Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN occasionally reconnecting 100's of times causing acct disable by PureVPN

    OpenVPN
    4
    7
    2806
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      davros123 last edited by

      Hi guys, not sure where to start with this one so pls. suggest what I need to post to help solve it.

      I have OpenVPN setup to connect to my PureVPN account (permanently) and all traffic on one interface (subnet) is routed through this VPN.
      I am currently running 2.2.3-RELEASE.

      Three times now in the last 2 months I have had my account disabled by PureVPN and received the following email:

      Our hands were shaking, our hearts were beating fast and we were very nervous – but in the end, we had to pull the plug! We had to disable your account because it was generating VPN sessions like crazy.
      The high numbers of VPN sessions were disrupting delivery of impeccable VPN service to our other partners.
      Your account having below given username has been disabled.

      Support tell me it was because I connected and disconnected more than 200 times (their limit).

      The pfsense OpenVPN logs do not show this and appear normal.
      It expires and reconnects every hour at xx:43.

      Aug 17 14:43:39
      openvpn[23192]: TLS: tls_process: killed expiring key
      Aug 17 14:43:46
      openvpn[23192]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 14:43:46
      openvpn[23192]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 14:43:52
      openvpn[23192]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 14:43:52
      openvpn[23192]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 14:43:52
      openvpn[23192]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 14:43:52
      openvpn[23192]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 14:43:52
      openvpn[23192]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Aug 17 15:43:44
      openvpn[23192]: TLS: tls_process: killed expiring key
      Aug 17 15:43:52
      openvpn[23192]: TLS: soft reset sec=0 bytes=4493641/0 pkts=21386/0
      Aug 17 15:43:54
      openvpn[23192]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 15:43:54
      openvpn[23192]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 15:43:57
      openvpn[23192]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 15:43:57
      openvpn[23192]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 15:43:57
      openvpn[23192]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 15:43:57
      openvpn[23192]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 15:43:57
      openvpn[23192]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Aug 17 16:43:52
      openvpn[23192]: TLS: tls_process: killed expiring key
      Aug 17 16:43:57
      openvpn[23192]: TLS: soft reset sec=0 bytes=2678573/0 pkts=17429/0
      Aug 17 16:43:59
      openvpn[23192]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 16:43:59
      openvpn[23192]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 16:44:02
      openvpn[23192]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 16:44:02
      openvpn[23192]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 16:44:02
      openvpn[23192]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 16:44:02
      openvpn[23192]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 16:44:02
      openvpn[23192]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Aug 17 17:43:57
      openvpn[23192]: TLS: tls_process: killed expiring key
      Aug 17 17:44:02
      openvpn[23192]: TLS: soft reset sec=0 bytes=2603998/0 pkts=16911/0
      Aug 17 17:44:04
      openvpn[23192]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 17:44:04
      openvpn[23192]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 17:44:16
      openvpn[23192]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 17:44:16
      openvpn[23192]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 17:44:16
      openvpn[23192]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 17:44:16
      openvpn[23192]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 17:44:16
      openvpn[23192]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Aug 17 18:44:02
      openvpn[23192]: TLS: tls_process: killed expiring key
      Aug 17 18:44:16
      openvpn[23192]: TLS: soft reset sec=0 bytes=2617542/0 pkts=16810/0
      Aug 17 18:44:18
      openvpn[23192]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 18:44:18
      openvpn[23192]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 18:44:22
      openvpn[23192]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 18:44:22
      openvpn[23192]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 18:44:22
      openvpn[23192]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 18:44:22
      openvpn[23192]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 18:44:22
      openvpn[23192]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Aug 17 18:57:47
      openvpn[23192]: [PureVPN] Inactivity timeout (--ping-restart), restarting
      Aug 17 18:57:47
      openvpn[23192]: TCP/UDP: Closing socket
      Aug 17 18:57:47
      openvpn[23192]: SIGUSR1[soft,ping-restart] received, process restarting
      Aug 17 18:57:47
      openvpn[23192]: Restart pause, 2 second(s)
      Aug 17 18:57:49
      openvpn[23192]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Aug 17 18:57:49
      openvpn[23192]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Aug 17 18:57:49
      openvpn[23192]: Re-using SSL/TLS context
      Aug 17 18:57:49
      openvpn[23192]: LZO compression initialized
      Aug 17 18:57:49
      openvpn[23192]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
      Aug 17 18:57:49
      openvpn[23192]: Socket Buffers: R=[42080->393216] S=[57344->393216]
      Aug 17 18:57:49
      openvpn[23192]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
      Aug 17 18:57:49
      openvpn[23192]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
      Aug 17 18:57:49
      openvpn[23192]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
      Aug 17 18:57:49
      openvpn[23192]: Local Options hash (VER=V4): '9e7066d2'
      Aug 17 18:57:49
      openvpn[23192]: Expected Remote Options hash (VER=V4): '162b04de'
      Aug 17 18:57:49
      openvpn[23192]: UDPv4 link local (bound): [AF_INET]xx.1xx.153.106
      Aug 17 18:57:49
      openvpn[23192]: UDPv4 link remote: [AF_INET]213.5.71.71:53
      Aug 17 18:57:49
      openvpn[23192]: TLS: Initial packet from [AF_INET]213.5.71.71:53, sid=5f1b703a c494527f
      Aug 17 18:57:51
      openvpn[23192]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 18:57:51
      openvpn[23192]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
      Aug 17 18:57:54
      openvpn[23192]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 18:57:54
      openvpn[23192]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 18:57:54
      openvpn[23192]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Aug 17 18:57:54
      openvpn[23192]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Aug 17 18:57:54
      openvpn[23192]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Aug 17 18:57:54
      openvpn[23192]: [PureVPN] Peer Connection Initiated with [AF_INET]213.5.71.71:53
      Aug 17 18:57:56
      openvpn[23192]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1)
      Aug 17 18:57:56
      openvpn[23192]: AUTH: Received control message: AUTH_FAILED
      Aug 17 18:57:56
      openvpn[23192]: TCP/UDP: Closing socket
      Aug 17 18:57:56
      openvpn[23192]: /sbin/route delete -net 185.2.29.191 202.138.4.80 255.255.255.255
      Aug 17 18:57:56
      openvpn[23192]: /sbin/route delete -net 0.0.0.0 213.5.66.65 128.0.0.0
      Aug 17 18:57:56
      openvpn[23192]: /sbin/route delete -net 128.0.0.0 213.5.66.65 128.0.0.0
      Aug 17 18:57:56
      openvpn[23192]: Closing TUN/TAP interface
      Aug 17 18:57:56
      openvpn[23192]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 213.5.66.70 255.255.255.224 init
      Aug 17 18:57:56
      openvpn[23192]: SIGTERM[soft,auth-failure] received, process exiting
      
