pfSense Gold Subscription

Author Topic: OpenVPN Client disconnects every few seconds - ExpressVPN  (Read 220 times)

0 Members and 1 Guest are viewing this topic.

Offline dvs23

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
OpenVPN Client disconnects every few seconds - ExpressVPN
« on: November 10, 2017, 06:27:53 pm »
Hey!

I have a problem with my OpenVPN client on my pfSense 2.4.1-RELEASE firewall, running on an Up Squared. The client (seemingly successful) connects to some ExpressVPN server, but disconnects every few seconds ending in huge packet losses etc.

Log:

Code: [Select]
Nov 11 01:18:19 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000004 rwflags=0x0002 arg=0x00000004 [scalable]
Nov 11 01:18:19 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:19 openvpn 49480 PO_CTL rwflags=0x0001 ev=7 arg=0x00000004
Nov 11 01:18:19 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x00000004 [scalable]
Nov 11 01:18:19 openvpn 49480 MANAGEMENT: CMD 'status 2'
Nov 11 01:18:19 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:19 openvpn 49480 PO_CTL rwflags=0x0002 ev=7 arg=0x00000004
Nov 11 01:18:19 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000004 rwflags=0x0002 arg=0x00000004 [scalable]
Nov 11 01:18:19 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:19 openvpn 49480 PO_CTL rwflags=0x0001 ev=7 arg=0x00000004
Nov 11 01:18:19 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000011 rwflags=0x0001 arg=0x00000004 [scalable]
Nov 11 01:18:19 openvpn 49480 PO_DEL ev=7
Nov 11 01:18:19 openvpn 49480 MANAGEMENT: Client disconnected
Nov 11 01:18:19 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:19 openvpn 49480 PO_CTL rwflags=0x0001 ev=4 arg=0x00000004
Nov 11 01:18:19 openvpn 6074 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Nov 11 01:18:19 openvpn 6074 MANAGEMENT: CMD 'state 1'
Nov 11 01:18:19 openvpn 6074 MANAGEMENT: CMD 'status 2'
Nov 11 01:18:19 openvpn 6074 MANAGEMENT: Client disconnected
Nov 11 01:18:20 openvpn 49480 PO_WAIT[2,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00000004 [scalable]
Nov 11 01:18:20 openvpn 49480 MULTI: REAP range 160 -> 176
Nov 11 01:18:20 openvpn 49480 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Nov 11 01:18:20 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:20 openvpn 49480 PO_CTL rwflags=0x0002 ev=7 arg=0x00000004
Nov 11 01:18:20 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000004 rwflags=0x0002 arg=0x00000004 [scalable]
Nov 11 01:18:20 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:20 openvpn 49480 PO_CTL rwflags=0x0001 ev=7 arg=0x00000004
Nov 11 01:18:20 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x00000004 [scalable]
Nov 11 01:18:20 openvpn 49480 MANAGEMENT: CMD 'status 2'
Nov 11 01:18:20 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:20 openvpn 49480 PO_CTL rwflags=0x0002 ev=7 arg=0x00000004
Nov 11 01:18:20 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000004 rwflags=0x0002 arg=0x00000004 [scalable]
Nov 11 01:18:20 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:20 openvpn 49480 PO_CTL rwflags=0x0001 ev=7 arg=0x00000004
Nov 11 01:18:20 openvpn 49480 PO_WAIT[3,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x00000004 [scalable]
Nov 11 01:18:20 openvpn 49480 MANAGEMENT: CMD 'quit'
Nov 11 01:18:20 openvpn 49480 PO_DEL ev=7
Nov 11 01:18:20 openvpn 49480 MANAGEMENT: Client disconnected
Nov 11 01:18:20 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:20 openvpn 49480 PO_CTL rwflags=0x0001 ev=4 arg=0x00000004
Nov 11 01:18:30 openvpn 49480 MULTI: REAP range 176 -> 192
Nov 11 01:18:30 openvpn 49480 MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Nov 11 01:18:30 openvpn 49480 MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Nov 11 01:18:30 openvpn 49480 MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Nov 11 01:18:30 openvpn 49480 SCHEDULE: schedule_find_least NULL
Nov 11 01:18:41 openvpn 49480 MULTI: REAP range 192 -> 208
Nov 11 01:18:41 openvpn 49480 MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Nov 11 01:18:41 openvpn 49480 MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Nov 11 01:18:41 openvpn 49480 MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Nov 11 01:18:41 openvpn 49480 SCHEDULE: schedule_find_least NULL

