Connection unstable

[LazyLizard14 11]

I'm running pfsense 2.2.3 configured pretty much like as decribed here in the forum thread. There are two simultaneous connection to AirVPN and policy based routing. It worked pretty well for months but recently I am having problems with the VPN tunnel of the connections. The tunnel is not going down completely but the traffic stalls / times out. The logs show that it keep getting reconnected:

Jul 1 10:34:52	check_reload_status: Restarting ipsec tunnels
Jul 1 10:34:52	check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 1 10:34:52	check_reload_status: Reloading filter
Jul 1 10:34:53	php-fpm[44376]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_WAN_EU_VPNV4.
Jul 1 10:35:02	check_reload_status: updating dyndns AIRVPN_WAN_EU_VPNV4
Jul 1 10:35:02	check_reload_status: Restarting ipsec tunnels
Jul 1 10:35:02	check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 1 10:35:02	check_reload_status: Reloading filter
Jul 1 10:35:03	php-fpm[52637]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_WAN_EU_VPNV4.
Jul 1 10:36:28	check_reload_status: updating dyndns AIRVPN_WAN_EU_VPNV4
Jul 1 10:36:28	check_reload_status: Restarting ipsec tunnels
Jul 1 10:36:28	check_reload_status: Restarting OpenVPN tunnels/interfaces
Jul 1 10:36:28	check_reload_status: Reloading filter
Jul 1 10:36:29	php-fpm[19763]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_WAN_EU_VPNV4.

And here the OpenVPN log:

