OpenVPN Remote Access (SSL/TLS+User Auth) will not pass traffic until restarted

scourtney2000 · May 19, 2014, 9:01 PM

Hello,

My openVPN road warrior setup seems to die periodically. I can connect to the tunnel but the tunnel will not pass traffic. pfSense reports that i am connected. A route print on my client machine looks good. The system logs in the gui don't show anything out of the ordinary. Is there another log file that I can check for more info. Restarted the vpn tunnel from the gui get the tunnel functioning again. Apinger seems to working ok.

I have pfSense version 2.1.3 x64.

I want to provide more info but I need a little help finding the info to share. Is anyone else experiencing this issue.

Thanks,
Sean

NetBandit · May 19, 2014, 9:22 PM

Does it ever pass traffic?
ping your pfsense box continuously and watch to see if it ever goes through.

Also check your OpenVPN log for this:
event_wait : Interrupted system call (code=4)

If so, you might have the same problem as the rest of us:
https://forum.pfsense.org/index.php?topic=75989.0
https://forum.pfsense.org/index.php?topic=76735.0
https://forum.pfsense.org/index.php?topic=77169.0

-nb

scourtney2000 · May 19, 2014, 9:33 PM

Hi,

Thank you for reply. Yes my tunnel does pass traffic. Periodically it will stop until i restart the tunnel from the gui, then it will pass traffic again.

Next time it stop working I will check the log for the line you mentioned.

Thanks,
Sean

scourtney2000 · May 20, 2014, 1:03 AM

Hi,

Update,

Ok one of my openvpn setups is not working right now. 'ovpns1' is down. Notice it has no IP! 'openvpn2' is up. It has an IP.

ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns1 prefixlen 64 scopeid 0x8
nd6 options=3 <performnud,accept_rtadv>Opened by PID 1370

ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns2 prefixlen 64 scopeid 0x9
inet 10.0.12.1 –> 10.0.12.2 netmask 0xffffffff
nd6 options=1 <performnud>Opened by PID 4967

What would cause a VPN to lose it's IP?

Thanks,
Sean</performnud></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

NetBandit · May 20, 2014, 1:25 AM

what about
event_wait : Interrupted system call (code=4)

scourtney2000 · May 20, 2014, 10:12 AM

hello Netbandit,

i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.

If there is anything else you want me to check let me know.

Thanks,
Sean

NetBandit · May 20, 2014, 2:30 PM

@scourtney2000:

i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.

You might need to set your log settings to 2000 lines to see it.
-nb

scourtney2000 · May 20, 2014, 4:54 PM

thanks nb,

i am now logging 2000 lines.

i have not had a vpn crash yet today. i did adjust the gateway monitoring setting hoping this might help. i changed the 'down' setting to 60.

i do have traffic shaping installed. in my case i have assigned my openvpn an interface so i can traffic shape the vpn connections. last night i also prioritized icmp traffic just in case this was setting the gateway monitoring off.

i will let you know what happens.

thanks,
sean

scourtney2000 · May 21, 2014, 3:16 PM

nb,

update. my vpn tunnels have not lost connectivity in over 24 hours. not sure why.

thanks,
Sean