OpenVPN - UDP drops after 2 minutes, TCP fine
-
I just finished installing my first pfSense HA pair into production and everything is working great. In my test environment, I had no issues at all but now that I'm live, I've found a major hiccup with OpenVPN - almost like clockwork, every 2 minutes the VPN connection will drop (and try to re-establish). Here's the only thing I can find (in debug logs) on the pfsense side with any error: No TLS state for client
On the client side, I get:
Sat Apr 16 08:54:05 2016 [gw.x.com] Inactivity timeout (–ping-restart), restarting
Sat Apr 16 08:54:05 2016 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr 16 08:54:07 2016 UDPv4 link local (bound): [undef]
Sat Apr 16 08:54:07 2016 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sat Apr 16 08:54:08 2016 [gw.x.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194(gw.x.com and x.x.x.x are replacements for real info)
I happened to find someone else with a similar problem here on the forums that said switching to TCP worked - I tried it and the connection stays active 100%.
The previous firewall was using UDP 500 (Cisco) and had no issues with using it so I know it's not a provider issue.
OpenVPN config:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote gw.x.com 1194 udp
lport 0
verify-x509-name "gw.x.com" name
auth-user-pass
pkcs12 gw-udp-1194-admin.p12
tls-auth gw-udp-1194-itsgi-tls.key 1
ns-cert-type server
comp-lzo adaptive