Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.6.0 Fails to Recover after WAN Issues

    General pfSense Questions
    5
    28
    3.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance @stephenw10
      last edited by

      @stephenw10 said in pfSense 2.6.0 Fails to Recover after WAN Issues:

      I would test putting a switch between the modem and pfSense and seeing if that eliminates the issue when rebooting the modem. I would expect it to.

      At the moment I don't have a spare switch available to do that with. Any ideas as to how I might test what is going on (shell script or small php script)? I deactivated my watchdog scripts in favor of the watchdog plugin to see how that works. I have noticed a couple of short gateway issues, but the didn't seem to persist.

      I was thinking maybe if there was a loss of WAN connectivity for 5 minutes, but the WAN showed as up to down the interface for say 10-15 seconds and then bring it up again.

      What is the best FreeBSD way to do that? Based on your knowledge of how the system works, is pfSense likely to bring the WAN back up? If so how quickly?

      Thoughts?

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @guardian
        last edited by

        @guardian

        FWIW, I'm on Rogers and find my service is extremely reliable. One thing you might want to check is the hardware. A flaky (pardon the technical jargon) computer or bad patch cord could cause problems.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        G 1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          You shouldn't need to do more than re-apply the WAN config.
          So I'd first try: /etc/rc.linkup start wan

          G 1 Reply Last reply Reply Quote 1
          • G
            guardian Rebel Alliance @JKnott
            last edited by

            @jknott said in pfSense 2.6.0 Fails to Recover after WAN Issues:

            @guardian

            FWIW, I'm on Rogers and find my service is extremely reliable. One thing you might want to check is the hardware. A flaky (pardon the technical jargon) computer or bad patch cord could cause problems.

            @jknott thanks for the reply. I agree the service is very reliable. I can go for months without a problem, then something happens (based on timing, I think it is likely maintenance), the service goes out, and doesn't recover. When I reboot the router, it appears that pfSense doesn't always come back without intervention.. When I did a reboot to test, I found in the trail that I did that pfSense did not come back online until I briefly disconnected the network cable briefly and then reconnected it. That leads me to the conclusion that there is something going on either at the output of the modem, or with the WAN port.

            BTW what speed service/modem do you have. I have GB/Hitron CPDA-4582U.

            If you find my post useful, please give it a thumbs up!
            pfSense 2.7.2-RELEASE

            JKnottJ 1 Reply Last reply Reply Quote 0
            • G
              guardian Rebel Alliance @stephenw10
              last edited by

              @stephenw10 said in pfSense 2.6.0 Fails to Recover after WAN Issues:

              You shouldn't need to do more than re-apply the WAN config.
              So I'd first try: /etc/rc.linkup start wan

              @stephenw10 - Thanks.... I'll keep that in mind. So far no further issues since my last report. I may go months (or minutes) before the next failure.

              Any idea how I can test if dpinger is functioning correctly? I was thinking about a watchdog that would (assuming dpinger is OK) apply /etc/rc.linkup start wan every 5 minutes until things came back online. Thoughts?

              I'll likely pend this till the next time that I have issues.... likely be on a different version of pfSense by that time.

              If you find my post useful, please give it a thumbs up!
              pfSense 2.7.2-RELEASE

              1 Reply Last reply Reply Quote 0
              • G
                guardian Rebel Alliance
                last edited by

                @guardian said in pfSense 2.6.0 Fails to Recover after WAN Issues:
                @stephenw10 Things have been working well until today. Since you are part of the Netgate team, I though I should ping you on this issue since you were involved before, and maybe someone else might have some bright ideas as well. I've included the log from the relevent time frame at the bottom of this post.

                It appears that the watchdog plugin is not very useful at restarting the OpenVPN client. I had some issues on the WAN, that screwed up the VPN client: (I think this is what started it):

                Mar 2 14:46:14 rc.gateway_alarm 5241 >>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:593.648ms RTTsd:1382.451ms Loss:0%)

                The WAN recovered, but the VPN didn't recover, which caused my wife to ask me to investigate. The WAN was UP, VPN was DOWN.

                I looked in the OpenVPN log and found this:

                Mar 2 17:10:40	openvpn	48841	MANAGEMENT: CMD 'status 2'
Mar 2 17:10:40	openvpn	48841	MANAGEMENT: Client connected from /var/etc/openvpn/server4/sock
Mar 2 17:10:40	openvpn	73327	MANAGEMENT: Client disconnected
Mar 2 17:10:40	openvpn	73327	MANAGEMENT: CMD 'quit'
Mar 2 17:10:39	openvpn	73327	MANAGEMENT: CMD 'status 2'
Mar 2 17:10:39	openvpn	73327	MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock
Mar 2 17:09:53	openvpn	48841	159.203.192.10:54092 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 17:09:53	openvpn	48841	159.203.192.10:54092 Connection reset, restarting [0]
Mar 2 17:09:53	openvpn	48841	159.203.192.10:54092 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 17:09:53	openvpn	48841	TCP connection established with [AF_INET]159.203.192.10:54092
Mar 2 17:09:53	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 17:09:53	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 17:09:53	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 17:09:53	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 17:09:46	openvpn	48841	107.170.253.8:57982 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 17:09:46	openvpn	48841	107.170.253.8:57982 Connection reset, restarting [0]
Mar 2 17:09:46	openvpn	48841	107.170.253.8:57982 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 17:09:46	openvpn	48841	TCP connection established with [AF_INET]107.170.253.8:57982
Mar 2 17:09:46	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 17:09:46	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 17:09:46	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 17:09:46	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 17:09:37	openvpn	48841	MANAGEMENT: Client disconnected
Mar 2 17:09:37	openvpn	48841	MANAGEMENT: CMD 'quit'
Mar 2 17:09:37	openvpn	48841	MANAGEMENT: CMD 'status 2'
Mar 2 17:09:37	openvpn	48841	MANAGEMENT: Client connected from /var/etc/openvpn/server4/sock
Mar 2 17:09:37	openvpn	73327	MANAGEMENT: Client disconnected
Mar 2 17:09:37	openvpn	73327	MANAGEMENT: CMD 'quit'
Mar 2 17:09:36	openvpn	73327	MANAGEMENT: CMD 'status 2'
Mar 2 17:09:36	openvpn	73327	MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: Client disconnected
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: CMD 'quit'
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: CMD 'status 2'
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: Client connected from /var/etc/openvpn/server4/sock
Mar 2 17:08:34	openvpn	73327	MANAGEMENT: Client disconnected
Mar 2 17:08:34	openvpn	73327	MANAGEMENT: CMD 'quit'
Mar 2 17:08:34	openvpn	73327	MANAGEMENT: CMD 'status 2'
Mar 2 17:08:33	openvpn	73327	MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock
Mar 2 17:07:31	openvpn	48841	MANAGEMENT: Client disconnected

                Not sure if that gives any clue.

