Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN disconnections

    OpenVPN
    1
    2
    1838
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rdr last edited by

      Hi,

      I'm running pfSense 2.0.1 i386, and several site-to-site OpenVPN tunnels are configured : pfSense "A" is client and pfSenses "B", "C" and "D" are servers.

      OpenVPN is configured the following way :

      • Server Mode : Peer to Peer (shared key)
      • Protocol : UDP
      • Device mode : tun

      I'm experiencing disconnections with all OpenVPN tunnels, and there is no pattern with date and time.

      system.log on the client pfSense indicates :

      
Mar 23 09:20:00 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:00 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:10 goldorak check_reload_status: Reloading filter
Mar 23 09:20:10 goldorak check_reload_status: Reloading filter
Mar 23 09:20:18 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:18 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:28 goldorak check_reload_status: Reloading filter
Mar 23 09:20:28 goldorak check_reload_status: Reloading filter
Mar 23 09:20:32 goldorak php: : Sending HUP signal to 47122
Mar 23 09:20:32 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:20:32 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:00 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:00 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:00 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:13 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:13 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:13 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:28 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:28 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:28 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:26:01 goldorak apinger: ALARM: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: ALARM: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: alarm canceled: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: alarm canceled: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:11 goldorak check_reload_status: Reloading filter
Mar 23 09:26:11 goldorak check_reload_status: Reloading filter
Mar 23 09:26:42 goldorak php: : Sending HUP signal to 47122
Mar 23 09:26:42 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:26:42 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:26:57 goldorak php: : Sending HUP signal to 47122
Mar 23 09:26:57 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:26:57 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:39:07 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 09:59:07 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 09:59:07 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:03:56 goldorak apinger: ALARM: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:03:56 goldorak apinger: ALARM: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:01 goldorak apinger: alarm canceled: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:01 goldorak apinger: alarm canceled: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:06 goldorak check_reload_status: Reloading filter
Mar 23 10:04:06 goldorak check_reload_status: Reloading filter
Mar 23 10:04:38 goldorak php: : Sending HUP signal to 47122
Mar 23 10:04:38 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:04:38 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:04:52 goldorak php: : Sending HUP signal to 47122
Mar 23 10:04:52 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:04:53 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:19:06 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 10:19:06 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:32:33 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:32:40 goldorak kernel: ovpnc2: promiscuous mode disabled
Mar 23 10:33:11 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:33:11 goldorak kernel: ovpnc2: promiscuous mode disabled
Mar 23 10:33:20 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:39:03 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 10:39:03 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:39:22 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:22 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:32 goldorak check_reload_status: Reloading filter
Mar 23 10:39:32 goldorak check_reload_status: Reloading filter
Mar 23 10:39:35 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:35 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:45 goldorak check_reload_status: Reloading filter
Mar 23 10:39:45 goldorak check_reload_status: Reloading filter
Mar 23 10:40:33 goldorak php: : Sending HUP signal to 47122
Mar 23 10:40:33 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:40:33 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:41:00 goldorak php: : Sending HUP signal to 47122
Mar 23 10:41:00 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:41:00 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:41:25 goldorak php: : Sending HUP signal to 47122
Mar 23 10:41:25 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:41:25 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:42:13 goldorak php: : Sending HUP signal to 47122
Mar 23 10:42:13 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:42:13 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)

      Whereas system.log on pfSense OpenVPN servers doesn't indicate any problem with VPN.

      I captured traffic on the WAN and ovpncX / ovpnsX interfaces during the disconnections :

      • On the WAN interfaces everything is fine. Apinger doesn't raise any alarm (WAN gateways are monitored) and I can see bidirectionnal OpenVPN UDP traffic during the OpenVPN disconnection on both WAN interfaces.
      • On the ovpnsX servers' interfaces, I can see tunneled traffic arriving from ovpncX, and traffic being sent to  OpenVPN client's ovpncX interfaces.
      • On the ovpncX client's interfaces, I can see that tunneled traffic is sent to ovpnsX, but no traffic is arriving from ovpnsX.

      Any ideas of possible reasons for this ?

      Regards,

      Romain

      1 Reply Last reply Reply Quote 0
      • R
        rdr last edited by

        This issue is solved.

        My ISP at this time claimed the problem wasn't on his side.
        Since I wasn't able to find a solution, I changed the ISP.

        Now, I don't experience these disconnections anymore :-)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy