OpenVPN connects for a few minutes, then disconnects
-
Hi all,
I have a VPN connection to an online "privacy provider" set router-wide minus a few IP's I have on an Alias. I had followed the guide and set it up, all was working perfectly last week for a week. As of this morning, it was down and my floating kill switch rule kicked in perfectly.
Regular Internet works fine through the WAN when I change my computer to one of the IP's I've set to pass it. I contacted the VPN provider who verified no issues on their end.
In OpenVPN Status, I can see Status connected (success) with bytes sent and received.
However in Gateway status, the the VPN gateway is down.If I restart OpenVPN and Filter Reload, the VPN comes up again for 3-5 minutes on average and then randomly cuts back off again (connected but no gateway).
Has anyone run into this kind of issue before? No config has been changed since working fine for a week. Reloading saved working config made no impact, nor did restarting internet.
Thanks :)
-
@nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:
I contacted the VPN provider who verified ....
Normally, you have also the provider's phone app. Or you have the provider's app on a PC etc.
Disconnect the OpenVPN pfSense OpenVPN cluient to this provider, and start one of the apps on one of your devices.
Do some tests : ping, surf, chat, download mail, watch a movie etc.
If all this goes well, you know the provider is up.Btw : do check if you use the same providers "end point" (URL of the OpenVPN provider server).
@nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:
If I restart OpenVPN and Filter Reload, the VPN comes up again for 3-5 minutes on average and then randomly cuts back off again (connected but no gateway).
If the "gateway active detector", we call it also "dpinger" doesn't receive replies on it's very regular ping check, it will do what you told it to do : it will undertake action : cycle the interface ....
So it is important that pings can get send and answers come back.Easy to test : use one of your devices, use the same VPN end point, make a connection, and ping 'some one' and check if answer come back.
The some one can be :Just be sure that you told yourself : "I know what happens if this IP stops replying to mails" (= it will destroy your connection).
So I trust that 9.9.9.9 always replies.
Btw : 9.9.9.9 is an example, normally, I use an IPv4 that I own on one of my VPS servers on the Internet. I manage these device so I know they will reply (from ICMP packets coming from my pfSense WAN).Also, take note : OpenVPN servers from VPN servers are not all equal. It's not a perfect business, servers will get overloaded, go down, shift to another IP, etc etc. If you chose to use brand 'X', you are some what obliged to follow their support forum, locate the page where they list all the servers used, and their status.
Example : https://www.tunnelbroker.net/status.phpThe advantage of an VPN ISP is that you can pick any country or server URL, just be sure to check if the login settings are the same ( !). If one server is suspected, take another one.
Btw : you ask questions, but you forgot to mention the answers !!
Because you have the answers already at your finger tips.
The OpenVPN client logs !!
I get it, they are hard to read. But we could do that for you, and tell you what they mean.@nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:
the guide
The guide ?
Something tells me it's this one :
Youtube Video -
@gertjan Thank you for your reply! I have indeed verified via the apps that the VPN connects and works, so it is this router that is causing the headache! It is likely some form of misconfiguration on my part, but as mentioned previously working fine.
I have done some more troubleshooting. I turned off the app on my computer set the network card to use the pfSense VPN interface IP address, restarted VPN and filter reload. It comes online, and almost instantly, any form of internet use cancels the connection and THIS is when it goes down. I am querying a DNS or gateway issue at this point.
I reset it again before having a break and noted it didn't go down the whole time, until I went to use this endpoint, so something's getting crossed over.
I, too was reading the logs, as was the provider, and originally couldn't see issues, but the logs are a bit more fleshed out since I've altered a few things to try to find the smoking gun. I will attach for reference, with IP's changed for WAN security.
As for the guide, no, I was not referencing that one! But Tom does good work!
-
@gertjan Update: I regenerated a CA and reconfigured the client. Same issue after several minutes of browsing through the VPN trouble-free, the VPN gateway goes down. I pulled the following system server logs:
Jan 11 10:27:32 php-fpm 19278 /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_VPNV4.
Jan 11 10:27:32 php-fpm 19278 /rc.openvpn: Gateway, NONE AVAILABLE
Jan 11 10:27:31 check_reload_status 315 Reloading filter
Jan 11 10:27:31 check_reload_status 315 Restarting OpenVPN tunnels/interfaces
Jan 11 10:27:31 check_reload_status 315 Restarting IPsec tunnels
Jan 11 10:27:31 check_reload_status 315 updating dyndns VPN_VPNV4
Jan 11 10:27:31 rc.gateway_alarm 12338 >>> Gateway alarm: VPN_VPNV4 (Addr:9.9.9.9 Alarm:1 RTT:14.746ms RTTsd:1.860ms Loss:21%)
Upon inspecting the config further, I removed a generic monitor IP from the VPN gateway and it defaulted to the system one. The network came back up and has been seemingly rock solid since. Hope this helps anyone else with issues!
-
@nicp91-0 said in OpenVPN connects for a few minutes, then disconnects:
I removed a generic monitor IP from the VPN gateway
You've removed
?
If the gateway used by your VPN client does reply to ping (ICMP) then that is the default, and best way to go.
-
@nicp91-0
(I'm no pro, but...) I'm curious - did you ever try setting the gateway's monitor IP to the IP of the server you're connecting to?Also, could be that since 9.9.9.9 is a DNS server, and some of these privacy VPNs might try to get you to use their DNSes (for privacy... maybe they block access to public DNSes like 9.9.9.9).
Fo my setup, I pinged the server name that's in the .OVPN file from the privacy VPN server and used that IP address in the gateway's monitor IP.