OpenVPN - UDP drops after 2 minutes, TCP fine



  • I just finished installing my first pfSense HA pair into production and everything is working great.  In my test environment, I had no issues at all but now that I'm live, I've found a major hiccup with OpenVPN - almost like clockwork, every 2 minutes the VPN connection will drop (and try to re-establish).  Here's the only thing I can find (in debug logs) on the pfsense side with any error:  No TLS state for client

    On the client side, I get:
    Sat Apr 16 08:54:05 2016 [gw.x.com] Inactivity timeout (–ping-restart), restarting
    Sat Apr 16 08:54:05 2016 SIGUSR1[soft,ping-restart] received, process restarting
    Sat Apr 16 08:54:07 2016 UDPv4 link local (bound): [undef]
    Sat Apr 16 08:54:07 2016 UDPv4 link remote: [AF_INET]x.x.x.x:1194
    Sat Apr 16 08:54:08 2016 [gw.x.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194

    (gw.x.com and x.x.x.x are replacements for real info)

    I happened to find someone else with a similar problem here on the forums that said switching to TCP worked - I tried it and the connection stays active 100%.

    The previous firewall was using UDP 500 (Cisco) and had no issues with using it so I know it's not a provider issue.

    OpenVPN config:
    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote gw.x.com 1194 udp
    lport 0
    verify-x509-name "gw.x.com" name
    auth-user-pass
    pkcs12 gw-udp-1194-admin.p12
    tls-auth gw-udp-1194-itsgi-tls.key 1
    ns-cert-type server
    comp-lzo adaptive


Log in to reply