Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Frequent OpenVPN client disconnects

    OpenVPN
    1
    1
    1573
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CosmoNerd last edited by

      Fellows,

      i see over the last two days frequent disconnects on OpenVPN connecting to VyprVPN.

      pfSens Build: 2.2-BETA (amd64) built on Sun Nov 16 23:44:31 CST 2014 running on VMWare ESXI instance

      The disconnect can happen anywhere between 1 and 10 minutes and then without interruption for 4 hours before the frequent disconnects reoccur. I already swapped Network cards with no avail.

      Any advice?

      OpenVPN Log:

      Dec 16 20:51:00 openvpn[30295]: MANAGEMENT: Client disconnected
      Dec 16 20:51:00 openvpn[30295]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:51:00 openvpn[30295]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:51:00 openvpn[30295]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
      Dec 16 20:51:00 openvpn[28840]: MANAGEMENT: Client disconnected
      Dec 16 20:51:00 openvpn[28840]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:51:00 openvpn[28840]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:51:00 openvpn[28840]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Dec 16 20:50:59 openvpn[30295]: MANAGEMENT: Client disconnected
      Dec 16 20:50:59 openvpn[30295]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:59 openvpn[30295]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:59 openvpn[28840]: MANAGEMENT: Client disconnected
      Dec 16 20:50:59 openvpn[30295]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
      Dec 16 20:50:59 openvpn[28840]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:59 openvpn[28840]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:59 openvpn[28840]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Dec 16 20:50:58 openvpn[30295]: MANAGEMENT: Client disconnected
      Dec 16 20:50:58 openvpn[30295]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:58 openvpn[30295]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:58 openvpn[28840]: MANAGEMENT: Client disconnected
      Dec 16 20:50:58 openvpn[30295]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
      Dec 16 20:50:58 openvpn[28840]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:58 openvpn[28840]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:58 openvpn[28840]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Dec 16 20:50:57 openvpn[30295]: MANAGEMENT: Client disconnected
      Dec 16 20:50:57 openvpn[30295]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:57 openvpn[30295]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:57 openvpn[28840]: MANAGEMENT: Client disconnected
      Dec 16 20:50:57 openvpn[30295]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
      Dec 16 20:50:57 openvpn[28840]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:57 openvpn[28840]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:57 openvpn[28840]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Dec 16 20:50:56 openvpn[30295]: MANAGEMENT: Client disconnected
      Dec 16 20:50:56 openvpn[30295]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:56 openvpn[30295]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:56 openvpn[28840]: MANAGEMENT: Client disconnected
      Dec 16 20:50:56 openvpn[30295]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
      Dec 16 20:50:56 openvpn[28840]: MANAGEMENT: CMD 'status 2'
      Dec 16 20:50:56 openvpn[28840]: MANAGEMENT: CMD 'state 1'
      Dec 16 20:50:56 openvpn[28840]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Dec 16 20:50:30 openvpn[30295]: Initialization Sequence Completed
      Dec 16 20:50:30 openvpn[30295]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
      Dec 16 20:50:30 openvpn[30295]: /sbin/route add -net 128.0.0.0 10.12.0.1 128.0.0.0
      Dec 16 20:50:30 openvpn[30295]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
      Dec 16 20:50:30 openvpn[30295]: /sbin/route add -net 0.0.0.0 10.12.0.1 128.0.0.0
      Dec 16 20:50:30 openvpn[30295]: /sbin/route add -net 203.170.29.30 76.123.198.1 255.255.255.255
      Dec 16 20:50:30 openvpn[30295]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1570 10.12.21.4 255.255.0.0 init
      Dec 16 20:50:30 openvpn[30295]: /sbin/route add -net 10.12.0.0 10.12.21.4 255.255.0.0
      Dec 16 20:50:30 openvpn[30295]: /sbin/ifconfig ovpnc2 10.12.21.4 10.12.21.4 mtu 1500 netmask 255.255.0.0 up
      Dec 16 20:50:30 openvpn[30295]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Dec 16 20:50:30 openvpn[30295]: TUN/TAP device /dev/tun2 opened
      Dec 16 20:50:30 openvpn[30295]: TUN/TAP device ovpnc2 exists previously, keep at program end
      Dec 16 20:50:30 openvpn[30295]: ROUTE_GATEWAY XX.XXX.XXX.XXX
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: route-related options modified
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: route options modified
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: –ifconfig/up options modified
      Dec 16 20:50:30 openvpn[30295]: Socket Buffers: R=[65536->262144] S=[65536->65536]
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: –sndbuf/--rcvbuf options modified
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: explicit notify parm(s) modified
      Dec 16 20:50:30 openvpn[30295]: OPTIONS IMPORT: timers and/or timeouts modified
      Dec 16 20:50:30 openvpn[30295]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 203.170.29.53,dhcp-option DNS 203.170.29.54,explicit-exit-notify 5,rcvbuf 262144,route-gateway 10.12.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.12.21.4 255.255.0.0'
      Dec 16 20:50:30 openvpn[30295]: SENT CONTROL [hk1.vyprvpn.com]: 'PUSH_REQUEST' (status=1)
      Dec 16 20:50:28 openvpn[30295]: [hk1.vyprvpn.com] Peer Connection Initiated with [AF_INET]203.170.29.30:443
      Dec 16 20:50:28 openvpn[30295]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Dec 16 20:50:28 openvpn[30295]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
      Dec 16 20:50:28 openvpn[30295]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Dec 16 20:50:28 openvpn[30295]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
      Dec 16 20:50:28 openvpn[30295]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

      OpenVPN config:
      dev ovpnc1
      verb 3
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local XX.XXX.XXX.XXX
      tls-client
      client
      lport 60111
      management /var/etc/openvpn/client1.sock unix
      remote de1.vpn.goldenfrog.com 443
      auth-user-pass /var/etc/openvpn/client1.up
      ca /var/etc/openvpn/client1.ca
      comp-lzo yes
      resolv-retry infinite
      persist-key
      persist-tun
      persist-remote-ip
      keysize 256
      tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA
      float
      keepalive 10 60
      #route-nopull

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy