VPN client times out, can't reconnect. Requires service restart.



  • I'm having a problem where the OpenVPN client on pfSense will connect to a server with no problems, but later the connection will timeout and it cannot reconnect to the server. It will just ping-restart every minute until I restart the service. At that point it reconnects normally with no problems.

    Setup: pfSense 2.2.6 > wireless bridge > internet

    I realize the above is not ideal, but I have no choice. I believe what is happening is that the wireless connection is getting interrupted. This only seems to happen while I'm sleeping (with only a couple of exceptions), so I can't pinpoint the source of the interruption. It does not always happen at the same time, nor does it happen after being connected for XX hours. In the logs below, I rebooted the wireless router used for the bridge at around 08:58 and the results were the same as what I've been seeing. While the client is constantly restarting, I can plug another device into the router and connect to the VPN server, so it's not a connectivity problem.

    I've tried connecting to different servers. I've tried changing keepalive values, but they get overriden by the values pushed from the server. I've rebooted all the devices I can get my hands on. The issue started when I was on 2.2.5, so I tried reverting to 2.2.4 and upgrading to 2.2.6. I've changed the gateway monitor IP. Nothing fixes it. At this point I'm just throwing darts in the dark.

    The ideal solution would be for me to find and fix the source of the interruption. Until I can do that, how can I get the OpenVPN service to restart rather than ping-restart endlessly?