Jul 1 10:36:16	openvpn[10983]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.1.5 255.255.0.0'
Jul 1 10:36:16	openvpn[10983]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jul 1 10:36:16	openvpn[10983]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jul 1 10:36:16	openvpn[10983]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 1 10:36:16	openvpn[10983]: OPTIONS IMPORT: LZO parms modified
Jul 1 10:36:16	openvpn[10983]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 1 10:36:16	openvpn[10983]: OPTIONS IMPORT: route-related options modified
Jul 1 10:36:16	openvpn[10983]: Preserving previous TUN/TAP instance: ovpnc1
Jul 1 10:36:16	openvpn[10983]: Initialization Sequence Completed
Jul 1 10:36:17	openvpn[11543]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jul 1 10:36:19	openvpn[11543]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.2.171 255.255.0.0'
Jul 1 10:36:19	openvpn[11543]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jul 1 10:36:19	openvpn[11543]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jul 1 10:36:19	openvpn[11543]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 1 10:36:19	openvpn[11543]: OPTIONS IMPORT: LZO parms modified
Jul 1 10:36:19	openvpn[11543]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 1 10:36:19	openvpn[11543]: OPTIONS IMPORT: route-related options modified
Jul 1 10:36:19	openvpn[11543]: Preserving previous TUN/TAP instance: ovpnc2
Jul 1 10:36:19	openvpn[11543]: Initialization Sequence Completed
Jul 1 10:36:26	openvpn[10983]: PID_ERR replay-window backtrack occurred [5] [SSL-0] [00000_0011222223333333333333333333333333333333333333333333444444] 0:286 0:281 t=1435739786[0] r=[-2,64,15,5,1] sl=[34,64,64,528]
Jul 1 10:42:49	openvpn[11543]: PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_0123456789>>>>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:570 0:569 t=1435740169[0] r=[0,64,15,1,1] sl=[6,64,64,528]
Jul 1 10:43:54	openvpn[10983]: PID_ERR replay-window backtrack occurred [7] [SSL-0] [0000000_00111111111111111111111111111111111111111111111111111111] 0:3556 0:3549 t=1435740234[0] r=[0,64,15,7,1] sl=[28,64,64,528]
Jul 1 10:44:07	openvpn[10983]: PID_ERR replay-window backtrack occurred [12] [SSL-0] [000000000000_002222222222223366666677779>>>>>>>>>>>>>>>>>>>>>>>>] 0:4818 0:4806 t=1435740247[0] r=[-2,64,15,12,1] sl=[46,64,64,528]
Jul 1 11:03:11	openvpn[11543]: PID_ERR replay-window backtrack occurred [24] [SSL-0] [000000000000000000000____000000000022222222222222222222222222222] 0:256854 0:256830 t=1435741391[0] r=[-2,64,15,24,1] sl=[42,64,64,528]
Jul 1 11:03:18	openvpn[11543]: PID_ERR replay-window backtrack occurred [28] [SSL-0] [0000000000000000000__________00000000022222222222222222222222222] 0:277636 0:277608 t=1435741398[0] r=[-4,64,15,28,1] sl=[60,64,64,528]
Jul 1 11:06:06	openvpn[11543]: PID_ERR replay-window backtrack occurred [33] [SSL-0] [00000000000000000000000000________022222222222222222222222222222] 0:1006757 0:1006724 t=1435741566[0] r=[0,64,15,33,1] sl=[55,64,64,528]
Jul 1 11:30:21	openvpn[10983]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jul 1 11:30:21	openvpn[10983]: MANAGEMENT: CMD 'state 1'
Jul 1 11:30:21	openvpn[10983]: MANAGEMENT: CMD 'status 2'
Jul 1 11:30:21	openvpn[10983]: MANAGEMENT: Client disconnected
Jul 1 11:30:21	openvpn[11543]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jul 1 11:30:21	openvpn[11543]: MANAGEMENT: CMD 'state 1'
Jul 1 11:30:21	openvpn[11543]: MANAGEMENT: CMD 'status 2'
Jul 1 11:30:21	openvpn[11543]: MANAGEMENT: Client disconnected
Jul 1 11:30:29	openvpn[10983]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jul 1 11:30:29	openvpn[10983]: MANAGEMENT: CMD 'state 1'
Jul 1 11:30:29	openvpn[10983]: MANAGEMENT: CMD 'status 2'
Jul 1 11:30:29	openvpn[10983]: MANAGEMENT: Client disconnected
Jul 1 11:30:29	openvpn[11543]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jul 1 11:30:29	openvpn[11543]: MANAGEMENT: CMD 'state 1'
Jul 1 11:30:29	openvpn[11543]: MANAGEMENT: CMD 'status 2'
Jul 1 11:30:29	openvpn[11543]: MANAGEMENT: Client disconnected
Jul 1 11:30:34	openvpn[10983]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jul 1 11:30:34	openvpn[10983]: MANAGEMENT: CMD 'state 1'
Jul 1 11:30:34	openvpn[10983]: MANAGEMENT: CMD 'status 2'
Jul 1 11:30:34	openvpn[10983]: MANAGEMENT: Client disconnected
Jul 1 11:30:34	openvpn[11543]: MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jul 1 11:30:34	openvpn[11543]: MANAGEMENT: CMD 'state 1'
Jul 1 11:30:34	openvpn[11543]: MANAGEMENT: CMD 'status 2'
Jul 1 11:30:34	openvpn[11543]: MANAGEMENT: Client disconnected

Any help appeciated

 

 

[Staff 9893]

Hello!

 

It looks like this problem:

https://airvpn.org/topic/12818-setting-up-openvpn-on-pfsense

 

Please check the above linked thread, it could provide a solution that's suitable for you too.

 

Kind regards

[LazyLizard14 11]

You mean switching over to TCP or the advanced options in the vpn client settings?

Can you confirm if the options mentioned in the guide are still correct:

remote-cert-tls server;comp-lzo no;verb 4;explicit-exit-notify 5;route-nopull;key-direction 1;auth SHA1;keysize 256;key-method 2;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA;

[zhang888 1066]

Nothing was changed from the guide, not only these parameters you posted, but even the pfSense page itself.

Changes will come soon after they move to the new bootstrap theme.

[LazyLizard14 11]

So I will give it a try with TCP.

[LazyLizard14 11]

Well, after 3 days with TCP I can say that this did not help to cure the problem.

[airsep 1]

Did you solve this? Got the same problem. Every minute the connection gets dropped its not even usable.