                I was able to restart the VPN from the GUI, and it stayed up just fine. That tells me that there is something very different about the pfSense Auto restart and the GUI restart.

                I think my little bash script that uses pfSsh.php playback svc restart openvpn, and AFAIK it was successful in solving this issue (when the WAN doesn't screw up too badly. This has been an issue for me for at least 5 years, and when I put in the watchdog script, it seemed to go away.

                P.S: Is there any other way than pfSsh.php playback gatewaystatus to get the status in a more machine readable form that would be easier to work with in a bash script.?

                Mar 2 06:15:00	php	80917	[pfBlockerNG] Starting cron process.
Mar 2 06:16:30	php	80917	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 07:15:00	php	97642	[pfBlockerNG] Starting cron process.
Mar 2 07:16:00	sshguard	90642	Exiting on signal.
Mar 2 07:16:00	sshguard	75986	Now monitoring attacks.
Mar 2 07:16:50	php	97642	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 08:15:00	php	1249	[pfBlockerNG] Starting cron process.
Mar 2 08:17:02	php	1249	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 09:15:00	php	12121	[pfBlockerNG] Starting cron process.
Mar 2 09:17:04	php	12121	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 10:15:00	php	18697	[pfBlockerNG] Starting cron process.
Mar 2 10:17:06	php	18697	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 11:15:00	php	85155	[pfBlockerNG] Starting cron process.
Mar 2 11:16:40	php	85155	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 12:15:00	php	91791	[pfBlockerNG] Starting cron process.
Mar 2 12:17:17	php	91791	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 12:30:00	php	86652	rc.update_urltables: /etc/rc.update_urltables: Starting up.
Mar 2 12:30:00	php	86652	rc.update_urltables: /etc/rc.update_urltables: Sleeping for 33 seconds.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: Starting URL table alias updates
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_MALIP1HR_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_MALIP6HR_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_BBC177IP_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_ULTIMATE_IP_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_PRI1_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_PRI5_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_PRI3_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_PRI2_v4 does not need updating.
Mar 2 12:30:33	php	86652	rc.update_urltables: /etc/rc.update_urltables: pfB_PRI4_v4 does not need updating.
Mar 2 13:08:00	sshguard	75986	Exiting on signal.
Mar 2 13:08:00	sshguard	49929	Now monitoring attacks.
Mar 2 13:15:00	php	62501	[pfBlockerNG] Starting cron process.
Mar 2 13:16:58	php	62501	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 14:15:00	php	14690	[pfBlockerNG] Starting cron process.
Mar 2 14:16:56	php	14690	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 14:46:14	rc.gateway_alarm	5241	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:593.648ms RTTsd:1382.451ms Loss:0%)
Mar 2 14:46:14	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 14:46:14	check_reload_status	396	Restarting IPsec tunnels
Mar 2 14:46:14	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 14:46:14	check_reload_status	396	Reloading filter
Mar 2 14:46:14	rc.gateway_alarm	7363	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:644.890ms RTTsd:1423.938ms Loss:0%)
Mar 2 14:46:14	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 14:46:14	check_reload_status	396	Restarting IPsec tunnels
Mar 2 14:46:14	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 14:46:14	check_reload_status	396	Reloading filter
Mar 2 14:46:15	php-fpm	17557	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 14:46:15	php-fpm	17557	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 14:46:15	php-fpm	22688	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 14:46:15	php-fpm	22688	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 14:46:45	rc.gateway_alarm	48094	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:0 RTT:371.699ms RTTsd:1075.358ms Loss:0%)
Mar 2 14:46:45	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 14:46:45	check_reload_status	396	Restarting IPsec tunnels
Mar 2 14:46:45	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 14:46:45	check_reload_status	396	Reloading filter
Mar 2 14:46:45	rc.gateway_alarm	49922	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:0 RTT:325.207ms RTTsd:1034.753ms Loss:0%)
Mar 2 14:46:45	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 14:46:45	check_reload_status	396	Restarting IPsec tunnels
Mar 2 14:46:45	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 14:46:45	check_reload_status	396	Reloading filter
Mar 2 14:46:46	php-fpm	38038	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 14:46:46	php-fpm	38038	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 14:46:46	php-fpm	91128	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 14:46:46	php-fpm	91128	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:15:00	php	54242	[pfBlockerNG] Starting cron process.
Mar 2 15:16:34	php	54242	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 15:41:07	rc.gateway_alarm	26554	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:895.323ms RTTsd:2288.898ms Loss:0%)
Mar 2 15:41:07	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 15:41:07	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:41:07	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:41:07	check_reload_status	396	Reloading filter
Mar 2 15:41:07	rc.gateway_alarm	28826	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:829.265ms RTTsd:2134.126ms Loss:0%)
Mar 2 15:41:07	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 15:41:07	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:41:07	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:41:07	check_reload_status	396	Reloading filter
Mar 2 15:41:08	php-fpm	76071	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:41:08	php-fpm	76071	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:41:08	php-fpm	91128	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:41:08	php-fpm	91128	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 15:42:10	rc.gateway_alarm	19063	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:0 RTT:34.543ms RTTsd:101.709ms Loss:0%)
Mar 2 15:42:10	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 15:42:10	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:42:10	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:42:10	check_reload_status	396	Reloading filter
Mar 2 15:42:10	rc.gateway_alarm	20991	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:0 RTT:50.193ms RTTsd:102.034ms Loss:0%)
Mar 2 15:42:10	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 15:42:10	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:42:10	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:42:10	check_reload_status	396	Reloading filter
Mar 2 15:42:11	php-fpm	22688	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:42:11	php-fpm	22688	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:42:11	php-fpm	38038	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:42:11	php-fpm	38038	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 15:48:40	rc.gateway_alarm	63161	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:688.657ms RTTsd:1888.751ms Loss:0%)
Mar 2 15:48:41	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 15:48:41	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:48:41	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:48:41	check_reload_status	396	Reloading filter
Mar 2 15:48:41	rc.gateway_alarm	65610	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:689.002ms RTTsd:1853.070ms Loss:0%)
Mar 2 15:48:41	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 15:48:41	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:48:41	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:48:41	check_reload_status	396	Reloading filter
Mar 2 15:48:42	php-fpm	76071	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:48:42	php-fpm	76071	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:48:42	php-fpm	38038	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:48:42	php-fpm	38038	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 15:49:45	rc.gateway_alarm	58088	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:0 RTT:29.572ms RTTsd:100.481ms Loss:0%)