    
    08:29:27 openvpn[9476]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
    08:29:27 openvpn[10452]: Current Parameter Settings:
    08:29:27 openvpn[10452]:   config = '/var/etc/openvpn/client9.conf'
    08:29:27 openvpn[10452]:   mode = 0
    08:29:27 openvpn[10452]:   show_ciphers = DISABLED
    08:29:27 openvpn[10452]:   show_digests = DISABLED
    08:29:27 openvpn[10452]:   show_engines = DISABLED
    08:29:27 openvpn[10452]:   genkey = DISABLED
    08:29:27 openvpn[10452]:   key_pass_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   show_tls_ciphers = DISABLED
    08:29:27 openvpn[10452]: Connection profiles [default]:
    08:29:27 openvpn[10452]:   proto = udp
    08:29:27 openvpn[10452]:   local = '10.0.0.2'
    08:29:27 openvpn[10452]:   local_port = 0
    08:29:27 openvpn[10452]:   remote = 'XX.XX.XX.XX'
    08:29:27 openvpn[10452]:   remote_port = 443
    08:29:27 openvpn[10452]:   remote_float = DISABLED
    08:29:27 openvpn[10452]:   bind_defined = DISABLED
    08:29:27 openvpn[10452]:   bind_local = ENABLED
    08:29:27 openvpn[10452]:   connect_retry_seconds = 5
    08:29:27 openvpn[10452]:   connect_timeout = 10
    08:29:27 openvpn[10452]:   connect_retry_max = 0
    08:29:27 openvpn[10452]:   socks_proxy_server = '[UNDEF]'
    08:29:27 openvpn[10452]:   socks_proxy_port = 0
    08:29:27 openvpn[10452]:   socks_proxy_retry = DISABLED
    08:29:27 openvpn[10452]:   tun_mtu = 1500
    08:29:27 openvpn[10452]:   tun_mtu_defined = ENABLED
    08:29:27 openvpn[10452]:   link_mtu = 1500
    08:29:27 openvpn[10452]:   link_mtu_defined = DISABLED
    08:29:27 openvpn[10452]:   tun_mtu_extra = 0
    08:29:27 openvpn[10452]:   tun_mtu_extra_defined = DISABLED
    08:29:27 openvpn[10452]:   mtu_discover_type = -1
    08:29:27 openvpn[10452]:   fragment = 0
    08:29:27 openvpn[10452]:   mssfix = 1450
    08:29:27 openvpn[10452]:   explicit_exit_notification = 5
    08:29:27 openvpn[10452]: Connection profiles END
    08:29:27 openvpn[10452]:   remote_random = DISABLED
    08:29:27 openvpn[10452]:   ipchange = '[UNDEF]'
    08:29:27 openvpn[10452]:   dev = 'ovpnc9'
    08:29:27 openvpn[10452]:   dev_type = 'tun'
    08:29:27 openvpn[10452]:   dev_node = '/dev/tun9'
    08:29:27 openvpn[10452]:   lladdr = '[UNDEF]'
    08:29:27 openvpn[10452]:   topology = 1
    08:29:27 openvpn[10452]:   tun_ipv6 = ENABLED
    08:29:27 openvpn[10452]:   ifconfig_local = '[UNDEF]'
    08:29:27 openvpn[10452]:   ifconfig_remote_netmask = '[UNDEF]'
    08:29:27 openvpn[10452]:   ifconfig_noexec = DISABLED
    08:29:27 openvpn[10452]:   ifconfig_nowarn = DISABLED
    08:29:27 openvpn[10452]:   ifconfig_ipv6_local = '[UNDEF]'
    08:29:27 openvpn[10452]:   ifconfig_ipv6_netbits = 0
    08:29:27 openvpn[10452]:   ifconfig_ipv6_remote = '[UNDEF]'
    08:29:27 openvpn[10452]:   shaper = 0
    08:29:27 openvpn[10452]:   mtu_test = 0
    08:29:27 openvpn[10452]:   mlock = DISABLED
    08:29:27 openvpn[10452]:   keepalive_ping = 10
    08:29:27 openvpn[10452]:   keepalive_timeout = 90
    08:29:27 openvpn[10452]:   inactivity_timeout = 0
    08:29:27 openvpn[10452]:   ping_send_timeout = 10
    08:29:27 openvpn[10452]:   ping_rec_timeout = 90
    08:29:27 openvpn[10452]:   ping_rec_timeout_action = 2
    08:29:27 openvpn[10452]:   ping_timer_remote = ENABLED
    08:29:27 openvpn[10452]:   remap_sigusr1 = 0
    08:29:27 openvpn[10452]:   persist_tun = ENABLED
    08:29:27 openvpn[10452]:   persist_local_ip = DISABLED
    08:29:27 openvpn[10452]:   persist_remote_ip = DISABLED
    08:29:27 openvpn[10452]:   persist_key = ENABLED
    08:29:27 openvpn[10452]:   passtos = DISABLED
    08:29:27 openvpn[10452]:   resolve_retry_seconds = 1000000000
    08:29:27 openvpn[10452]:   username = '[UNDEF]'
    08:29:27 openvpn[10452]:   groupname = '[UNDEF]'
    08:29:27 openvpn[10452]:   chroot_dir = '[UNDEF]'
    08:29:27 openvpn[10452]:   cd_dir = '[UNDEF]'
    08:29:27 openvpn[10452]:   writepid = '/var/run/openvpn_client9.pid'
    08:29:27 openvpn[10452]:   up_script = '/usr/local/sbin/ovpn-linkup'
    08:29:27 openvpn[10452]:   down_script = '/usr/local/sbin/ovpn-linkdown'
    08:29:27 openvpn[10452]:   down_pre = DISABLED
    08:29:27 openvpn[10452]:   up_restart = DISABLED
    08:29:27 openvpn[10452]:   up_delay = DISABLED
    08:29:27 openvpn[10452]:   daemon = ENABLED
    08:29:27 openvpn[10452]:   inetd = 0
    08:29:27 openvpn[10452]:   log = DISABLED
    08:29:27 openvpn[10452]:   suppress_timestamps = DISABLED
    08:29:27 openvpn[10452]:   nice = 0
    08:29:27 openvpn[10452]:   verbosity = 4
    08:29:27 openvpn[10452]:   mute = 0
    08:29:27 openvpn[10452]:   gremlin = 0
    08:29:27 openvpn[10452]:   status_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   status_file_version = 1
    08:29:27 openvpn[10452]:   status_file_update_freq = 60
    08:29:27 openvpn[10452]:   occ = ENABLED
    08:29:27 openvpn[10452]:   rcvbuf = 65536
    08:29:27 openvpn[10452]:   sndbuf = 65536
    08:29:27 openvpn[10452]:   sockflags = 0
    08:29:27 openvpn[10452]:   fast_io = DISABLED
    08:29:27 openvpn[10452]:   lzo = 1
    08:29:27 openvpn[10452]:   route_script = '[UNDEF]'
    08:29:27 openvpn[10452]:   route_default_gateway = '[UNDEF]'
    08:29:27 openvpn[10452]:   route_default_metric = 0
    08:29:27 openvpn[10452]:   route_noexec = DISABLED
    08:29:27 openvpn[10452]:   route_delay = 0
    08:29:27 openvpn[10452]:   route_delay_window = 30
    08:29:27 openvpn[10452]:   route_delay_defined = DISABLED
    08:29:27 openvpn[10452]:   route_nopull = ENABLED
    08:29:27 openvpn[10452]:   route_gateway_via_dhcp = DISABLED
    08:29:27 openvpn[10452]:   max_routes = 100
    08:29:27 openvpn[10452]:   allow_pull_fqdn = DISABLED
    08:29:27 openvpn[10452]:   management_addr = '/var/etc/openvpn/client9.sock'
    08:29:27 openvpn[10452]:   management_port = 0
    08:29:27 openvpn[10452]:   management_user_pass = '[UNDEF]'
    08:29:27 openvpn[10452]:   management_log_history_cache = 250
    08:29:27 openvpn[10452]:   management_echo_buffer_size = 100
    08:29:27 openvpn[10452]:   management_write_peer_info_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   management_client_user = '[UNDEF]'
    08:29:27 openvpn[10452]:   management_client_group = '[UNDEF]'
    08:29:27 openvpn[10452]:   management_flags = 256
    08:29:27 openvpn[10452]:   shared_secret_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   key_direction = 2
    08:29:27 openvpn[10452]:   ciphername_defined = ENABLED
    08:29:27 openvpn[10452]:   ciphername = 'AES-256-CBC'
    08:29:27 openvpn[10452]:   authname_defined = ENABLED
    08:29:27 openvpn[10452]:   authname = 'SHA1'
    08:29:27 openvpn[10452]:   prng_hash = 'SHA1'
    08:29:27 openvpn[10452]:   prng_nonce_secret_len = 16
    08:29:27 openvpn[10452]:   keysize = 32
    08:29:27 openvpn[10452]:   engine = ENABLED
    08:29:27 openvpn[10452]:   replay = ENABLED
    08:29:27 openvpn[10452]:   mute_replay_warnings = DISABLED
    08:29:27 openvpn[10452]:   replay_window = 64
    08:29:27 openvpn[10452]:   replay_time = 15
    08:29:27 openvpn[10452]:   packet_id_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   use_iv = ENABLED
    08:29:27 openvpn[10452]:   test_crypto = DISABLED
    08:29:27 openvpn[10452]:   tls_server = DISABLED
    08:29:27 openvpn[10452]:   tls_client = ENABLED
    08:29:27 openvpn[10452]:   key_method = 2
    08:29:27 openvpn[10452]:   ca_file = '/var/etc/openvpn/client9.ca'
    08:29:27 openvpn[10452]:   ca_path = '[UNDEF]'
    08:29:27 openvpn[10452]:   dh_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   cert_file = '/var/etc/openvpn/client9.cert'
    08:29:27 openvpn[10452]:   priv_key_file = '/var/etc/openvpn/client9.key'
    08:29:27 openvpn[10452]:   pkcs12_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   cipher_list = 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
    08:29:27 openvpn[10452]:   tls_verify = '[UNDEF]'
    08:29:27 openvpn[10452]:   tls_export_cert = '[UNDEF]'
    08:29:27 openvpn[10452]:   verify_x509_type = 0
    08:29:27 openvpn[10452]:   verify_x509_name = '[UNDEF]'
    08:29:27 openvpn[10452]:   crl_file = '[UNDEF]'
    08:29:27 openvpn[10452]:   ns_cert_type = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 160
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 136
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
    08:29:27 openvpn[10452]:   remote_cert_eku = 'TLS Web Server Authentication'
    08:29:27 openvpn[10452]:   ssl_flags = 0
    08:29:27 openvpn[10452]:   tls_timeout = 2
    08:29:27 openvpn[10452]:   renegotiate_bytes = 0
    08:29:27 openvpn[10452]:   renegotiate_packets = 0
    08:29:27 openvpn[10452]:   renegotiate_seconds = 3600
    08:29:27 openvpn[10452]:   handshake_window = 60
    08:29:27 openvpn[10452]:   transition_window = 3600
    08:29:27 openvpn[10452]:   single_session = DISABLED
    08:29:27 openvpn[10452]:   push_peer_info = DISABLED
    08:29:27 openvpn[10452]:   tls_exit = DISABLED
    08:29:27 openvpn[10452]:   tls_auth_file = '/var/etc/openvpn/client9.tls-auth'
    08:29:27 openvpn[10452]:   server_network = 0.0.0.0
    08:29:27 openvpn[10452]:   server_netmask = 0.0.0.0
    08:29:27 openvpn[10452]:   server_network_ipv6 = ::
    08:29:27 openvpn[10452]:   server_netbits_ipv6 = 0
    08:29:27 openvpn[10452]:   server_bridge_ip = 0.0.0.0
    08:29:27 openvpn[10452]:   server_bridge_netmask = 0.0.0.0
    08:29:27 openvpn[10452]:   server_bridge_pool_start = 0.0.0.0
    08:29:27 openvpn[10452]:   server_bridge_pool_end = 0.0.0.0
    08:29:27 openvpn[10452]:   ifconfig_pool_defined = DISABLED
    08:29:27 openvpn[10452]:   ifconfig_pool_start = 0.0.0.0
    08:29:27 openvpn[10452]:   ifconfig_pool_end = 0.0.0.0
    08:29:27 openvpn[10452]:   ifconfig_pool_netmask = 0.0.0.0
    08:29:27 openvpn[10452]:   ifconfig_pool_persist_filename = '[UNDEF]'
    08:29:27 openvpn[10452]:   ifconfig_pool_persist_refresh_freq = 600
    08:29:27 openvpn[10452]:   ifconfig_ipv6_pool_defined = DISABLED
    08:29:27 openvpn[10452]:   ifconfig_ipv6_pool_base = ::
    08:29:27 openvpn[10452]:   ifconfig_ipv6_pool_netbits = 0
    08:29:27 openvpn[10452]:   n_bcast_buf = 256
    08:29:27 openvpn[10452]:   tcp_queue_limit = 64
    08:29:27 openvpn[10452]:   real_hash_size = 256
    08:29:27 openvpn[10452]:   virtual_hash_size = 256
    08:29:27 openvpn[10452]:   client_connect_script = '[UNDEF]'
    08:29:27 openvpn[10452]:   learn_address_script = '[UNDEF]'
    08:29:27 openvpn[10452]:   client_disconnect_script = '[UNDEF]'
    08:29:27 openvpn[10452]:   client_config_dir = '[UNDEF]'
    08:29:27 openvpn[10452]:   ccd_exclusive = DISABLED
    08:29:27 openvpn[10452]:   tmp_dir = '/tmp'
    08:29:27 openvpn[10452]:   push_ifconfig_defined = DISABLED
    08:29:27 openvpn[10452]:   push_ifconfig_local = 0.0.0.0
    08:29:27 openvpn[10452]:   push_ifconfig_remote_netmask = 0.0.0.0
    08:29:27 openvpn[10452]:   push_ifconfig_ipv6_defined = DISABLED
    08:29:27 openvpn[10452]:   push_ifconfig_ipv6_local = ::/0
    08:29:27 openvpn[10452]:   push_ifconfig_ipv6_remote = ::
    08:29:27 openvpn[10452]:   enable_c2c = DISABLED
    08:29:27 openvpn[10452]:   duplicate_cn = DISABLED
    08:29:27 openvpn[10452]:   cf_max = 0
    08:29:27 openvpn[10452]:   cf_per = 0
    08:29:27 openvpn[10452]:   max_clients = 1024
    08:29:27 openvpn[10452]:   max_routes_per_client = 256
    08:29:27 openvpn[10452]:   auth_user_pass_verify_script = '[UNDEF]'
