1. Home
  2. pfSense® Software
  3. OpenVPN
  4. OpenVPN disconnections

OpenVPN disconnections

  • R

    Hi,

    I'm running pfSense 2.0.1 i386, and several site-to-site OpenVPN tunnels are configured : pfSense "A" is client and pfSenses "B", "C" and "D" are servers.

    OpenVPN is configured the following way :

    • Server Mode : Peer to Peer (shared key)
    • Protocol : UDP
    • Device mode : tun

    I'm experiencing disconnections with all OpenVPN tunnels, and there is no pattern with date and time.

    system.log on the client pfSense indicates :

    
Mar 23 09:20:00 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:00 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:10 goldorak check_reload_status: Reloading filter
Mar 23 09:20:10 goldorak check_reload_status: Reloading filter
Mar 23 09:20:18 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:18 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 09:20:28 goldorak check_reload_status: Reloading filter
Mar 23 09:20:28 goldorak check_reload_status: Reloading filter
Mar 23 09:20:32 goldorak php: : Sending HUP signal to 47122
Mar 23 09:20:32 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:20:32 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:00 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:00 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:00 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:13 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:13 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:13 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:21:28 goldorak php: : Sending HUP signal to 47122
Mar 23 09:21:28 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:21:28 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:26:01 goldorak apinger: ALARM: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: ALARM: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: alarm canceled: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:01 goldorak apinger: alarm canceled: VPNAU(172.21.24.1)  *** down ***
Mar 23 09:26:11 goldorak check_reload_status: Reloading filter
Mar 23 09:26:11 goldorak check_reload_status: Reloading filter
Mar 23 09:26:42 goldorak php: : Sending HUP signal to 47122
Mar 23 09:26:42 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:26:42 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:26:57 goldorak php: : Sending HUP signal to 47122
Mar 23 09:26:57 goldorak ipfw-classifyd: Reloading config...
Mar 23 09:26:57 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 09:39:07 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 09:59:07 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 09:59:07 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:03:56 goldorak apinger: ALARM: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:03:56 goldorak apinger: ALARM: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:01 goldorak apinger: alarm canceled: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:01 goldorak apinger: alarm canceled: VPNBR(172.21.22.1)  *** down ***
Mar 23 10:04:06 goldorak check_reload_status: Reloading filter
Mar 23 10:04:06 goldorak check_reload_status: Reloading filter
Mar 23 10:04:38 goldorak php: : Sending HUP signal to 47122
Mar 23 10:04:38 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:04:38 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:04:52 goldorak php: : Sending HUP signal to 47122
Mar 23 10:04:52 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:04:53 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:19:06 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 10:19:06 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:32:33 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:32:40 goldorak kernel: ovpnc2: promiscuous mode disabled
Mar 23 10:33:11 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:33:11 goldorak kernel: ovpnc2: promiscuous mode disabled
Mar 23 10:33:20 goldorak kernel: ovpnc2: promiscuous mode enabled
Mar 23 10:39:03 goldorak kernel: arp: 192.168.39.81 moved from 62:58:8e:91:cb:7e to 02:00:c0:a8:27:13 on vr0
Mar 23 10:39:03 goldorak kernel: arp: 192.168.39.81 moved from 02:00:c0:a8:27:13 to 62:58:8e:91:cb:7e on vr0
Mar 23 10:39:22 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:22 goldorak apinger: ALARM: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:32 goldorak check_reload_status: Reloading filter
Mar 23 10:39:32 goldorak check_reload_status: Reloading filter
Mar 23 10:39:35 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:35 goldorak apinger: alarm canceled: VPNSD(172.21.23.1)  *** down ***
Mar 23 10:39:45 goldorak check_reload_status: Reloading filter
Mar 23 10:39:45 goldorak check_reload_status: Reloading filter
Mar 23 10:40:33 goldorak php: : Sending HUP signal to 47122
Mar 23 10:40:33 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:40:33 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:41:00 goldorak php: : Sending HUP signal to 47122
Mar 23 10:41:00 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:41:00 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:41:25 goldorak php: : Sending HUP signal to 47122
Mar 23 10:41:25 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:41:25 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)
Mar 23 10:42:13 goldorak php: : Sending HUP signal to 47122
Mar 23 10:42:13 goldorak ipfw-classifyd: Reloading config...
Mar 23 10:42:13 goldorak ipfw-classifyd: Loaded Protocol: rtp (rule altq)

    Whereas system.log on pfSense OpenVPN servers doesn't indicate any problem with VPN.

    I captured traffic on the WAN and ovpncX / ovpnsX interfaces during the disconnections :

    • On the WAN interfaces everything is fine. Apinger doesn't raise any alarm (WAN gateways are monitored) and I can see bidirectionnal OpenVPN UDP traffic during the OpenVPN disconnection on both WAN interfaces.
    • On the ovpnsX servers' interfaces, I can see tunneled traffic arriving from ovpncX, and traffic being sent to  OpenVPN client's ovpncX interfaces.
    • On the ovpncX client's interfaces, I can see that tunneled traffic is sent to ovpnsX, but no traffic is arriving from ovpnsX.

    Any ideas of possible reasons for this ?

    Regards,

    Romain

    0
  • R

    This issue is solved.

    My ISP at this time claimed the problem wasn't on his side.
    Since I wasn't able to find a solution, I changed the ISP.

    Now, I don't experience these disconnections anymore :-)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy