LazyLizard14 11 Posted ... I'm running pfsense 2.2.3 configured pretty much like as decribed here in the forum thread. There are two simultaneous connection to AirVPN and policy based routing. It worked pretty well for months but recently I am having problems with the VPN tunnel of the connections. The tunnel is not going down completely but the traffic stalls / times out. The logs show that it keep getting reconnected: Jul 1 10:34:52 check_reload_status: Restarting ipsec tunnels Jul 1 10:34:52 check_reload_status: Restarting OpenVPN tunnels/interfaces Jul 1 10:34:52 check_reload_status: Reloading filter Jul 1 10:34:53 php-fpm[44376]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_WAN_EU_VPNV4. Jul 1 10:35:02 check_reload_status: updating dyndns AIRVPN_WAN_EU_VPNV4 Jul 1 10:35:02 check_reload_status: Restarting ipsec tunnels Jul 1 10:35:02 check_reload_status: Restarting OpenVPN tunnels/interfaces Jul 1 10:35:02 check_reload_status: Reloading filter Jul 1 10:35:03 php-fpm[52637]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_WAN_EU_VPNV4. Jul 1 10:36:28 check_reload_status: updating dyndns AIRVPN_WAN_EU_VPNV4 Jul 1 10:36:28 check_reload_status: Restarting ipsec tunnels Jul 1 10:36:28 check_reload_status: Restarting OpenVPN tunnels/interfaces Jul 1 10:36:28 check_reload_status: Reloading filter Jul 1 10:36:29 php-fpm[19763]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_WAN_EU_VPNV4. And here the OpenVPN log: Jul 1 10:36:16 openvpn[10983]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.1.5 255.255.0.0' Jul 1 10:36:16 openvpn[10983]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Jul 1 10:36:16 openvpn[10983]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jul 1 10:36:16 openvpn[10983]: OPTIONS IMPORT: timers and/or timeouts modified Jul 1 10:36:16 openvpn[10983]: OPTIONS IMPORT: LZO parms modified Jul 1 10:36:16 openvpn[10983]: OPTIONS IMPORT: --ifconfig/up options modified Jul 1 10:36:16 openvpn[10983]: OPTIONS IMPORT: route-related options modified Jul 1 10:36:16 openvpn[10983]: Preserving previous TUN/TAP instance: ovpnc1 Jul 1 10:36:16 openvpn[10983]: Initialization Sequence Completed Jul 1 10:36:17 openvpn[11543]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Jul 1 10:36:19 openvpn[11543]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.2.171 255.255.0.0' Jul 1 10:36:19 openvpn[11543]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Jul 1 10:36:19 openvpn[11543]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jul 1 10:36:19 openvpn[11543]: OPTIONS IMPORT: timers and/or timeouts modified Jul 1 10:36:19 openvpn[11543]: OPTIONS IMPORT: LZO parms modified Jul 1 10:36:19 openvpn[11543]: OPTIONS IMPORT: --ifconfig/up options modified Jul 1 10:36:19 openvpn[11543]: OPTIONS IMPORT: route-related options modified Jul 1 10:36:19 openvpn[11543]: Preserving previous TUN/TAP instance: ovpnc2 Jul 1 10:36:19 openvpn[11543]: Initialization Sequence Completed Jul 1 10:36:26 openvpn[10983]: PID_ERR replay-window backtrack occurred [5] [SSL-0] [00000_0011222223333333333333333333333333333333333333333333444444] 0:286 0:281 t=1435739786[0] r=[-2,64,15,5,1] sl=[34,64,64,528] Jul 1 10:42:49 openvpn[11543]: PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_0123456789>>>>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:570 0:569 t=1435740169[0] r=[0,64,15,1,1] sl=[6,64,64,528] Jul 1 10:43:54 openvpn[10983]: PID_ERR replay-window backtrack occurred [7] [SSL-0] [0000000_00111111111111111111111111111111111111111111111111111111] 0:3556 0:3549 t=1435740234[0] r=[0,64,15,7,1] sl=[28,64,64,528] Jul 1 10:44:07 openvpn[10983]: PID_ERR replay-window backtrack