    08:29:27 openvpn[10452]:   auth_user_pass_verify_script_via_file = DISABLED
    08:29:27 openvpn[10452]:   port_share_host = '[UNDEF]'
    08:29:27 openvpn[10452]:   port_share_port = 0
    08:29:27 openvpn[10452]:   client = ENABLED
    08:29:27 openvpn[10452]:   pull = ENABLED
    08:29:27 openvpn[10452]:   auth_user_pass_file = '[UNDEF]'
    08:29:27 openvpn[10452]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
    08:29:27 openvpn[10452]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
    08:29:27 openvpn[9476]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
    08:29:27 openvpn[10572]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client9.sock
    08:29:27 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    08:29:27 openvpn[10572]: Initializing OpenSSL support for engine 'cryptodev'
    08:29:27 openvpn[10695]: Could not retrieve default gateway from route socket:: No such process (errno=3)
    08:29:27 openvpn[10695]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    08:29:27 openvpn[10695]: Initializing OpenSSL support for engine 'cryptodev'
    08:29:27 openvpn[10572]: Control Channel Authentication: using '/var/etc/openvpn/client9.tls-auth' as a OpenVPN static key file
    08:29:27 openvpn[10572]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    08:29:27 openvpn[10572]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    08:29:27 openvpn[10572]: LZO compression initialized
    08:29:27 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    08:29:27 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    08:29:27 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    08:29:27 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    08:29:27 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    08:29:27 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    08:29:27 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    08:29:27 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    08:29:27 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    08:29:27 openvpn[10572]: write UDPv4: No route to host (code=65)
    08:29:27 openvpn[10695]: Control Channel Authentication: using '/var/etc/openvpn/server8.tls-auth' as a OpenVPN static key file
    08:29:27 openvpn[10695]: TUN/TAP device ovpns8 exists previously, keep at program end
    08:29:27 openvpn[10695]: TUN/TAP device /dev/tun8 opened
    08:29:27 openvpn[10695]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    08:29:27 openvpn[10695]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    08:29:27 openvpn[10695]: /sbin/ifconfig ovpns8 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.0 up
    08:29:27 openvpn[10695]: /usr/local/sbin/ovpn-linkup ovpns8 1500 1602 10.10.10.1 255.255.255.0 init
    08:29:27 openvpn[10695]: UDPv4 link local (bound): [undef]
    08:29:27 openvpn[10695]: UDPv4 link remote: [undef]
    08:29:27 openvpn[10695]: Initialization Sequence Completed
    08:29:29 openvpn[10572]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:443, sid=fc1edd59 c31db681
    08:29:29 openvpn[10572]: VERIFY OK: depth=1, <snip>
    08:29:29 openvpn[10572]: Validating certificate key usage
    08:29:29 openvpn[10572]: ++ Certificate has key usage  00a0, expects 00a0
    08:29:29 openvpn[10572]: VERIFY KU OK
    08:29:29 openvpn[10572]: Validating certificate extended key usage
    08:29:29 openvpn[10572]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    08:29:29 openvpn[10572]: VERIFY EKU OK
    08:29:29 openvpn[10572]: VERIFY OK: depth=0, <snip>
    08:29:36 openvpn[10572]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    08:29:36 openvpn[10572]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    08:29:36 openvpn[10572]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    08:29:36 openvpn[10572]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    08:29:36 openvpn[10572]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
    08:29:36 openvpn[10572]: [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:443
    08:29:38 openvpn[10572]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.42.148 255.255.0.0'
    08:29:38 openvpn[10572]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    08:29:38 openvpn[10572]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    08:29:38 openvpn[10572]: OPTIONS IMPORT: timers and/or timeouts modified
    08:29:38 openvpn[10572]: OPTIONS IMPORT: LZO parms modified
    08:29:38 openvpn[10572]: OPTIONS IMPORT: --ifconfig/up options modified
    08:29:38 openvpn[10572]: OPTIONS IMPORT: route-related options modified
    08:29:38 openvpn[10572]: TUN/TAP device ovpnc9 exists previously, keep at program end
    08:29:38 openvpn[10572]: TUN/TAP device /dev/tun9 opened
    08:29:38 openvpn[10572]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    08:29:38 openvpn[10572]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    08:29:38 openvpn[10572]: /sbin/ifconfig ovpnc9 10.4.42.148 10.4.0.1 mtu 1500 netmask 255.255.0.0 up
    08:29:38 openvpn[10572]: /sbin/route add -net 10.4.0.0 10.4.42.148 255.255.0.0
    08:29:38 openvpn[10572]: /usr/local/sbin/ovpn-linkup ovpnc9 1500 1558 10.4.42.148 255.255.0.0 init
    08:29:38 openvpn[10572]: Initialization Sequence Completed
    08:30:10 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
    08:30:10 openvpn[10572]: MANAGEMENT: CMD 'state 1'
    08:30:10 openvpn[10572]: MANAGEMENT: CMD 'status 2'
    08:30:10 openvpn[10572]: MANAGEMENT: Client disconnected
    08:30:29 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
    08:30:29 openvpn[10572]: MANAGEMENT: CMD 'state 1'
    08:30:29 openvpn[10572]: MANAGEMENT: CMD 'status 2'
    08:30:29 openvpn[10572]: MANAGEMENT: Client disconnected
