Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Connect Connection Issues

    OpenVPN
    1
    1
    429
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      airmikec
      last edited by

      We are currently using OpenVPN on PF Sense. OpenVPN is using LDAP Authentication, but the LDAP is using DUO to verify authentication for 2FA.

      The 2 issues we are having is :

      1. If you reach a timeout state “inactive 300 3000000”, basically need to pass 3MB every 5 minutes. You walk away from your computer for 10 minutes, it will disconnect you. But it will automatically reconnect you and it will try and reconnect many times and it will lock the Duo account. I have to sign on to the Duo MFA website 20 times a day to activate people.

      All we wanted the Open VPN Connect to do, is not reconnect if they were disconnected. Make it a manual reconnection.

      However, we found some client configuration commands that we used on the older OpenVPN Client that does what we want it to do, but if we use those same command on the Open VPN Connect client then it doesn’t work and forces a reconnect occur. This tells me there are some differences between OpenVPN and OpenVPN Access Server.

      Client Configuration Commands that do what we want on OpenVPN Client but not on OpenVPN Connect

      dev tun
      persist-tun
      persist-key
      data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      data-ciphers-fallback AES-256-CBC
      auth SHA256
      tls-client
      client
      resolv-retry infinite
      remote 20.141.103.111 1194 udp4
      nobind
      auth-user-pass
      ca pfSense-UDP4-1194-ca.crt
      tls-auth pfSense-UDP4-1194-tls.key 1
      remote-cert-tls server
      explicit-exit-notify
      reneg-sec 0
      auth-retry none
      auth-nocache
      connect-retry-max 0
      inactive 300 3000000

      Does anyone know how to get this functionality to work on OpenVPN Connect?

      1. The 2nd bug I am trying to fix, and in fact about to do a test on, is that every hour after connection it will drop the connection to reauthenticate or something like that. I am not exactly sure what Duo and pfSense (Netgate) are saying about what is happening, but I am assuming its re-authorizing. I found the following command : “reneg-sec 0”. Apparently this is suppose to help resolve that issue, and apparently I need to have that command on the server, I did test this on the older OpenVPN client, but yet to try it on OpenVPN Connect. Does this work on OpenVPN client as well?
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.