Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - scm

Pages: [1]
1
OpenVPN / Re: Once a week OpenVPN tunnel drop in 2.2.[x]
« on: May 13, 2015, 12:02:29 pm »
Fixed.

It appears I've figured out what was causing this, but not exactly why it was causing it.

The two locations having this problem each use their own 4G router as a backup WAN (set as tier 2 in a failover group that the LAN points to), and the router is set to automatically reboot every Sunday morning. When I tested by initiating a reboot of the 4G router with a running ping to the remote LAN network, sure enough the tunnel stopped passing traffic about 30 seconds after beginning the reboot. This happened reliably when trying it for both locations. Once again, going into the remote firewall and restarting the OpenVPN client connection brought it back.

So now it's a curiousity why bouncing a tier 2 and not-currently-active WAN connection would break an OpenVPN tunnel.

2
OpenVPN / Once a week OpenVPN tunnel drop in 2.2.[x]
« on: May 07, 2015, 03:42:23 pm »
Since updating from 2.1.5 to 2.2.1 at two different locations (one is now at 2.2.2), each respective OpenVPN tunnel to our HQ has stopped passing traffic almost like clockwork once a week on Sunday, although both sides still show the connection being up (by green arrow). The fix right now is to log into these two remote firewalls and restart the OpenVPN client service - this brings it back quickly. The HQ firewall (still at version 2.1.5) is set up as the OpenVPN server and the remote locations clients.

These are the client configs:

site 1 client

dev ovpnc3
dev-type tun
tun-ipv6
dev-node /dev/tun3
writepid /var/run/openvpn_client3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local [public IP redacted]
lport 0
management /var/etc/openvpn/client3.sock unix
remote [URL redacted] 1192
ifconfig 172.22.1.22 172.22.1.21
route 192.168.0.0 255.255.255.0
secret /var/etc/openvpn/client3.secret
comp-lzo adaptive
resolv-retry infinite

site 1 server

dev ovpns8
dev-type tun
tun-ipv6
dev-node /dev/tun8
writepid /var/run/openvpn_server8.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 127.0.0.1
ifconfig 172.22.1.21 172.22.1.22
lport 1192
management /var/etc/openvpn/server8.sock unix
push "route 192.168.0.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
secret /var/etc/openvpn/server8.secret
comp-lzo

site 2 client

dev ovpnc2
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local [public IP redacted]
lport 0
management /var/etc/openvpn/client2.sock unix
remote [URL redacted] 1190
ifconfig 172.22.1.30 172.22.1.29
route 192.168.0.0 255.255.255.0
secret /var/etc/openvpn/client2.secret
comp-lzo yes
resolv-retry infinite

site 2 server

dev ovpns10
dev-type tun
tun-ipv6
dev-node /dev/tun10
writepid /var/run/openvpn_server10.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 127.0.0.1
ifconfig 172.22.1.29 172.22.1.30
lport 1190
management /var/etc/openvpn/server10.sock unix
push "route 192.168.0.0 255.255.255.0"
route 192.168.9.0 255.255.255.0
secret /var/etc/openvpn/server10.secret
comp-lzo

Could this have anything to do with the server still being at 2.1.5? Any help you could offer would be appreciated.  :D

Pages: [1]