    08:32:38 openvpn[10572]: PID_ERR replay-window backtrack occurred [3] [SSL-0] [0___0000000015>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:390 0:387 t=1451568786[28] r=[28,64,15,3,1] sl=[58,64,64,528]
    08:58:06 openvpn[10572]: [server] Inactivity timeout (--ping-restart), restarting
    08:58:06 openvpn[10572]: TCP/UDP: Closing socket
    08:58:06 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    08:58:06 openvpn[10572]: Restart pause, 2 second(s)
    08:58:08 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    08:58:08 openvpn[10572]: Re-using SSL/TLS context
    08:58:08 openvpn[10572]: LZO compression initialized
    08:58:08 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    08:58:08 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    08:58:08 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    08:58:08 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    08:58:08 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    08:58:08 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    08:58:08 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    08:58:08 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    08:58:08 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    08:59:08 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    08:59:08 openvpn[10572]: TCP/UDP: Closing socket
    08:59:08 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    08:59:08 openvpn[10572]: Restart pause, 2 second(s)
    08:59:10 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    08:59:10 openvpn[10572]: Re-using SSL/TLS context
    08:59:10 openvpn[10572]: LZO compression initialized
    08:59:10 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    08:59:10 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    08:59:10 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    08:59:10 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    08:59:10 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    08:59:10 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    08:59:10 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    08:59:10 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    08:59:10 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:00:10 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:00:10 openvpn[10572]: TCP/UDP: Closing socket
    09:00:10 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:00:10 openvpn[10572]: Restart pause, 2 second(s)
    09:00:12 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:00:12 openvpn[10572]: Re-using SSL/TLS context
    09:00:12 openvpn[10572]: LZO compression initialized
    09:00:12 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:00:12 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:00:12 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:00:12 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:00:12 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:00:12 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:00:12 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:00:12 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:00:12 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:01:12 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:01:12 openvpn[10572]: TCP/UDP: Closing socket
    09:01:12 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:01:12 openvpn[10572]: Restart pause, 2 second(s)
    09:01:14 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:01:14 openvpn[10572]: Re-using SSL/TLS context
    09:01:14 openvpn[10572]: LZO compression initialized
    09:01:14 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:01:14 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:01:14 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:01:14 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:01:14 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:01:14 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:01:14 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:01:14 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:01:14 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:02:14 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:02:14 openvpn[10572]: TCP/UDP: Closing socket
    09:02:14 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:02:14 openvpn[10572]: Restart pause, 2 second(s)
    09:02:16 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:02:16 openvpn[10572]: Re-using SSL/TLS context
    09:02:16 openvpn[10572]: LZO compression initialized
    09:02:16 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:02:16 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:02:16 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:02:16 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:02:16 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:02:16 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:02:16 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:02:16 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:02:16 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:03:16 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:03:16 openvpn[10572]: TCP/UDP: Closing socket
    09:03:16 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:03:16 openvpn[10572]: Restart pause, 2 second(s)
    09:03:18 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:03:18 openvpn[10572]: Re-using SSL/TLS context
    09:03:18 openvpn[10572]: LZO compression initialized
