Dynamic IP and reconnection problem



  • I thought I got this figured when everything was working yesterday until today morning when I had an exact problem as described here:

    http://forum.pfsense.org/index.php?topic=5340.0

    I got both the Server & the client site on dynamic IP, the server side has an asterisk box behind pfsense. Whenever the client switches off for the night it refuses to reconnect in the morning and gives the below msg on the server:

    openvpn[75489]: TCP NOTE: Rejected connection attempt from x.x.x.x:65281 due to –remote setting

    the client side shows:

    Mar 23 12:16:39 openvpn[9858]: SIGUSR1[soft,connection-reset] received, process restarting
    Mar 23 12:16:44 openvpn[9858]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Mar 23 12:16:44 openvpn[9858]: Re-using pre-shared static key
    Mar 23 12:16:44 openvpn[9858]: Preserving previous TUN/TAP instance: ovpnc1
    Mar 23 12:16:44 openvpn[9858]: Attempting to establish TCP connection with [AF_INET]x.x.x.x:1194 [nonblock]
    Mar 23 12:16:45 openvpn[9858]: TCP connection established with [AF_INET]x.x.x.x:1194
    Mar 23 12:16:45 openvpn[9858]: TCPv4_CLIENT link local (bound): [AF_INET]y.y.y.y
    Mar 23 12:16:45 openvpn[9858]: TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:1194
    Mar 23 12:16:45 openvpn[9858]: Connection reset, restarting [0]

    I can see that my issue is with "persist-remote-ip" on the server side config, but since I'm running pfsense 2.0 RC1, I cannot find any "dynamic-ip" checkbox on the vpn webconfigurator to get rid of the same. Any help in this regard is highly appreciated.

    Another issue I face is, one way voice communication, the remote voip clients can listen to the server side, but the server side hears nothing. Restarting the asterisk box solves the issue, so I'm guessing this is something to do with asterisk & not pfsense. I'll probably move this issue to asterisk forum after I'm sure its nothing to do with pfsense.

    This is my Server side /var/etc/openvpn/server1.conf

    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-server
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 117.194.x.x
    ifconfig 192.168.10.1 192.168.10.2
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 25
    push "route 192.168.1.0 255.255.255.0"
    route 192.168.0.0 255.255.255.0
    secret /var/etc/openvpn/server1.secret
    persist-remote-ip
    float

    and client side /var/etc/openvpn/client1.conf:

    dev ovpnc1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-client
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 59.93.y.y
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote host.dyndns.com 1194
    ifconfig 192.168.10.2 192.168.10.1
    route 192.168.1.0 255.255.255.0
    secret /var/etc/openvpn/client1.secret
    resolv-retry infinite



  • Here is the update, I switched from shared key to SSL and TCP to UDP, now it seems to be working. Will monitor this line for couple of days to see if I've further problems.


Locked