Connected tunnel does not show up in the status page

  • I have a pfSense box with a Multi-WAN setup that is the OpenVPN server and a remote office (the client) with a DSL link with a dynamic IP that changes every 36 hours.

    To prevent a connection reset in the DSL link in the middle of a working day I reset the PPPoE connection everyday at 4:00.

    The problem is that the remote office connects and it shows in the connection in the status page but, on the server, it shows as not connected. The link is established as I can ping both ways.

    I've checked the management interface on the server and the "state all" command shows a reconnection at 4:00 and some seconds and then it goes in to WAIT state.

    I've also checked the status page source code and it reads that state but shows nothing in the WAIT case.

    Restarting the server forces a reconnection and solves the problem. It just does not seem right to me…


  • Which version of pfsense?

    I might have found the problem but don't know how to solve it cleanly.

    The problem is that the OpenVPN server lets the peer connect with the new IP address but changes to WAIT state (echo 'states' | nc -U /var/etc/openvpn/server1.sock shows it). I looked at the OpenVPN management interface documentation and the WAIT state should only happen in the client.

    To solve the problem for now I put 'keepalive 1 10' in both and this will restart the server 10 secs after the client stops responding. I've did some tests and after the PPPoE connection reset the client takes 15 secs before initiating a new connection to the OpenVPN server and, by then, the server already expired the connection.

    A peer-to-peer OpenVPN tunnel should only allow one peer IP address and not more.

    Anything wrong in my theory?