    09:03:18 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:03:18 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:03:18 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:03:18 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:03:18 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:03:18 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:03:18 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:03:18 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:03:18 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:04:18 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:04:18 openvpn[10572]: TCP/UDP: Closing socket
    09:04:18 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:04:18 openvpn[10572]: Restart pause, 2 second(s)
    09:04:20 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:04:20 openvpn[10572]: Re-using SSL/TLS context
    09:04:20 openvpn[10572]: LZO compression initialized
    09:04:20 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:04:20 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:04:20 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:04:20 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:04:20 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:04:20 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:04:20 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:04:20 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:04:20 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:05:20 openvpn[10572]: TCP/UDP: Closing socket
    09:05:20 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:05:20 openvpn[10572]: Restart pause, 2 second(s)
    09:05:22 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:05:22 openvpn[10572]: Re-using SSL/TLS context
    09:05:22 openvpn[10572]: LZO compression initialized
    09:05:22 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:05:22 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:05:22 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:05:22 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:05:22 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:05:22 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:05:22 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:05:22 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:05:22 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:05:24 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
    09:05:24 openvpn[10572]: MANAGEMENT: CMD 'state 1'
    09:05:24 openvpn[10572]: MANAGEMENT: Client disconnected
    09:05:48 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
    09:05:48 openvpn[10572]: MANAGEMENT: CMD 'state 1'
    09:05:48 openvpn[10572]: MANAGEMENT: Client disconnected
    09:06:03 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
    09:06:03 openvpn[10572]: MANAGEMENT: CMD 'state 1'
    09:06:03 openvpn[10572]: MANAGEMENT: Client disconnected
    09:06:22 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:06:22 openvpn[10572]: TCP/UDP: Closing socket
    09:06:22 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:06:22 openvpn[10572]: Restart pause, 2 second(s)
    09:06:24 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:06:24 openvpn[10572]: Re-using SSL/TLS context
    09:06:24 openvpn[10572]: LZO compression initialized
    09:06:24 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:06:24 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:06:24 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:06:24 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:06:24 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:06:24 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:06:24 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:06:24 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:06:24 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:07:23 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
    09:07:23 openvpn[10572]: MANAGEMENT: CMD 'state 1'
    09:07:23 openvpn[10572]: MANAGEMENT: Client disconnected
    09:07:24 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:07:24 openvpn[10572]: TCP/UDP: Closing socket
    09:07:24 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:07:24 openvpn[10572]: Restart pause, 2 second(s)
    09:07:26 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:07:26 openvpn[10572]: Re-using SSL/TLS context
    09:07:26 openvpn[10572]: LZO compression initialized
    09:07:26 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:07:26 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:07:26 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:07:26 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:07:26 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:07:26 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:07:26 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:07:26 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:07:26 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    09:08:26 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    09:08:26 openvpn[10572]: TCP/UDP: Closing socket
    09:08:26 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
    09:08:26 openvpn[10572]: Restart pause, 2 second(s)
    09:08:28 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    09:08:28 openvpn[10572]: Re-using SSL/TLS context
    09:08:28 openvpn[10572]: LZO compression initialized
    09:08:28 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    09:08:28 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    09:08:28 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    09:08:28 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    09:08:28 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    09:08:28 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
    09:08:28 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
    09:08:28 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
    09:08:28 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
    