Mar 2 15:49:45	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 15:49:45	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:49:45	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:49:45	check_reload_status	396	Reloading filter
Mar 2 15:49:46	rc.gateway_alarm	60336	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:0 RTT:52.651ms RTTsd:111.949ms Loss:0%)
Mar 2 15:49:46	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 15:49:46	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:49:46	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:49:46	check_reload_status	396	Reloading filter
Mar 2 15:49:46	php-fpm	74959	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:49:46	php-fpm	74959	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:49:47	php-fpm	22688	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:49:47	php-fpm	22688	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 15:53:43	rc.gateway_alarm	61390	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:958.099ms RTTsd:2407.596ms Loss:0%)
Mar 2 15:53:43	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 15:53:43	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:53:43	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:53:43	check_reload_status	396	Reloading filter
Mar 2 15:53:43	rc.gateway_alarm	63840	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:984.444ms RTTsd:2424.976ms Loss:0%)
Mar 2 15:53:43	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 15:53:43	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:53:43	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:53:43	check_reload_status	396	Reloading filter
Mar 2 15:53:44	php-fpm	17557	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:53:44	php-fpm	17557	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:53:44	php-fpm	22688	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:53:44	php-fpm	22688	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 15:54:47	rc.gateway_alarm	53929	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:0 RTT:34.745ms RTTsd:113.154ms Loss:0%)
Mar 2 15:54:47	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 15:54:47	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:54:47	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:54:47	check_reload_status	396	Reloading filter
Mar 2 15:54:47	rc.gateway_alarm	57000	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:0 RTT:52.041ms RTTsd:113.582ms Loss:0%)
Mar 2 15:54:47	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 15:54:47	check_reload_status	396	Restarting IPsec tunnels
Mar 2 15:54:47	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 15:54:47	check_reload_status	396	Reloading filter
Mar 2 15:54:48	php-fpm	17557	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:54:48	php-fpm	17557	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 15:54:48	php-fpm	74959	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 15:54:48	php-fpm	74959	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 16:15:00	php	96721	[pfBlockerNG] Starting cron process.
Mar 2 16:16:44	php	96721	[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Mar 2 16:19:49	rc.gateway_alarm	60859	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:1012.870ms RTTsd:2509.895ms Loss:0%)
Mar 2 16:19:49	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 16:19:49	check_reload_status	396	Restarting IPsec tunnels
Mar 2 16:19:49	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 16:19:49	check_reload_status	396	Reloading filter
Mar 2 16:19:49	rc.gateway_alarm	63012	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:1089.423ms RTTsd:2611.882ms Loss:0%)
Mar 2 16:19:49	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 16:19:49	check_reload_status	396	Restarting IPsec tunnels
Mar 2 16:19:49	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 16:19:49	check_reload_status	396	Reloading filter
Mar 2 16:19:50	php-fpm	74959	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 16:19:50	php-fpm	74959	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 16:19:50	php-fpm	76071	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 16:19:50	php-fpm	76071	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 16:20:05	rc.gateway_alarm	92576	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:1413.616ms RTTsd:2911.066ms Loss:22%)
Mar 2 16:20:05	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 16:20:05	check_reload_status	396	Restarting IPsec tunnels
Mar 2 16:20:05	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 16:20:05	check_reload_status	396	Reloading filter
Mar 2 16:20:06	php-fpm	74959	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 16:20:06	php-fpm	74959	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 16:20:54	rc.gateway_alarm	19106	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:0 RTT:41.868ms RTTsd:133.746ms Loss:0%)
Mar 2 16:20:54	check_reload_status	396	updating dyndns WAN_DHCP
Mar 2 16:20:54	check_reload_status	396	Restarting IPsec tunnels
Mar 2 16:20:54	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 16:20:54	check_reload_status	396	Reloading filter
Mar 2 16:20:55	php-fpm	76071	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 16:20:55	php-fpm	76071	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Mar 2 16:21:01	rc.gateway_alarm	79201	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
Mar 2 16:21:01	check_reload_status	396	updating dyndns VPN_UDP_TOS_VPNV4
Mar 2 16:21:01	check_reload_status	396	Restarting IPsec tunnels
Mar 2 16:21:01	check_reload_status	396	Restarting OpenVPN tunnels/interfaces
Mar 2 16:21:01	check_reload_status	396	Reloading filter
Mar 2 16:21:02	php-fpm	38038	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 16:21:02	php-fpm	38038	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use VPN_UDP_TOS_VPNV4.
Mar 2 16:50:57	root	55932	rc.update_bogons.sh is beginning the update cycle.
Mar 2 16:51:03	root	62791	Bogons V4 file downloaded: 14 addresses added.
Mar 2 16:51:03	root	62791	Bogons V4 file downloaded: 6 addresses deleted.
Mar 2 16:51:03	root	65183	Bogons V6 file downloaded: 45 addresses added.
Mar 2 16:51:03	root	65183	Bogons V6 file downloaded: 13 addresses deleted.
Mar 2 16:51:03	root	65617	rc.update_bogons.sh is ending the update cycle.
Mar 2 17:11:29	php-fpm	4753	/index.php: Successful login for user 'Barry_secure' from: 172.16.50.16 (Local Database)
Mar 2 17:13:15	php-fpm	74959	OpenVPN terminate old pid: 70501
Mar 2 17:13:15	kernel		ovpnc1: link state changed to DOWN
Mar 2 17:13:15	check_reload_status	396	Reloading filter
Mar 2 17:13:15	php-fpm	74959	OpenVPN PID written: 23195
Mar 2 17:13:15	check_reload_status	396	Reloading filter
Mar 2 17:13:15	kernel		ovpnc1: link state changed to UP
Mar 2 17:13:15	check_reload_status	396	rc.newwanip starting ovpnc1
Mar 2 17:13:16	php-fpm	91128	/rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
Mar 2 17:13:16	php-fpm	91128	/rc.newwanip: rc.newwanip: on (IP address: 10.8.110.23) (interface: VPN_UDP_TOS[opt28]) (real interface: ovpnc1).
Mar 2 17:13:34	php-fpm	91128	/rc.newwanip: Removing static route for monitor 8.8.8.8 and adding a new route through 99.ZZZ.ZZZ.1
Mar 2 17:13:34	php-fpm	91128	/rc.newwanip: Removing static route for monitor 8.8.4.4 and adding a new route through 10.8.110.23
Mar 2 17:13:34	php-fpm	91128	/rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. ''
Mar 2 17:13:34	php-fpm	91128	/rc.newwanip: IP Address has changed, killing states on former IP Address 10.16.110.16.
Mar 2 17:13:41	php-fpm	91128	/rc.newwanip: The command '/usr/sbin/arp -s '172.16.50.1' '00:xx:xx:xx:xx:05'' returned exit code '1', the output was 'arp: writing to routing socket: Operation not permitted'
Mar 2 17:13:42	php-fpm	91128	/rc.newwanip: Creating rrd update script
Mar 2 17:13:44	php-fpm	91128	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.16.110.16 -> 10.8.110.23 - Restarting packages.
Mar 2 17:13:44	check_reload_status	396	Starting packages
Mar 2 17:13:45	php-fpm	74959	/rc.start_packages: Restarting/Starting all packages.
Mar 2 17:13:45	php-fpm	74959	/rc.start_packages: Reloading syslog-ng for configuration sync
Mar 2 17:13:46	supervise/syslog-ng	43274	Daemon exited gracefully, not restarting; exitcode='0'
Mar 2 17:13:50	php-fpm	74959	/rc.start_packages: The command '/usr/local/etc/rc.d/syslog-ng.sh stop' returned exit code '1', the output was ''
Mar 2 17:13:52	check_reload_status	396	Reloading filter

