Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN connects for a few minutes, then disconnects

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NicP91 0
      last edited by

      Hi all,

      I have a VPN connection to an online "privacy provider" set router-wide minus a few IP's I have on an Alias. I had followed the guide and set it up, all was working perfectly last week for a week. As of this morning, it was down and my floating kill switch rule kicked in perfectly.

      Regular Internet works fine through the WAN when I change my computer to one of the IP's I've set to pass it. I contacted the VPN provider who verified no issues on their end.

      In OpenVPN Status, I can see Status connected (success) with bytes sent and received.
      However in Gateway status, the the VPN gateway is down.

      If I restart OpenVPN and Filter Reload, the VPN comes up again for 3-5 minutes on average and then randomly cuts back off again (connected but no gateway).

      Has anyone run into this kind of issue before? No config has been changed since working fine for a week. Reloading saved working config made no impact, nor did restarting internet.

      Thanks :)

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @NicP91 0
        last edited by

        @nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:

        I contacted the VPN provider who verified ....

        Normally, you have also the provider's phone app. Or you have the provider's app on a PC etc.
        Disconnect the OpenVPN pfSense OpenVPN cluient to this provider, and start one of the apps on one of your devices.
        Do some tests : ping, surf, chat, download mail, watch a movie etc.
        If all this goes well, you know the provider is up.

        Btw : do check if you use the same providers "end point" (URL of the OpenVPN provider server).

        @nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:

        If I restart OpenVPN and Filter Reload, the VPN comes up again for 3-5 minutes on average and then randomly cuts back off again (connected but no gateway).

        If the "gateway active detector", we call it also "dpinger" doesn't receive replies on it's very regular ping check, it will do what you told it to do : it will undertake action : cycle the interface ....
        So it is important that pings can get send and answers come back.

        Easy to test : use one of your devices, use the same VPN end point, make a connection, and ping 'some one' and check if answer come back.
        The some one can be :

        63fcf041-955a-45e4-9108-00753cd9227a-image.png

        Just be sure that you told yourself : "I know what happens if this IP stops replying to mails" (= it will destroy your connection).

        So I trust that 9.9.9.9 always replies.
        Btw : 9.9.9.9 is an example, normally, I use an IPv4 that I own on one of my VPS servers on the Internet. I manage these device so I know they will reply (from ICMP packets coming from my pfSense WAN).

        f21d3142-a963-412d-9c59-510b472e076a-image.png

        Also, take note : OpenVPN servers from VPN servers are not all equal. It's not a perfect business, servers will get overloaded, go down, shift to another IP, etc etc. If you chose to use brand 'X', you are some what obliged to follow their support forum, locate the page where they list all the servers used, and their status.
        Example : https://www.tunnelbroker.net/status.php

        The advantage of an VPN ISP is that you can pick any country or server URL, just be sure to check if the login settings are the same ( !). If one server is suspected, take another one.

        Btw : you ask questions, but you forgot to mention the answers !!
        Because you have the answers already at your finger tips.
        The OpenVPN client logs !!
        I get it, they are hard to read. But we could do that for you, and tell you what they mean.

        @nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:

        the guide

        The guide ?
        Something tells me it's this one :
        Youtube Video

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        N 1 Reply Last reply Reply Quote 0
        • N
          NicP91 0
          last edited by

          @gertjan Thank you for your reply! I have indeed verified via the apps that the VPN connects and works, so it is this router that is causing the headache! It is likely some form of misconfiguration on my part, but as mentioned previously working fine.

          I have done some more troubleshooting. I turned off the app on my computer set the network card to use the pfSense VPN interface IP address, restarted VPN and filter reload. It comes online, and almost instantly, any form of internet use cancels the connection and THIS is when it goes down. I am querying a DNS or gateway issue at this point.

          I reset it again before having a break and noted it didn't go down the whole time, until I went to use this endpoint, so something's getting crossed over.

          I, too was reading the logs, as was the provider, and originally couldn't see issues, but the logs are a bit more fleshed out since I've altered a few things to try to find the smoking gun. I will attach for reference, with IP's changed for WAN security.

          As for the guide, no, I was not referencing that one! But Tom does good work! 😁openvpn logs.png

          1 Reply Last reply Reply Quote 0
          • N
            NicP91 0 @Gertjan
            last edited by NicP91 0

            @gertjan Update: I regenerated a CA and reconfigured the client. Same issue after several minutes of browsing through the VPN trouble-free, the VPN gateway goes down. I pulled the following system server logs:

            Jan 11 10:27:32 php-fpm 19278 /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_VPNV4.

            Jan 11 10:27:32 php-fpm 19278 /rc.openvpn: Gateway, NONE AVAILABLE

            Jan 11 10:27:31 check_reload_status 315 Reloading filter

            Jan 11 10:27:31 check_reload_status 315 Restarting OpenVPN tunnels/interfaces

            Jan 11 10:27:31 check_reload_status 315 Restarting IPsec tunnels

            Jan 11 10:27:31 check_reload_status 315 updating dyndns VPN_VPNV4

            Jan 11 10:27:31 rc.gateway_alarm 12338 >>> Gateway alarm: VPN_VPNV4 (Addr:9.9.9.9 Alarm:1 RTT:14.746ms RTTsd:1.860ms Loss:21%)

            Upon inspecting the config further, I removed a generic monitor IP from the VPN gateway and it defaulted to the system one. The network came back up and has been seemingly rock solid since. Hope this helps anyone else with issues!

            GertjanG 1 2 Replies Last reply Reply Quote 1
            • GertjanG
              Gertjan @NicP91 0
              last edited by

              @nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:

              I removed a generic monitor IP from the VPN gateway

              You've removed

              48edb90e-ca62-4b81-905c-8edd3fedacad-image.png

              ?

              If the gateway used by your VPN client does reply to ping (ICMP) then that is the default, and best way to go.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 1
              • 1
                123123 @NicP91 0
                last edited by

                @nicp91-0
                (I'm no pro, but...) I'm curious - did you ever try setting the gateway's monitor IP to the IP of the server you're connecting to?

                Also, could be that since 9.9.9.9 is a DNS server, and some of these privacy VPNs might try to get you to use their DNSes (for privacy... maybe they block access to public DNSes like 9.9.9.9).

                Fo my setup, I pinged the server name that's in the .OVPN file from the privacy VPN server and used that IP address in the gateway's monitor IP.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.