[SOLVED] OpenVPN doesn't reconnect after reset of Internet connection



  • Hello!

    I took a deeper search regarding my issue, but I didn't found something like my setup :-)
    So I start a new thread …

    I have also an issue with the reconnect of an OpenVPN Tunnel after a reset of the Internet connection.
    I'm using the current version of pfsense on an ALIX board (the performance is good) and Telekom Austria (A1) as Internet Provider.

    Here is the setup:

    [PC's, …] –LAN1-- [ALIX with pfsense] –LAN2-- [Router from A1] –VDSL Internet to A1--(VPN Tunnel)-- [PrivateVPN]– (Public Internet)

    pfsense settings

    Interfaces in pfsense:
    WAN: 10.0.0.0/24 (A1 Router: 10.0.0.138) using DHCP
    LAN: 192.168.3.0/24 using 192.168.3.1 fixed
    PRIVATEVPN (for the Tunnel to PrivateVPN, TAP)

    Other IP settings:
    Default route: WAN (10.0.0.138)
    DNS: 8.8.8.8, 8.8.4.4 (for testing)

    NAT: NAT rule in ALIX for LAN Traffic outside (based on the used Interface WAN or PRIVATEVPN)
    Firewall: Forwarding rule for LAN Traffic to outside uses the PRIVATVPN interface as gateway.

    My problem

    The VPN Tunnel works very well - no issues, no performance topics
    But: Every night, Telekom Austria resets the Internet connection. This means, pfsense doesn't see the reset, because it's connected on the LAN2 of the Telekom Router. After the reset, the OpenVPN tunnel is down. On the dashboard, the PRIVATEVPN Interface seems to be up (shows an IP address). On the status page, the OpenVPN connection is "down".

    How can make an automated reconnect?
    I tried: keepalive 10 30, auth-retry nointeract, resolv-retry infinite -> no chance :-(
    I have to restart the OpenVPN service manually, then the tunnel goes up and every thing is fine.
    A workaround would be a script with a cron job, but I'm not very familar with FreeBSD ...

    Btw, next week I'm offline (making a bike tour on the Danube), but I appreciate creative ideas regarding this issue :-)

    Thank you for your help!!!
    Thomas from Austria



  • Hi!

    I guess, I'm one step forward. As I found out yesterday, OpenVPN tries to reconnect, but cannot solve the DNS name of the remote host.
    I took a look into the routing table and … yes, there are two routes in it, pointing to the VPN interface (during the downtime of the VPN connection ...). I didn't add the "redirect-gateway def1" command, but the VPN provider did it for me ...
    So I prevent the pull configs from the server and the routes are gone.

    To route the outgoing traffic through the VPN tunnel, I added a dedicated gateway (the VPN interface) to the firewall policy rule. Nevertheless the traffic goes directly trougth the WAN gatway, not through the tunnel - why?

    The VPN interface (and the tunnel) is still up - matched to a public IP address ...
    In the gateway table, both gateways are configured (WAN and VPN - WAN as default).

    My routing table is quite simple:

    0.0.0.0/0 -> 10.0.0.138 (the router from the internet provider)
    91. ... . ...-> VPN Interface
    and the local networks to the other ethernet ports

    I begin to freak out with this issue ...  :-\

    Hope, anybody can helps me ...

    br,
    Thomas



  • Hi!

    Go to System > Advanced > Miscellaneous, go down to Gateway Monitoring check "State killing on gateway failure" and "Skip rules when gateway is down".
    This should solve your issue.



  • @viragomann:

    Hi!

    Go to System > Advanced > Miscellaneous, go down to Gateway Monitoring check "State killing on gateway failure" and "Skip rules when gateway is down".
    This should solve your issue.

    Hi! I'll check it today evening. But I'm not sure, if it would works. When I monitor the Gatway pointing to the VPN-Interface, the status is always "pending" …
    But I'll see.

    Thank you very much!
    Thomas



  • Hi!

    The OpenVPN tunnel seems to be stable now, I did some changes with keepalive, block route creation, …

    But I have a routing issue: https://forum.pfsense.org/index.php?topic=97877.msg

    Thank's as this point!
    Thomas



  • Hi!

    I solved my problem as follow:

    After a look into the syslog, I found out, that the DNS resolving for the VPN peer doesn't work (clear, because the routes created by OpenVPN points into the broken tunnel …).
    To resolve, I use the IP address of the VPN peer instead the hostname -> everything works fine. After the change of the public IP, the reconnection to the VPN peer works correctly, and the traffic goes through it as expected.

    Thomas



  • Hello,

    I apologize for interfere with this topic. I have a similar problem, just that I'm on a PPoE connection. I found an workaround to reconnect the connection automatically, but OpenVPN it's not detecting my connection and try to reconnect.

    Do you know any workarounds for PPoE connections?

    Thank you in advance!