                If you find my post useful, please give it a thumbs up!
                pfSense 2.7.2-RELEASE

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by stephenw10

                  Mmm, Ok so right at the end of that log is where you login and restart the VPN client?

                  The service watchdog doesn't run at any time because the OpenVPN client doesn't ever die. It just keeps trying to connect which is what it's supposed to do.

                  Your WAN get's marked down numerous times during the 11 hours shown in that log but you can see each time the WAN gateway comes back up and so does the VPN gateway. The pings times to the monitred IP go back down to <50ms:

                  Mar 2 16:20:54	rc.gateway_alarm	19106	>>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:0 RTT:41.868ms RTTsd:133.746ms Loss:0%)

                  Until the last time where it comes back up but it at 100% packet loss:

                  Mar 2 16:21:01	rc.gateway_alarm	79201	>>> Gateway alarm: VPN_UDP_TOS_VPNV4 (Addr:8.8.4.4 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)

                  We don't have the OpenVPN logs for that time but I imagine they have been repeating since then so it would be that 'Bad encapsulated packet length from peer' error followed by 'Connection reset, restarting [0]'.

                  Is that OpenVPN client connecting to the same remote address every time or a pool or remote addresses?

                  It's probably trying to connect to something that isn't an OpenVPN server. It's a TCP connection, what's the remote port?

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    guardian Rebel Alliance @stephenw10
                    last edited by

                    @stephenw10 said in pfSense 2.6.0 Fails to Recover after WAN Issues:

                    We don't have the OpenVPN logs for that time but I imagine they have been repeating since then so it would be that 'Bad encapsulated packet length from peer' error followed by 'Connection reset, restarting [0]'.

                    I'm getting a ton of messages like this that are filling the log. (Verbosity Level is set to 4). It turns out that this is my VPN Access server running on port 443 TCP

                    Mar 2 17:08:34	openvpn	48841	MANAGEMENT: Client disconnected
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: CMD 'quit'
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: CMD 'status 2'
Mar 2 17:08:34	openvpn	48841	MANAGEMENT: Client connected from /var/etc/openvpn/server4/sock

                    and this is my UDP access server

                    Mar 3 03:43:40	openvpn	73327	MANAGEMENT: Client disconnected
Mar 3 03:43:40	openvpn	73327	MANAGEMENT: CMD 'quit'
Mar 3 03:43:40	openvpn	73327	MANAGEMENT: CMD 'status 2'
Mar 3 03:43:40	openvpn	73327	MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock

                    Are these significant? What are they telling me? Do I need to be worried about these?
                    (They are not being used as I wasn't away and needing them).

                    I see this on the VPN Client that is the subject of this discussion. Is this an attack?

                    Mar 3 03:08:24	openvpn	23195	PID_ERR replay-window backtrack occurred [42] [SSL-0] [0__00_____0_0_0________________00000000000_000000000000000000000] 0:374099 0:374057 t=1677830904[0] r=[0,64,15,42,1] sl=[45,64,64,528]

                    There are a lot of probes on my remote access servers:

                    Mar 3 01:52:35	openvpn	48841	186.211.1.7:61008 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 3 01:52:35	openvpn	48841	186.211.1.7:61008 Connection reset, restarting [0]
Mar 3 01:52:35	openvpn	48841	186.211.1.7:61008 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 3 01:52:33	openvpn	48841	TCP connection established with [AF_INET]186.211.1.7:61008
Mar 3 01:52:33	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 01:52:33	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 3 01:52:33	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 01:52:33	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
----------
Mar 3 01:20:11	openvpn	48841	107.170.239.12:51002 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 3 01:20:11	openvpn	48841	107.170.239.12:51002 Connection reset, restarting [0]
Mar 3 01:20:11	openvpn	48841	107.170.239.12:51002 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 3 01:20:10	openvpn	48841	TCP connection established with [AF_INET]107.170.239.12:51002
Mar 3 01:20:10	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 01:20:10	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 3 01:20:10	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 01:20:10	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
----------
Mar 3 00:20:48	openvpn	48841	91.193.7.84:60742 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 3 00:20:48	openvpn	48841	91.193.7.84:60742 Connection reset, restarting [0]
Mar 3 00:20:48	openvpn	48841	91.193.7.84:60742 WARNING: Bad encapsulated packet length from peer (39642), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 3 00:20:48	openvpn	48841	TCP connection established with [AF_INET]91.193.7.84:60742
Mar 3 00:20:48	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 00:20:48	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 3 00:20:48	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 00:20:48	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
----------
Mar 2 23:52:48	openvpn	48841	193.106.29.122:61864 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 23:52:48	openvpn	48841	193.106.29.122:61864 Connection reset, restarting [0]
Mar 2 23:52:48	openvpn	48841	193.106.29.122:61864 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 23:52:46	openvpn	48841	TCP connection established with [AF_INET]193.106.29.122:61864
Mar 2 23:52:46	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:52:46	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 23:52:46	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:52:46	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
----------
Mar 2 23:47:37	openvpn	48841	198.199.95.35:47508 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 23:47:37	openvpn	48841	198.199.95.35:47508 Connection reset, restarting [0]
Mar 2 23:47:37	openvpn	48841	198.199.95.35:47508 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 23:47:37	openvpn	48841	TCP connection established with [AF_INET]198.199.95.35:47508
Mar 2 23:47:37	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:47:37	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 23:47:37	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:47:37	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 23:47:33	openvpn	48841	107.170.229.7:57352 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 23:47:33	openvpn	48841	107.170.229.7:57352 Connection reset, restarting [0]
Mar 2 23:47:33	openvpn	48841	107.170.229.7:57352 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 23:47:33	openvpn	48841	TCP connection established with [AF_INET]107.170.229.7:57352
----------
Mar 2 23:37:30	openvpn	73327	TLS Error: tls-crypt unwrapping failed from [AF_INET]205.210.31.13:56419
Mar 2 23:37:30	openvpn	73327	tls-crypt unwrap error: packet too short
----------
Mar 2 23:37:09	openvpn	48841	185.180.143.6:48848 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 23:37:09	openvpn	48841	185.180.143.6:48848 Connection reset, restarting [0]
Mar 2 23:37:09	openvpn	48841	185.180.143.6:48848 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 23:37:09	openvpn	48841	TCP connection established with [AF_INET]185.180.143.6:48848
Mar 2 23:37:09	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:37:09	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 23:37:09	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:37:09	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
----------
Mar 2 23:30:44	openvpn	48841	128.14.141.34:57556 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 23:30:44	openvpn	48841	128.14.141.34:57556 Connection reset, restarting [0]
Mar 2 23:30:44	openvpn	48841	128.14.141.34:57556 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 23:30:44	openvpn	48841	TCP connection established with [AF_INET]128.14.141.34:57556
Mar 2 23:30:44	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:30:44	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 23:30:44	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:30:44	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
----------
Mar 2 23:09:07	openvpn	48841	5.188.210.227:39461 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mar 2 23:09:07	openvpn	48841	5.188.210.227:39461 Connection reset, restarting [0]
Mar 2 23:09:07	openvpn	48841	5.188.210.227:39461 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mar 2 23:09:03	openvpn	48841	TCP connection established with [AF_INET]5.188.210.227:39461
Mar 2 23:09:03	openvpn	48841	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:09:03	openvpn	48841	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 2 23:09:03	openvpn	48841	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 2 23:09:03	openvpn	48841	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

                    I have a remote access server on port 443, and it looks like it is taking a bit of fire. Anything special I should be doing to protect it? (Currently protected by a TLS key + strong cert + password) Unless there is a CVE on OpenVPN I would assume that I should be OK (DDoS is the worst case) I shouldn't really be a target, so I suspect that these are just automated attacks.

                    Is that OpenVPN client connecting to the same remote address every time or a pool or remote addresses?

                    It's probably trying to connect to something that isn't an OpenVPN server. It's a TCP connection, what's the remote port?

                    I didn't realize, but it turns out they are one of my remote access servers. It doesn't relate to the incident, but I'm sure it has happened many times:

