OpenVPN Remote Access (SSL/TLS+User Auth) will not pass traffic until restarted
-
Hello,
My openVPN road warrior setup seems to die periodically. I can connect to the tunnel but the tunnel will not pass traffic. pfSense reports that i am connected. A route print on my client machine looks good. The system logs in the gui don't show anything out of the ordinary. Is there another log file that I can check for more info. Restarted the vpn tunnel from the gui get the tunnel functioning again. Apinger seems to working ok.
I have pfSense version 2.1.3 x64.
I want to provide more info but I need a little help finding the info to share. Is anyone else experiencing this issue.
Thanks,
Sean -
Does it ever pass traffic?
ping your pfsense box continuously and watch to see if it ever goes through.Also check your OpenVPN log for this:
event_wait : Interrupted system call (code=4)If so, you might have the same problem as the rest of us:
https://forum.pfsense.org/index.php?topic=75989.0
https://forum.pfsense.org/index.php?topic=76735.0
https://forum.pfsense.org/index.php?topic=77169.0-nb
-
Hi,
Thank you for reply. Yes my tunnel does pass traffic. Periodically it will stop until i restart the tunnel from the gui, then it will pass traffic again.
Next time it stop working I will check the log for the line you mentioned.
Thanks,
Sean -
Hi,
Update,
Ok one of my openvpn setups is not working right now. 'ovpns1' is down. Notice it has no IP! 'openvpn2' is up. It has an IP.
ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns1 prefixlen 64 scopeid 0x8
nd6 options=3 <performnud,accept_rtadv>Opened by PID 1370ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns2 prefixlen 64 scopeid 0x9
inet 10.0.12.1 –> 10.0.12.2 netmask 0xffffffff
nd6 options=1 <performnud>Opened by PID 4967What would cause a VPN to lose it's IP?
Thanks,
Sean</performnud></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast> -
what about
event_wait : Interrupted system call (code=4) -
hello Netbandit,
i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.
If there is anything else you want me to check let me know.
Thanks,
Sean -
i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.
You might need to set your log settings to 2000 lines to see it.
-nb -
thanks nb,
i am now logging 2000 lines.
i have not had a vpn crash yet today. i did adjust the gateway monitoring setting hoping this might help. i changed the 'down' setting to 60.
i do have traffic shaping installed. in my case i have assigned my openvpn an interface so i can traffic shape the vpn connections. last night i also prioritized icmp traffic just in case this was setting the gateway monitoring off.
i will let you know what happens.
thanks,
sean -
nb,
update. my vpn tunnels have not lost connectivity in over 24 hours. not sure why.
thanks,
Sean