It is not a problem of my internet connection - when I use the config of ExpressVPN on a computer in the network (with disabled VPN client on my pfSense firewall), there are no disconnects.

/var/etc/openvpn/client2.conf:
Code: [Select]
dev ovpnc2
verb 3
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.0.17
tls-client
client
lport 0
management /var/etc/openvpn/client2.sock unix
remote germany-frankfurt-1-ca-version-2.expressnetw.com 1195
auth-user-pass /var/etc/openvpn/client2.up
auth-retry nointeract
ca /var/etc/openvpn/client2.ca
cert /var/etc/openvpn/client2.cert
key /var/etc/openvpn/client2.key
tls-auth /var/etc/openvpn/client2.tls-auth 1
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
resolv-retry infinite
route-nopull
fast-io
persist-key
persist-tun
remote-random
pull
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
sndbuf 524288
rcvbuf 524288

OVPN from ExpressVPN:
Code: [Select]
dev tun
fast-io
persist-key
persist-tun
nobind
remote germany-frankfurt-1-ca-version-2.expressnetw.com 1195

remote-random
pull
comp-lzo
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

Guide I followed for setting the stuff up:
https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/

What else do you need?

Thanks in advance

dvs23

Offline tagit446

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +1/-0
    • View Profile
Re: OpenVPN Client disconnects every few seconds - ExpressVPN
« Reply #1 on: November 13, 2017, 03:29:59 am »
I'm having the exact same problem. ExpressVPN directed me to the pfSense forum.. so they have no idea. They said their setup guide was written by one of their customers.
pfSense v2.4.1 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline dvs23

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Client disconnects every few seconds - ExpressVPN
« Reply #2 on: November 19, 2017, 11:13:42 am »
Someone any idea how to solve this? Or at least what's the problem here?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21312
  • Karma: +1423/-26
    • View Profile
Re: OpenVPN Client disconnects every few seconds - ExpressVPN
« Reply #3 on: November 20, 2017, 10:17:25 am »
Quote
Code: [Select]
Nov 11 01:18:20 openvpn 49480 MANAGEMENT: Client disconnected

That does not mean openvpn disconnected. That means that the GUI status page or widget probed the openvpn service and then disconnected from the management interface. Your logs are probably too verbose to see what's actually happening. Turn down the logging to verb 3 or 4, and ignore any line with MANAGEMENT in it.

I know your config claims it's only using verb 3 but that looks like a lot higher log detail than 3.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline dimangelid

  • Newbie
  • *
  • Posts: 12
  • Karma: +2/-1
    • View Profile
Re: OpenVPN Client disconnects every few seconds - ExpressVPN
« Reply #4 on: November 20, 2017, 10:21:23 am »
Someone any idea how to solve this? Or at least what's the problem here?

I had similar issues from 2.3 versions, I also had disconnects from my computer. not with expressvpn but with another provider.

The disconnects disappeared when I disabled gateway monitoring both at my default gateway and the VPN gateway.

Login to your pfSense and visit System/Routing/Gateways. Click the edit button at your default gateway and at your VPN gateway and put a tick on "Disable Gateway Monitoring" and "Disable Gateway Monitoring Action" . Save your settings and reboot your router in order to make sure that they are applied.

Offline dvs23

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Client disconnects every few seconds - ExpressVPN
« Reply #5 on: November 20, 2017, 01:17:59 pm »
Wow! That's it! Previously I had huge packet loss rates (50% and more), nor everything seems to be fine (means not a single packet lost after 100 pings :))) Thank you!!
I will send ExpressVPN a link to this thread so they know it's not really their fault :)