    and so on...
    [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]</snip></snip>
    


  • I'm having the same issues, started exactly the same way. no problem with 2.2.4 and started disconnecting and unable to restart the connection without restarting the service, but sometimes a reboot is the only way to fix it…

    Pfsense 2.2.5 and up on both sides...



  • Same issue.. except that I've been experiencing it since 2.2.1.
    I've been browsing the forums for a while now and have seen people with similar issues but so far haven't found a concrete solution.

    VPN provider is PIA.



  • My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.

    
    #!/bin/sh
    #updated 2016-02-05
    
    if ping -c3 XXX.XXX.XXX.XXX; then
    	#do nothing
    else
    	#log time
    	touch /root/timestamps.txt
    	date "+%Y-%m-%d %H:%M:%S" >> /root/timestamps.txt
    
    	#restart vpn clients
    	for i in `seq 30`
    		do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
    	done
    fi
    
    exit 0
    

    XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.

    If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.

    echo "" | php -q
    

    The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.



  • @zayrn9efir:

    My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.

    #!/bin/sh
    
    if ping -c3 XXX.XXX.XXX.XXX; then
    	#do nothing
    else
    	#restart vpn clients
    	for i in `seq 30`
    		do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
    	done
    fi
    
    exit 0
    

    XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.

    If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.

    echo "" | php -q
    

    The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.

    Even though it is a nice work around, it's no option for me, as it will also kill running connections (uploads, downloads, ssh) …

    I really wonder why this started happening...  :-\



  • @[NUT:

    link=topic=104699.msg586805#msg586805 date=1452746063]
    Even though it is a nice work around, it's no option for me, as it will also kill running connections (uploads, downloads, ssh) …

    I really wonder why this started happening...  :-\

    If you're having the same problem that I have, you don't have any connection through the VPN anyway, so there's nothing left to kill with a restart. Everything has timed out by the time 1-10 minutes pass and the script kicks in. Obviously you can run it more frequently if needed.

    The script only resets VPN clients, and you can specify which ones if you don't want to reset everything. You can even direct pings through specific interfaces and then reset VPN clients on a per-connection basis. I didn't need that for my situation, so I did all or nothing.

    
    for i in `ifconfig | cut -d: -f1 | grep ovpnc`
    do
        #ping address through interface $i
        #restart $i if ping fails
    done
    
    

    Maybe that would be more useful for you.



  • @zayrn9efir:

    My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.

    #!/bin/sh
    
    if ping -c3 XXX.XXX.XXX.XXX; then
    	#do nothing
    else
    	#restart vpn clients
    	for i in `seq 30`
    		do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
    	done
    fi
    
    exit 0
    

    XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.

    If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.

    echo "" | php -q
    

    The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.

