Netgate m1n1wall

Author Topic: Unable to maintain an OpenVPN connection longer than 3 seconds.  (Read 809 times)

0 Members and 1 Guest are viewing this topic.

Offline see2k

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Hello group,

I will try to make this as detailed as possible.

Brief history, IN march of 2012, i had to reissue new server certs because the existing one's had expired. I reissued the new server certs to the pfsense openvpn, and generated new certs for my users who had to have their keys renewed. All was well until April, when 1 then 2 then more engineers began to experience brief connection periods and then get disconnected randomly.

At first, the OpenVPN connection would last for a few hours, then an hour, then down to 1 minute, and now finally I am only able to stay connected 3 seconds before the VPN tunnel is broken. This is identical to the problems my users are experiencing as well.  The logs (which I will add below) show no particular reason why the disconnection is occuring.

No firewall changes have been made (ever) and the server doesn't have a duplicate IP issue.

Interestingly enough my site-to-site vpn users have had no problems before or after the Cert updates and continue to function without any issues. The users who are having problems are those who are using their public/private certs with server public cert connections via network managers (in ubuntu and fedora) or are using the Command line/configuration based mechanism.



I have attached the logs, however, Pfsense openvpn logs doesn't show anything other than a connection attempt from the client.

I'm lost and have no idea why the vpn will no longer service a connection for more than 3 seconds?

Thank you for any help, and I can provide any information.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Unable to maintain an OpenVPN connection longer than 3 seconds.
« Reply #1 on: June 21, 2012, 06:16:58 pm »
The server log would probably be more telling than the client's log. That sounds like what happens when multiple clients are sharing a cert, one connects and knocks off another, then that one reconnects and knocks off the previous, over and over.