                    Mar 3 03:57:16	openvpn	90372	MANAGEMENT: Client disconnected
Mar 3 03:57:16	openvpn	90372	MANAGEMENT: CMD 'quit'
Mar 3 03:57:16	openvpn	90372	MANAGEMENT: CMD 'status 2'
Mar 3 03:57:16	openvpn	90372	MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock
Mar 3 03:56:40	openvpn	90372	Initialization Sequence Completed
Mar 3 03:56:40	openvpn	90372	IFCONFIG POOL IPv4: base=172.16.71.2 size=252
Mar 3 03:56:40	openvpn	90372	MULTI: multi_init called, r=256 v=256
Mar 3 03:56:40	openvpn	90372	UDPv4 link remote: [AF_UNSPEC]
Mar 3 03:56:40	openvpn	90372	UDPv4 link local (bound): [AF_INET]99.ZZZ.ZZZ.182:1194
Mar 3 03:56:40	openvpn	90372	Socket Buffers: R=[42080->42080] S=[57344->57344]
Mar 3 03:56:40	openvpn	90372	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Mar 3 03:56:40	openvpn	90372	/usr/local/sbin/ovpn-linkup ovpns3 1500 1622 172.16.71.1 255.255.255.0 init
Mar 3 03:56:40	openvpn	90372	/sbin/route add -net 172.16.71.0 172.16.71.2 255.255.255.0
Mar 3 03:56:40	openvpn	90372	/sbin/ifconfig ovpns3 172.16.71.1 172.16.71.2 mtu 1500 netmask 255.255.255.0 up
Mar 3 03:56:40	openvpn	90372	do_ifconfig, ipv4=1, ipv6=0
Mar 3 03:56:40	openvpn	90372	TUN/TAP device /dev/tun3 opened
Mar 3 03:56:40	openvpn	90372	TUN/TAP device ovpns3 exists previously, keep at program end
Mar 3 03:56:40	openvpn	90372	TLS-Auth MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Mar 3 03:56:40	openvpn	90372	Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 03:56:40	openvpn	90372	Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 3 03:56:40	openvpn	90372	Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 3 03:56:40	openvpn	90372	Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 3 03:56:40	openvpn	90372	WARNING: experimental option --capath /var/etc/openvpn/server3/ca
Mar 3 03:56:40	openvpn	90372	Diffie-Hellman initialized with 2048 bit key
Mar 3 03:56:40	openvpn	90372	PLUGIN_INIT: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so '[/usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so] [/usr/local/sbin/ovpn_auth_verify_async] [user] [TG9jYWwgRGF0YWJhc2U=] [true] [server3] [1194]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mar 3 03:56:40	openvpn	90372	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 3 03:56:40	openvpn	90372	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server3/sock
Mar 3 03:56:40	openvpn	90032	library versions: OpenSSL 1.1.1l-freebsd 24 Aug 2021, LZO 2.10
Mar 3 03:56:40	openvpn	90032	OpenVPN 2.5.4 amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 12 2022
Mar 3 03:56:40	openvpn	90032	auth_user_pass_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	pull = DISABLED
Mar 3 03:56:40	openvpn	90032	client = DISABLED
Mar 3 03:56:40	openvpn	90032	vlan_pvid = 1
Mar 3 03:56:40	openvpn	90032	vlan_accept = all
Mar 3 03:56:40	openvpn	90032	vlan_tagging = DISABLED
Mar 3 03:56:40	openvpn	90032	port_share_port = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	port_share_host = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	auth_token_secret_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	auth_token_lifetime = 0
Mar 3 03:56:40	openvpn	90032	auth_token_generate = DISABLED
Mar 3 03:56:40	openvpn	90032	auth_user_pass_verify_script_via_file = DISABLED
Mar 3 03:56:40	openvpn	90032	auth_user_pass_verify_script = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	max_routes_per_client = 256
Mar 3 03:56:40	openvpn	90032	max_clients = 4
Mar 3 03:56:40	openvpn	90032	cf_per = 0
Mar 3 03:56:40	openvpn	90032	cf_max = 0
Mar 3 03:56:40	openvpn	90032	duplicate_cn = DISABLED
Mar 3 03:56:40	openvpn	90032	enable_c2c = ENABLED
Mar 3 03:56:40	openvpn	90032	push_ifconfig_ipv6_remote = ::
Mar 3 03:56:40	openvpn	90032	push_ifconfig_ipv6_local = ::/0
Mar 3 03:56:40	openvpn	90032	push_ifconfig_ipv6_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	push_ifconfig_remote_netmask = 0.0.0.0
Mar 3 03:56:40	openvpn	90032	push_ifconfig_local = 0.0.0.0
Mar 3 03:56:40	openvpn	90032	push_ifconfig_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	tmp_dir = '/tmp'
Mar 3 03:56:40	openvpn	90032	ccd_exclusive = DISABLED
Mar 3 03:56:40	openvpn	90032	client_config_dir = '/var/etc/openvpn/server3/csc'
Mar 3 03:56:40	openvpn	90032	client_disconnect_script = '/usr/local/sbin/openvpn.attributes.sh'
Mar 3 03:56:40	openvpn	90032	learn_address_script = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	client_connect_script = '/usr/local/sbin/openvpn.attributes.sh'
Mar 3 03:56:40	openvpn	90032	virtual_hash_size = 256
Mar 3 03:56:40	openvpn	90032	real_hash_size = 256
Mar 3 03:56:40	openvpn	90032	tcp_queue_limit = 64
Mar 3 03:56:40	openvpn	90032	n_bcast_buf = 256
Mar 3 03:56:40	openvpn	90032	ifconfig_ipv6_pool_netbits = 0
Mar 3 03:56:40	openvpn	90032	ifconfig_ipv6_pool_base = ::
Mar 3 03:56:40	openvpn	90032	ifconfig_ipv6_pool_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	ifconfig_pool_persist_refresh_freq = 600
Mar 3 03:56:40	openvpn	90032	ifconfig_pool_persist_filename = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	ifconfig_pool_netmask = 255.255.255.0
Mar 3 03:56:40	openvpn	90032	ifconfig_pool_end = 172.16.71.253
Mar 3 03:56:40	openvpn	90032	ifconfig_pool_start = 172.16.71.2
Mar 3 03:56:40	openvpn	90032	ifconfig_pool_defined = ENABLED
Mar 3 03:56:40	openvpn	90032	push_entry = 'ping-restart 60'
Mar 3 03:56:40	openvpn	90032	push_entry = 'ping 10'
Mar 3 03:56:40	openvpn	90032	push_entry = 'topology subnet'
Mar 3 03:56:40	openvpn	90032	push_entry = 'route-gateway 172.16.71.1'
Mar 3 03:56:40	openvpn	90032	push_entry = 'redirect-gateway def1'
Mar 3 03:56:40	openvpn	90032	push_entry = 'dhcp-option NTP 172.16.71.1'
Mar 3 03:56:40	openvpn	90032	push_entry = 'dhcp-option DNS 172.16.71.1'
Mar 3 03:56:40	openvpn	90032	server_bridge_pool_end = 0.0.0.0
Mar 3 03:56:40	openvpn	90032	server_bridge_pool_start = 0.0.0.0
