OpenVPN Remote Access (SSL/TLS+User Auth) will not pass traffic until restarted



  • Hello,

    My openVPN road warrior setup seems to die periodically. I can connect to the tunnel but the tunnel will not pass traffic. pfSense reports that i am connected. A route print on my client machine looks good. The system logs in the gui don't show anything out of the ordinary. Is there another log file that I can check for more info. Restarted the vpn tunnel from the gui get the tunnel functioning again. Apinger seems to working ok.

    I have pfSense version 2.1.3 x64.

    I want to provide more info but I need a little help finding the info to share. Is anyone else experiencing this issue.

    Thanks,
    Sean



  • Does it ever pass traffic?
    ping your pfsense box continuously and watch to see if it ever goes through.

    Also check your OpenVPN log for this:
    event_wait : Interrupted system call (code=4)

    If so, you might have the same problem as the rest of us:
    https://forum.pfsense.org/index.php?topic=75989.0
    https://forum.pfsense.org/index.php?topic=76735.0
    https://forum.pfsense.org/index.php?topic=77169.0

    -nb



  • Hi,

    Thank you for reply. Yes my tunnel does pass traffic. Periodically it will stop until i restart the tunnel from the gui, then it will pass traffic again.

    Next time it stop working I will check the log for the line you mentioned.

    Thanks,
    Sean



  • Hi,

    Update,

    Ok one of my openvpn setups is not working right now. 'ovpns1' is down. Notice it has no IP! 'openvpn2' is up. It has an IP.

    ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns1 prefixlen 64 scopeid 0x8
            nd6 options=3 <performnud,accept_rtadv>Opened by PID 1370

    ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns2 prefixlen 64 scopeid 0x9
            inet 10.0.12.1 –> 10.0.12.2 netmask 0xffffffff
            nd6 options=1 <performnud>Opened by PID 4967

    What would cause a VPN to lose it's IP?

    Thanks,
    Sean</performnud></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>



  • what about
    event_wait : Interrupted system call (code=4)



  • hello Netbandit,

    i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.

    If there is anything else you want me to check let me know.

    Thanks,
    Sean



  • @scourtney2000:

    i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.

    You might need to set your log settings to 2000 lines to see it.
    -nb



  • thanks nb,

    i am now logging 2000 lines.

    i have not had a vpn crash yet today. i did adjust the gateway monitoring setting hoping this might help. i changed the 'down' setting to 60.

    i do have traffic shaping installed. in my case i have assigned my openvpn an interface so i can traffic shape the vpn connections. last night i also prioritized icmp traffic just in case this was setting the gateway monitoring off.

    i will let you know what happens.

    thanks,
    sean



  • nb,

    update. my vpn tunnels have not lost connectivity in over 24 hours. not sure why.

    thanks,
    Sean


Log in to reply