• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN connection on unmapped port, UNDEF user, persistent respawning?

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 8.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Porter
    last edited by Sep 19, 2011, 9:01 PM

    I'm having a very odd issue with OpenVPN, I have an OpenVPN server instance set up on pfSense for some external contractors to get through to an internal dev server here, using a combination of SSL/TLS and User auth.  I have a rule set up to pass traffic specifically to and from the box they need to access.  Normally I see them when connected, the dashboard shows their user account and the connection on the correct OpenVPN port.  This has been working fine for ~2 months.

    Now, suddenly today I have a persistent connection on that OpenVPN server instance, on a very high port (in the 15000 range) connecting as user "UNDEF" which I suppose means undefined.  Now, I've tested this thing myself and it doesn't allow connection without the user auth even if the keys are there.  So, I killed the client connection… and it immediately respawned.  I killed it again, it respawned again.  So of course I stopped the OpenVPN service.

    What gives?  Has anyone else had this or similar issue with OpenVPN on pfSense 2.0?

    1 Reply Last reply Reply Quote 0
    • P
      Porter
      last edited by Sep 20, 2011, 2:01 PM

      Well, it turns out it was a valid connection from one of the external contractors, but the OpenVPN dashboard wasn't reporting it as his account, and it wasn't on the port that's assigned for OpenVPN.

      Is the OpenVPN daemon able to autonegotiate reconnect to a client using a non-assigned port?  If so, why?

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Sep 26, 2011, 2:41 PM

        If it tries to connect to that port, then that port is in the client config.

        If it shows "undef" generally that means it's connected but not fully authenticated. (e.g. sitting there waiting on a username/password prompt.)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          Porter
          last edited by Sep 26, 2011, 2:56 PM

          @jimp:

          If it tries to connect to that port, then that port is in the client config.

          If it shows "undef" generally that means it's connected but not fully authenticated. (e.g. sitting there waiting on a username/password prompt.)

          Gotcha. That makes more sense, though it's not completely clear why it does this on a high random port rather than the designated connection port.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Sep 26, 2011, 3:21 PM

            You may be seeing the clients randomized source port, not the server's listening port.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received