Mar 3 03:56:40	openvpn	90032	server_bridge_netmask = 0.0.0.0
Mar 3 03:56:40	openvpn	90032	server_bridge_ip = 0.0.0.0
Mar 3 03:56:40	openvpn	90032	server_netbits_ipv6 = 0
Mar 3 03:56:40	openvpn	90032	server_network_ipv6 = ::
Mar 3 03:56:40	openvpn	90032	server_netmask = 255.255.255.0
Mar 3 03:56:40	openvpn	90032	server_network = 172.16.71.0
Mar 3 03:56:40	openvpn	90032	tls_crypt_v2_metadata = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	tls_exit = DISABLED
Mar 3 03:56:40	openvpn	90032	push_peer_info = DISABLED
Mar 3 03:56:40	openvpn	90032	single_session = DISABLED
Mar 3 03:56:40	openvpn	90032	transition_window = 3600
Mar 3 03:56:40	openvpn	90032	handshake_window = 60
Mar 3 03:56:40	openvpn	90032	renegotiate_seconds = 0
Mar 3 03:56:40	openvpn	90032	renegotiate_packets = 0
Mar 3 03:56:40	openvpn	90032	renegotiate_bytes = -1
Mar 3 03:56:40	openvpn	90032	tls_timeout = 2
Mar 3 03:56:40	openvpn	90032	ssl_flags = 4
Mar 3 03:56:40	openvpn	90032	remote_cert_eku = 'TLS Web Client Authentication'
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 0
Mar 3 03:56:40	openvpn	90032	remote_cert_ku[i] = 224
Mar 3 03:56:40	openvpn	90032	ns_cert_type = 0
Mar 3 03:56:40	openvpn	90032	crl_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	verify_x509_name = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	verify_x509_type = 0
Mar 3 03:56:40	openvpn	90032	tls_export_cert = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	tls_verify = '/usr/local/sbin/ovpn_auth_verify tls 'REMOTEACCESS1' 2'
Mar 3 03:56:40	openvpn	90032	tls_cert_profile = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	cipher_list_tls13 = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	cipher_list = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	pkcs12_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	priv_key_file = '/var/etc/openvpn/server3/key'
Mar 3 03:56:40	openvpn	90032	extra_certs_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	cert_file = '/var/etc/openvpn/server3/cert'
Mar 3 03:56:40	openvpn	90032	dh_file = '/etc/dh-parameters.2048'
Mar 3 03:56:40	openvpn	90032	ca_path = '/var/etc/openvpn/server3/ca'
Mar 3 03:56:40	openvpn	90032	ca_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	tls_client = DISABLED
Mar 3 03:56:40	openvpn	90032	tls_server = ENABLED
Mar 3 03:56:40	openvpn	90032	test_crypto = DISABLED
Mar 3 03:56:40	openvpn	90032	packet_id_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	replay_time = 15
Mar 3 03:56:40	openvpn	90032	replay_window = 64
Mar 3 03:56:40	openvpn	90032	mute_replay_warnings = DISABLED
Mar 3 03:56:40	openvpn	90032	replay = ENABLED
Mar 3 03:56:40	openvpn	90032	engine = DISABLED
Mar 3 03:56:40	openvpn	90032	keysize = 0
Mar 3 03:56:40	openvpn	90032	prng_nonce_secret_len = 16
Mar 3 03:56:40	openvpn	90032	prng_hash = 'SHA1'
Mar 3 03:56:40	openvpn	90032	authname = 'SHA512'
Mar 3 03:56:40	openvpn	90032	ncp_ciphers = 'AES-256-GCM'
Mar 3 03:56:40	openvpn	90032	ncp_enabled = ENABLED
Mar 3 03:56:40	openvpn	90032	ciphername = 'AES-256-GCM'
Mar 3 03:56:40	openvpn	90032	key_direction = not set
Mar 3 03:56:40	openvpn	90032	shared_secret_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	plugin[0] /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so '[/usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so] [/usr/local/sbin/ovpn_auth_verify_async] [user] [TG9jYWwgRGF0YWJhc2U=] [true] [server3] [1194]'
Mar 3 03:56:40	openvpn	90032	management_flags = 256
Mar 3 03:56:40	openvpn	90032	management_client_group = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	management_client_user = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	management_write_peer_info_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	management_echo_buffer_size = 100
Mar 3 03:56:40	openvpn	90032	management_log_history_cache = 250
Mar 3 03:56:40	openvpn	90032	management_user_pass = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	management_port = 'unix'
Mar 3 03:56:40	openvpn	90032	management_addr = '/var/etc/openvpn/server3/sock'
Mar 3 03:56:40	openvpn	90032	allow_pull_fqdn = DISABLED
Mar 3 03:56:40	openvpn	90032	route_gateway_via_dhcp = DISABLED
Mar 3 03:56:40	openvpn	90032	route_nopull = DISABLED
Mar 3 03:56:40	openvpn	90032	route_delay_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	route_delay_window = 30
Mar 3 03:56:40	openvpn	90032	route_delay = 0
Mar 3 03:56:40	openvpn	90032	route_noexec = DISABLED
Mar 3 03:56:40	openvpn	90032	route_default_metric = 0
Mar 3 03:56:40	openvpn	90032	route_default_gateway = '172.16.71.2'
Mar 3 03:56:40	openvpn	90032	route_script = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	comp.flags = 1
Mar 3 03:56:40	openvpn	90032	comp.alg = 2
Mar 3 03:56:40	openvpn	90032	fast_io = DISABLED
Mar 3 03:56:40	openvpn	90032	sockflags = 0
Mar 3 03:56:40	openvpn	90032	sndbuf = 0
Mar 3 03:56:40	openvpn	90032	rcvbuf = 0
Mar 3 03:56:40	openvpn	90032	occ = ENABLED
Mar 3 03:56:40	openvpn	90032	status_file_update_freq = 60
Mar 3 03:56:40	openvpn	90032	status_file_version = 1
Mar 3 03:56:40	openvpn	90032	status_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	gremlin = 0
Mar 3 03:56:40	openvpn	90032	mute = 0
Mar 3 03:56:40	openvpn	90032	verbosity = 4
Mar 3 03:56:40	openvpn	90032	nice = 0
Mar 3 03:56:40	openvpn	90032	machine_readable_output = DISABLED
Mar 3 03:56:40	openvpn	90032	suppress_timestamps = DISABLED
Mar 3 03:56:40	openvpn	90032	log = DISABLED
Mar 3 03:56:40	openvpn	90032	inetd = 0
Mar 3 03:56:40	openvpn	90032	daemon = ENABLED
Mar 3 03:56:40	openvpn	90032	up_delay = DISABLED
Mar 3 03:56:40	openvpn	90032	up_restart = DISABLED
Mar 3 03:56:40	openvpn	90032	down_pre = DISABLED
Mar 3 03:56:40	openvpn	90032	down_script = '/usr/local/sbin/ovpn-linkdown'
Mar 3 03:56:40	openvpn	90032	up_script = '/usr/local/sbin/ovpn-linkup'
Mar 3 03:56:40	openvpn	90032	writepid = '/var/run/openvpn_server3.pid'
