My VPN provider disconnects my OpenVPN link if he detects no activity/traffic!

dplat

Hi,

My VPN provider (I won't give the name) disconnects my pfSense OpenVPN link if he detects no activity/traffic after a few hours.
To reconnect, I have to login into pfSense, go to my OpenVPN client and save it again  >:(  then logout.

Is there a pfSense feature to prevent this?

If not, what would you do in such a situation?

Thanks!

divsys

What kind of OpenVPN link are you using (Site-Site, RoadWarrior, SSL) ?

What do the logs show when the connection goes down?

Look for high latency and/or packet loss around the time the connection is dropped.

dplat

@divsys:

What kind of OpenVPN link are you using (Site-Site, RoadWarrior, SSL) ?

My OpenVPN Client is configured with server Mode = Peer to Peer (SSL/TLS)

@divsys:

What do the logs show when the connection goes down?

Well, as of now, my logs are too short, I mean, I don't have the beginning of the problem in my log file but I have many lines with:
"Feb 18 09:01:51 openvpn[18356]: RESOLVE: Cannot resolve host address: XXXXXXX: hostname nor servname provided, or not known"
I guess it is because I checked the "Infinitely resolve server" option

@divsys:

Look for high latency and/or packet loss around the time the connection is dropped.

I'll take a look as soon as my OpenVPN connection is down, thanks.
Any other comment?
thanks

Guest

Is there a pfSense feature to prevent this?

I don´t think so, because this might be also tended to the ISP site that the VPN connection
must be established again and not only some data flow should go through the tunnel, because
this tunnel is not existing anymore, after the ISP cut the VPN connection.

If not, what would you do in such a situation?

Install on your Windows PC something like Putty, write a Script and do it automated!

divsys

Since this is a S2S setup, there should be a "keepalive 10 60" directive in your config file that's supposed to keep traffic flowing in your tunnel and prevent timeouts.

The "Cannot resolve host address: XXXXXXX:" message could indicate some kind of possible DNS issue.
Check out the "Status->System logs->General" as well as the Routing and Resolver logs to try and narrow down the issue.
Also check out the RRD Quality and  Traffic graphs to try and get an idea of what's happening on the box when things go south.
You might also look at the various System graphs on the off chance that something is spiking badly.

In general OpenVPN connections are very stable in my experience.

Continual dropouts are usually a symptom of some other issue.

dplat

I've changed to "keepalive 10 30".
I've changed the DNS.
We'll see.
Thanks