Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird vpn problem, connection restarts with long delay.

    Scheduled Pinned Locked Moved
    OpenVPN
    1
    1
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pingulino
      last edited by

      Running pfSense 2.0 on a Dell server, using OpenVPN Roadwarrior.
      In short: Some - but only some! - vpn clients restarts every 2 minutes after "inactivity timeout". Seems to be some issue with the p12-file (!).

      I have created 5 user-connections, Client config exported via Client Export -> Configuration archive.
      The .ovpn and .key files are identical for all users, .p12 is password protected.
      Problem:

      • Some Windows-users have problem with the tunnel being restarted every 2 minutes.
        Due to the OpenVPN log reconnection is done in a few seconds, however for the client the vpn-connection stalls for about half a minute each time.
      • On my Debian connection is not restarted.
      • On my Win7 connection is restarted with delay.
        Fix one: The .conf file created has unix-style LF/CR!
        So in Windows the config is all in one single line, with no space before new line.
        Example: dev tunpersist-tunpersist-keyproto udp …etc
        I fixed this with notepad, and my problems are gone.
        However, for my colleague this doesn't change anything.
        But when he uses my .p12 then the problems are gone, when I use his .p12 I get the restart problem (both Win & Debian)
        So it has to be related to the .p12, how is that possible?

      Summary:
      2 WinXP both has problem.
      Out of 5 users on Win7 Pro 3 have the delay problem 2 has no problems.
      Adding "ping-restart 0" doesn't help.

      Details:
      Setup       Firewall & vpn server:

      • One pfsense box in serverhall with one public & one private ip.
      • OpenVPN as Roadwarrior server, Remote Access SSL/TLS.
      • Certificate created, TLS Auth uses Enable authentication of TLS packets.
      • Client config exported via Client Export -> Configuration archive

      Workstations:

      • 4 Office workstations running Win 7.
      • I run Debian Lenny in VirtualBox on one of these workstations as my main OS.
      • A bunch of home 'puters & laptops running Win 7 or Win XP.

      Log:

      Thu Dec  1 15:44:28 2011 Initialization Sequence Completed
Thu Dec  1 15:46:17 2011 [Roadwarrior_cert] Inactivity timeout (--ping-restart), restarting
Thu Dec  1 15:46:17 2011 SIGUSR1[soft,ping-restart] received, process restarting

      .ovpn:

      dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote #.#.#.# 1194
tls-remote Roadwarrior cert
pkcs12 mail-udp-1194.p12
tls-auth mail-udp-1194-tls.key 1
      1 Reply Last reply Reply Quote 0
      • First post
        Last post