Mar 3 03:56:40	openvpn	90032	cd_dir = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	chroot_dir = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	groupname = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	username = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	resolve_in_advance = DISABLED
Mar 3 03:56:40	openvpn	90032	resolve_retry_seconds = 1000000000
Mar 3 03:56:40	openvpn	90032	passtos = DISABLED
Mar 3 03:56:40	openvpn	90032	persist_key = ENABLED
Mar 3 03:56:40	openvpn	90032	persist_remote_ip = ENABLED
Mar 3 03:56:40	openvpn	90032	persist_local_ip = DISABLED
Mar 3 03:56:40	openvpn	90032	persist_tun = ENABLED
Mar 3 03:56:40	openvpn	90032	remap_sigusr1 = 0
Mar 3 03:56:40	openvpn	90032	ping_timer_remote = ENABLED
Mar 3 03:56:40	openvpn	90032	ping_rec_timeout_action = 2
Mar 3 03:56:40	openvpn	90032	ping_rec_timeout = 120
Mar 3 03:56:40	openvpn	90032	ping_send_timeout = 10
Mar 3 03:56:40	openvpn	90032	inactivity_timeout = 0
Mar 3 03:56:40	openvpn	90032	keepalive_timeout = 60
Mar 3 03:56:40	openvpn	90032	keepalive_ping = 10
Mar 3 03:56:40	openvpn	90032	mlock = DISABLED
Mar 3 03:56:40	openvpn	90032	mtu_test = 0
Mar 3 03:56:40	openvpn	90032	shaper = 0
Mar 3 03:56:40	openvpn	90032	ifconfig_ipv6_remote = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	ifconfig_ipv6_netbits = 0
Mar 3 03:56:40	openvpn	90032	ifconfig_ipv6_local = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	ifconfig_nowarn = DISABLED
Mar 3 03:56:40	openvpn	90032	ifconfig_noexec = DISABLED
Mar 3 03:56:40	openvpn	90032	ifconfig_remote_netmask = '255.255.255.0'
Mar 3 03:56:40	openvpn	90032	ifconfig_local = '172.16.71.1'
Mar 3 03:56:40	openvpn	90032	topology = 3
Mar 3 03:56:40	openvpn	90032	lladdr = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	dev_node = '/dev/tun3'
Mar 3 03:56:40	openvpn	90032	dev_type = 'tun'
Mar 3 03:56:40	openvpn	90032	dev = 'ovpns3'
Mar 3 03:56:40	openvpn	90032	ipchange = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	remote_random = DISABLED
Mar 3 03:56:40	openvpn	90032	Connection profiles END
Mar 3 03:56:40	openvpn	90032	tls_crypt_v2_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	tls_crypt_file = '[INLINE]'
Mar 3 03:56:40	openvpn	90032	key_direction = not set
Mar 3 03:56:40	openvpn	90032	tls_auth_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	explicit_exit_notification = 0
Mar 3 03:56:40	openvpn	90032	mssfix = 1450
Mar 3 03:56:40	openvpn	90032	fragment = 0
Mar 3 03:56:40	openvpn	90032	mtu_discover_type = -1
Mar 3 03:56:40	openvpn	90032	tun_mtu_extra_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	tun_mtu_extra = 0
Mar 3 03:56:40	openvpn	90032	link_mtu_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	link_mtu = 1500
Mar 3 03:56:40	openvpn	90032	tun_mtu_defined = ENABLED
Mar 3 03:56:40	openvpn	90032	tun_mtu = 1500
Mar 3 03:56:40	openvpn	90032	socks_proxy_port = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	socks_proxy_server = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	connect_timeout = 120
Mar 3 03:56:40	openvpn	90032	connect_retry_seconds = 5
Mar 3 03:56:40	openvpn	90032	bind_ipv6_only = DISABLED
Mar 3 03:56:40	openvpn	90032	bind_local = ENABLED
Mar 3 03:56:40	openvpn	90032	bind_defined = DISABLED
Mar 3 03:56:40	openvpn	90032	remote_float = ENABLED
Mar 3 03:56:40	openvpn	90032	remote_port = '1194'
Mar 3 03:56:40	openvpn	90032	remote = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	local_port = '1194'
Mar 3 03:56:40	openvpn	90032	local = '99.ZZZ.ZZZ.182'
Mar 3 03:56:40	openvpn	90032	proto = udp4
Mar 3 03:56:40	openvpn	90032	Connection profiles [0]:
Mar 3 03:56:40	openvpn	90032	connect_retry_max = 0
Mar 3 03:56:40	openvpn	90032	show_tls_ciphers = DISABLED
Mar 3 03:56:40	openvpn	90032	key_pass_file = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	genkey_filename = '[UNDEF]'
Mar 3 03:56:40	openvpn	90032	genkey = DISABLED
Mar 3 03:56:40	openvpn	90032	show_engines = DISABLED
Mar 3 03:56:40	openvpn	90032	show_digests = DISABLED
Mar 3 03:56:40	openvpn	90032	show_ciphers = DISABLED
Mar 3 03:56:40	openvpn	90032	mode = 1
Mar 3 03:56:40	openvpn	90032	config = '/var/etc/openvpn/server3/config.ovpn'
Mar 3 03:56:40	openvpn	90032	Current Parameter Settings:
Mar 3 03:56:40	openvpn	90032	WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mar 3 03:56:40	openvpn	73327	SIGTERM[hard,] received, process exiting
Mar 3 03:56:40	openvpn	73327	PLUGIN_CLOSE: /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so
Mar 3 03:56:40	openvpn	73327	/usr/local/sbin/ovpn-linkdown ovpns3 1500 1622 172.16.71.1 255.255.255.0 init
Mar 3 03:56:40	openvpn	73327	Closing TUN/TAP interface
Mar 3 03:56:40	openvpn	73327	event_wait : Interrupted system call (code=4)

                    Unless the remote server issues are causing the VPN client to crash these are a red herring.

                    Any thoughts?

                    If you find my post useful, please give it a thumbs up!
                    pfSense 2.7.2-RELEASE

                    1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @guardian
                      last edited by

                      @guardian said in pfSense 2.6.0 Fails to Recover after WAN Issues:

                      BTW what speed service/modem do you have. I have GB/Hitron CPDA-4582U.

                      I have a Technicolor CGM4140COM in bridge mode. I pay for 500/30, but get over 900 Mb down and 32 up.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Yeah having servers and clients makes things confusing. A server running on TCP port 443 is going to see those packet size errors because https connection attempts if it's open to any external IP.

                        We probably need to see the OpenVPN logs from the client then. Ideally at the point it tries to connect but fails to pass traffic.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.