Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My VPN provider disconnects my OpenVPN link if he detects no activity/traffic!

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dplat
      last edited by

      Hi,

      My VPN provider (I won't give the name) disconnects my pfSense OpenVPN link if he detects no activity/traffic after a few hours.
      To reconnect, I have to login into pfSense, go to my OpenVPN client and save it again  >:(  then logout.

      Is there a pfSense feature to prevent this?

      If not, what would you do in such a situation?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        What kind of OpenVPN link are you using (Site-Site, RoadWarrior, SSL) ?

        What do the logs show when the connection goes down?

        Look for high latency and/or packet loss around the time the connection is dropped.

        -jfp

        1 Reply Last reply Reply Quote 0
        • D
          dplat
          last edited by

          @divsys:

          What kind of OpenVPN link are you using (Site-Site, RoadWarrior, SSL) ?

          My OpenVPN Client is configured with server Mode = Peer to Peer (SSL/TLS)

          @divsys:

          What do the logs show when the connection goes down?

          Well, as of now, my logs are too short, I mean, I don't have the beginning of the problem in my log file but I have many lines with:
          "Feb 18 09:01:51 openvpn[18356]: RESOLVE: Cannot resolve host address: XXXXXXX: hostname nor servname provided, or not known"
          I guess it is because I checked the "Infinitely resolve server" option

          @divsys:

          Look for high latency and/or packet loss around the time the connection is dropped.

          I'll take a look as soon as my OpenVPN connection is down, thanks.
          Any other comment?
          thanks

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            Is there a pfSense feature to prevent this?

            I don´t think so, because this might be also tended to the ISP site that the VPN connection
            must be established again and not only some data flow should go through the tunnel, because
            this tunnel is not existing anymore, after the ISP cut the VPN connection.

            If not, what would you do in such a situation?

            Install on your Windows PC something like Putty, write a Script and do it automated!

            1 Reply Last reply Reply Quote 0
            • D
              divsys
              last edited by

              Since this is a S2S setup, there should be a "keepalive 10 60" directive in your config file that's supposed to keep traffic flowing in your tunnel and prevent timeouts.

              The "Cannot resolve host address: XXXXXXX:" message could indicate some kind of possible DNS issue.
              Check out the "Status->System logs->General" as well as the Routing and Resolver logs to try and narrow down the issue.
              Also check out the RRD Quality and  Traffic graphs to try and get an idea of what's happening on the box when things go south.
              You might also look at the various System graphs on the off chance that something is spiking badly.

              In general OpenVPN connections are very stable in my experience.

              Continual dropouts are usually a symptom of some other issue.

              -jfp

              1 Reply Last reply Reply Quote 0
              • D
                dplat
                last edited by

                I've changed to "keepalive 10 30".
                I've changed the DNS.
                We'll see.
                Thanks

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.