:28] MacLifeCycle NET_IFACE en0
⏎[Jan 30, 2022, 22:10:28] SetupClient: transmitting tun setup list to /var/run/agent_ovpnconnect.sock
{
"config" :
{
"iface_name" : "",
"layer" : "OSI_LAYER_3",
"tun_prefix" : false
},
"pid" : 543,
"tun" :
{
"adapter_domain_suffix" : "",
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "8.8.8.8",
"ipv6" : false
},
{
"address" : "10.200.0.3",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 1500,
"remote_address" :
{
"address" : "Public IP",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 275,
"ipv4" : true,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "Public IP",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.210.0.2",
"gateway" : "10.210.0.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
}
}
POST unix://[/var/run/agent_ovpnconnect.sock]/tun-setup : 200 OK