Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN disconnections

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rdr
      last edited by

      Hi,

      I'm running pfSense 2.0.1 i386, and several site-to-site OpenVPN tunnels are configured : pfSense "A" is client and pfSenses "B", "C" and "D" are servers.

      OpenVPN is configured the following way :

      • Server Mode : Peer to Peer (shared key)
      • Protocol : UDP
      • Device mode : tun

      I'm experiencing disconnections with all OpenVPN tunnels, and there is no pattern with date and time.

      system.log on the client pfSense indicates :

      
Mar 23 09:20:00 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:00 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:10 goldorak check_reload_status: Reloading filter
Mar 23 09:20:10 goldorak check_reload_status: Reloading filter
Mar 23 09:20:18 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:18 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:28 goldorak check_reload_status: Reloading filter
Mar 23 09:20:28 goldorak check_reload_status: Reloading filter
Mar 23 09:20:32 goldorak php: : Sending HUP signal to 47122
Mar 23 09:20:32 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:20:32 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:00 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:00 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:00 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:13 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:13 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:13 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:28 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:28 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:28 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:26:01 goldorak apinger: ALARM: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: ALARM: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: alarm canceled: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: alarm canceled: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:11 goldorak check_reload_status: Reloading filter
Mar 23 09:26:11 goldorak check_reload_status: Reloading filter
Mar 23 09:26:42 goldorak php: : Sending HUP signal to 47122
Mar 23 09:26:42 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:26:42 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:26:57 goldorak php: : Sending HUP signal to 47122
Mar 23 09:26:57 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:26:57 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:39:07 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 09:59:07 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 09:59:07 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:03:56 goldorak apinger: ALARM: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:03:56 goldorak apinger: ALARM: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:01 goldorak apinger: alarm canceled: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:01 goldorak apinger: alarm canceled: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:06 goldorak check_reload_status: Reloading filter
Mar 23 10:04:06 goldorak check_reload_status: Reloading filter
Mar 23 10:04:38 goldorak php: : Sending HUP signal to 47122
Mar 23 10:04:38 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:04:38 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:04:52 goldorak php: : Sending HUP signal to 47122
Mar 23 10:04:52 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:04:53 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:19:06 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 10:19:06 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:32:33 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:32:40 goldorak kernel: ovpnc2: promiscuous mode disabled
Mar 23 10:33:11 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:33:11 goldorak kernel: ovpnc2: promiscuous mode disabled
Mar 23 10:33:20 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:39:03 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 10:39:03 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:39:22 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:22 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:32 goldorak check_reload_status: Reloading filter
Mar 23 10:39:32 goldorak check_reload_status: Reloading filter
Mar 23 10:39:35 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:35 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:45 goldorak check_reload_status: Reloading filter
Mar 23 10:39:45 goldorak check_reload_status: Reloading filter
Mar 23 10:40:33 goldorak php: : Sending HUP signal to 47122
Mar 23 10:40:33 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:40:33 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:41:00 goldorak php: : Sending HUP signal to 47122
Mar 23 10:41:00 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:41:00 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:41:25 goldorak php: : Sending HUP signal to 47122
Mar 23 10:41:25 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:41:25 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:42:13 goldorak php: : Sending HUP signal to 47122
Mar 23 10:42:13 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:42:13 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)

      Whereas system.log on pfSense OpenVPN servers doesn't indicate any problem with VPN.

      I captured traffic on the WAN and ovpncX / ovpnsX interfaces during the disconnections :

      • On the WAN interfaces everything is fine. Apinger doesn't raise any alarm (WAN gateways are monitored) and I can see bidirectionnal OpenVPN UDP traffic during the OpenVPN disconnection on both WAN interfaces.
      • On the ovpnsX servers' interfaces, I can see tunneled traffic arriving from ovpncX, and traffic being sent to  OpenVPN client's ovpncX interfaces.
      • On the ovpncX client's interfaces, I can see that tunneled traffic is sent to ovpnsX, but no traffic is arriving from ovpnsX.

      Any ideas of possible reasons for this ?

      Regards,

      Romain

      1 Reply Last reply Reply Quote 0
      • R
        rdr
        last edited by

        This issue is solved.

        My ISP at this time claimed the problem wasn't on his side.
        Since I wasn't able to find a solution, I changed the ISP.

        Now, I don't experience these disconnections anymore :-)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.