      From 
      
      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Looks like you lost connection (timeout).

        Do you perhaps have multiple accounts connecting with the same cert/credentials? They could be knocking each other offline

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          davros123 last edited by

          Hi Jimp.

          Good point, I do have a family member that also uses this account on occasion.
          PureVPN allow 5 concurrent logins and so this should be ok, but perhaps it's not pfsense but his sessions that are flapping.

          I'll check with him.

          1 Reply Last reply Reply Quote 0
          • A
            anonanonanon50 last edited by

            I hate to bump a thread over a year old but I am running into this EXACT same issue.
            I don't believe anyone else is using my account. One thing that I have noticed is when I am connected through the VPN the connection will stop working for a couple min then it will start working again. OP did you ever solve this issue? I would love to hear how you did it.
            Any help would be great!

            1 Reply Last reply Reply Quote 0
            • D
              duren last edited by

              My recommendation is to carefully inspect PureVPN's own .ovpn configuration files and ensure your pfSense client configuration is as close to that as possible. They could have a particular setup and full well know that without the specific options they chose this kind of stuff will happen.

              1 Reply Last reply Reply Quote 0
              • A
                anonanonanon50 last edited by

                @duren:

                My recommendation is to carefully inspect PureVPN's own .ovpn configuration files and ensure your pfSense client configuration is as close to that as possible. They could have a particular setup and full well know that without the specific options they chose this kind of stuff will happen.

                Thank you for the reply.
                I have followed the instructions on the PureVPN website (https://support.purevpn.com/pfsense-openvpn-configuration-guide) and they do not work at all, I have tried to get in touch with their support team and they the provided me this link https://support.purevpn.com/my-vpn-disconnects-after-every-few-minutes-what-should-i-do and then they stopped responding to my inquiries.
                I was hoping someone on here might have successfully used another guide to setup there PureVPN to connect through PFsense.
                Just for further reference I used this guide with some minor tweaks https://www.privateinternetaccess.com/forum/discussion/18111/openvpn-step-by-step-setup-for-pfsense-firewall-router-with-video

                1 Reply Last reply Reply Quote 0
                • D
                  duren last edited by

                  I took a look at their ovpn files and it doesn't look like there's anything that would make much difference.

                  The guide should work, just skip steps 10, 11 and 12 and enter the username and password in the pfSense gui.

                  If it still doesn't work, you'll have to post your log.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post