    Yea same thing happens to me and this looks like a pretty cool work around. Ill give it a whirl when i can get back in town and reset my openvpn interface as im currently locked out now.

    Thx#



  • Since I only have one VPN client, it should probably look something like this correct??

    
    #!/bin/sh
    
    if ping -c3 XXX.XXX.XXX.XXX; then
    	#do nothing
    else
    	#restart vpn clients
             /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
    
    fi
    exit 0
    
    

    Also, is there a way to track how many/often it restarts your VPN



  • @TDJ211:

    Since I only have one VPN client, it should probably look something like this correct??

    
    #!/bin/sh
    
    if ping -c3 XXX.XXX.XXX.XXX; then
    	#do nothing
    else
    	#restart vpn clients
             /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
    
    fi
    exit 0
    
    

    Also, is there a way to track how many/often it restarts your VPN

    Just replace $i with your client number (probably 1) and you should be good to go.

    If you look at Status > OpenVPN in pfSense, you can see the last restart time (connected since …). You can also check the OpenVPN log files for restarts. Depending on what your verbosity level is set at and how long between restarts, you will probably see at least 1-2 restarts in there. It will also show in the System > General logs. Look for "pfSsh.php: OpenVPN ID client## PID #### still running, killing."

    You could modify the script to increment a counter and write it to a file every time it restarts the VPN. You could even have it put in a time stamp. ...Actually, I like this idea. I may implement it myself. A long enough series of time stamps may help me track down my problem.

    EDIT: I added this below the "else" in my script. EDIT 2: note that I have already added this to the script posted above.

    
    #log time
    touch /root/timestamps.txt
    date "+%Y-%m-%d %H:%M:%S" >> /root/timestamps.txt
    
    

    You could run "wc -l /root/timestamps.txt" to get a count.



  • Sweet!  I really like that timestamp addition to the script. And yea, I would like to have some kind of way to monitor it and make sure it doesnt cause probs or conflict with anything.

    Also, would it be something you would have to manually check from time to time, or is there a way the script could notify you by email or something when it restarts? Not that important really, just brainstorming here. It would be nice.



  • @TDJ211:

    Sweet!  I really like that timestamp addition to the script. And yea, I would like to have some kind of way to monitor it and make sure it doesnt cause probs or conflict with anything.

    Also, would it be something you would have to manually check from time to time, or is there a way the script could notify you by email or something when it restarts? Not that important really, just brainstorming here. It would be nice.

    As is, it would have to be checked periodically. You can definitely send e-mails via script. You may even be able to use the e-mail notification function built into pfSense, rather than scripting it all manually.

    The difficulty I have is that I don't have access to a trustworthy SMTP server to test with. This isn't something I'm familiar with, so I wouldn't be able to whip out a script and say "fill in the blanks." I'd have to experiment and learn as I go.



  • Yea I hear ya, just curious really. Ill use it as an educational opportunity and look into it myself as well.

    Anyways, thanks again!



  • You could run "wc -l /path/to/timestamp/file" to get a count.

    Where do I run this? On the CLI in putty? When I did I got "no such file name exists blah, blah, blah"

    Is it because it has yet to report an OpenVPN restart yet?



  • @TDJ211:

    You could run "wc -l /path/to/timestamp/file" to get a count.

    Where do I run this? On the CLI in putty? When I did I got "no such file name exists blah, blah, blah"

    Is it because it has yet to report an OpenVPN restart yet?

    You run that on the command line using putty or through the pfSense web interface. I assume you're putting the full path to wherever you have the timestamp file. When I used the relative path, like in the script I posted, it put the file at /var/log/timestamps.txt (which is not the location I expected). If you're not sure where it is, you can run this to find the absolute path:

    find / -name "timestamps.txt"
    

    In light of the above issue, I would recommend editing the script and changing "./timestamps.txt" to "/root/timestamps.txt" or some other absolute path so there is no question as to where it is. I will go back and change what I posted earlier.

    If the script hasn't kicked in and restarted your VPN yet, the file won't exist. If you want to see what the file will look like, run this from the command line:```
    date "+%Y-%m-%d %H:%M:%S" >> /absolute/path/to/timestamps.txt

    
    That will create the file, insert a timestamp, and then you should be able to run the "wc" command (with absolute path) successfully with a result of 1.
    
    * I'm not sure how much you know about this stuff, so I apologize if the absolute/relative path comments are unnecessary.