occurred [12] [SSL-0] [000000000000_002222222222223366666677779>>>>>>>>>>>>>>>>>>>>>>>>] 0:4818 0:4806 t=1435740247[0] r=[-2,64,15,12,1] sl=[46,64,64,528] Jul 1 11:03:11 openvpn[11543]: PID_ERR replay-window backtrack occurred [24] [SSL-0] [000000000000000000000____000000000022222222222222222222222222222] 0:256854 0:256830 t=1435741391[0] r=[-2,64,15,24,1] sl=[42,64,64,528] Jul 1 11:03:18 openvpn[11543]: PID_ERR replay-window backtrack occurred [28] [SSL-0] [0000000000000000000__________00000000022222222222222222222222222] 0:277636 0:277608 t=1435741398[0] r=[-4,64,15,28,1] sl=[60,64,64,528] Jul 1 11:06:06 openvpn[11543]: PID_ERR replay-window backtrack occurred [33] [SSL-0] [00000000000000000000000000________022222222222222222222222222222] 0:1006757 0:1006724 t=1435741566[0] r=[0,64,15,33,1] sl=[55,64,64,528] Jul 1 11:30:21 openvpn[10983]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jul 1 11:30:21 openvpn[10983]: MANAGEMENT: CMD 'state 1' Jul 1 11:30:21 openvpn[10983]: MANAGEMENT: CMD 'status 2' Jul 1 11:30:21 openvpn[10983]: MANAGEMENT: Client disconnected Jul 1 11:30:21 openvpn[11543]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jul 1 11:30:21 openvpn[11543]: MANAGEMENT: CMD 'state 1' Jul 1 11:30:21 openvpn[11543]: MANAGEMENT: CMD 'status 2' Jul 1 11:30:21 openvpn[11543]: MANAGEMENT: Client disconnected Jul 1 11:30:29 openvpn[10983]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jul 1 11:30:29 openvpn[10983]: MANAGEMENT: CMD 'state 1' Jul 1 11:30:29 openvpn[10983]: MANAGEMENT: CMD 'status 2' Jul 1 11:30:29 openvpn[10983]: MANAGEMENT: Client disconnected Jul 1 11:30:29 openvpn[11543]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jul 1 11:30:29 openvpn[11543]: MANAGEMENT: CMD 'state 1' Jul 1 11:30:29 openvpn[11543]: MANAGEMENT: CMD 'status 2' Jul 1 11:30:29 openvpn[11543]: MANAGEMENT: Client disconnected Jul 1 11:30:34 openvpn[10983]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jul 1 11:30:34 openvpn[10983]: MANAGEMENT: CMD 'state 1' Jul 1 11:30:34 openvpn[10983]: MANAGEMENT: CMD 'status 2' Jul 1 11:30:34 openvpn[10983]: MANAGEMENT: Client disconnected Jul 1 11:30:34 openvpn[11543]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jul 1 11:30:34 openvpn[11543]: MANAGEMENT: CMD 'state 1' Jul 1 11:30:34 openvpn[11543]: MANAGEMENT: CMD 'status 2' Jul 1 11:30:34 openvpn[11543]: MANAGEMENT: Client disconnected Any help appeciated Quote Share this post Link to post
Staff 10014 Posted ... Hello! It looks like this problem:https://airvpn.org/topic/12818-setting-up-openvpn-on-pfsense Please check the above linked thread, it could provide a solution that's suitable for you too. Kind regards Quote Share this post Link to post
LazyLizard14 11 Posted ... You mean switching over to TCP or the advanced options in the vpn client settings?Can you confirm if the options mentioned in the guide are still correct: remote-cert-tls server;comp-lzo no;verb 4;explicit-exit-notify 5;route-nopull;key-direction 1;auth SHA1;keysize 256;key-method 2;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA; Quote Share this post Link to post
zhang888 1066 Posted ... Nothing was changed from the guide, not only these parameters you posted, but even the pfSense page itself.Changes will come soon after they move to the new bootstrap theme. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
LazyLizard14 11 Posted ... Well, after 3 days with TCP I can say that this did not help to cure the problem. Quote Share this post Link to post
airsep 1 Posted ... Did you solve this? Got the same problem. Every minute the connection gets dropped its not even usable. Quote Share this post Link to post