OpenVPN client restart if the connection fail or goes down (AirVPN).



  • I managed to setup pfsense with AirVPN provider. All seems working well, except that sometimes - maybe for inactivity of LAN clients - the connection with the VPN server goes down.

    I didn't find a reliable method to force pfsense to reestablish the connection with the server.

    My Advanced configuration is:
    verb 3;explicit-exit-notify 5;ns-cert-type server;persist-tun;persist-key;

    I'd like to achieve with pfsense something like this (Linux method, with a bash script + cron), courtesy of http://support.vpnsecure.me/articles/frequently-asked-questions/monitor-linux-openvpn-daemon-and-restart-if-disconnected

    #!/bin/bash
    ps -ef | grep -v grep | grep openvpn
    if [ $? -eq 1 ] ; then
    /usr/sbin/openvpn –config username.ovpn --daemon --script-security 3 system
    fi

    Best regards,
    M. Panz



  • Hey panz,

    I'm looking to do the same as you - did you find a solution?

    – Phob



  • No, I didn't manage a reliable method to do that. I think that pfsense as OpenVPN client to an OpenVPN server/service provider needs a better implementation.  :'(



  • @panz:

    No, I didn't manage a reliable method to do that. I think that pfsense as OpenVPN client to an OpenVPN server/service provider needs a better implementation.  :'(

    I am using pfsense 2.1 with OpenVPN as server and as Client. The openvpn server peer goes off-line once in a blue moon for quite some time. My openvpn client in pfsense connects automatically.
    No issues.



  • @serialdie:

    My openvpn client in pfsense connects automatically.
    No issues.

    That's my experience too, but I figured this was about some specialized setup where it wouldn't auto reconnect.



  • Maybe this needs some clarification or better explanation by me: reconnecting isn't the primary issue, because I need immediate reconnection before clients could reach the Internet via non-VPN connection (so, leaking their identity).



  • @panz:

    (so, leaking their identity).

    Hows about blocking LAN to WAN Traffic ?
    Thats how I do this. I guess I got the same setup like you ;)



  • @panz:

    Maybe this needs some clarification or better explanation by me: reconnecting isn't the primary issue, because I need immediate reconnection before clients could reach the Internet via non-VPN connection (so, leaking their identity).

    That I would call a dead end, since you can't know that it's always possible to immediately reconnect (server could be down, lines between you and the server could be down), and even if it was this would take some time slipping the packages out your WAN in the meantime.

    The solution to this problem rather like Satras says to block WAN access for those hosts, and if policy routing is being used you need to use the soltion found by FastLaneJB in this thread: http://forum.pfsense.org/index.php/topic,65331.msg364525.html#msg363332



  • 1st post and no experience compared to the guys around here but I did use airvpn with my tomato openvpn client with Asus router and never had this issue.

    My router even after a month would still be connected and ready and all tunnelled through my air vpn automaticly once I hit firefox.

    I used this command here :

    resolv-retry infinite
    ns-cert-type server
    comp-lzo
    verb 3

    and copied this into the Advanced Custom Configuration text box

    There are other settings I noticed also shown here:
    https://airvpn.org/topic/6652-airvpn-tomato-configuration-step-by-step-guide/

    Also

    TLS renogontiation -1
    connection retry -1

    Maybe they may help…

    I found it best to use Openic dns (logless servers) also otherwise I found openvpn client would fail on AirVPN randomly after some time,  using Airvpn dns servers was the issue,  but openic free servers were what fixed it for me.  I think it allowed communication between my ISP and Airvpn,  to establish vpn connection. Using air vpn servers did not resolve I think.

    I have no idea if any of the above will help or work but worth a long shot lol

    Not sure if it will help but worth a try....



  • @Fevan:

    1st post and no experience compared to the guys around here but I did use airvpn with my tomato openvpn client with Asus router and never had this issue.

    This forum/thread is about OpenVPN and pfSense (an open source firewall/router++). How does pfSense come into play with your setup? More specifically, we're discussing terminating the VPN tunnel in the firewall/router, not using a client. Using a client through pfSense is probably completely unproblematic.



  • @Nadar:

    @Fevan:

    1st post and no experience compared to the guys around here but I did use airvpn with my tomato openvpn client with Asus router and never had this issue.

    This forum/thread is about OpenVPN and pfSense (an open source firewall/router++). How does pfSense come into play with your setup? More specifically, we're discussing terminating the VPN tunnel in the firewall/router, not using a client. Using a client through pfSense is probably completely unproblematic.

    oh my bad I thought op was having disconnection issues with airvpn and pfsense.  Thought the settings on openvpn on the AirVPN forums may help him.

    Good news to hear however using a client through pfsense is hopefully all working well,  I plan on going through the same route when I can figure out the basics !


Log in to reply