OPENVPN connection restarts
Dear Experts
I have my servers running in housing center, all of them are virtual, protected by pfsense firewall. Directly on this firewall I created OpenVPN, created certificates, created users and ditsributed client software.
Now I am sitting in my home office with my wife, we have exactly same configuration of workstation computers but while when I connect to OpenVPN, I can see no restarts from 8 a.m. in the morning, her VPN client is full of restarts, maybe every 5-10 minutes,
Her restarts are initiated by this command (client side)
[ovpn.chubbable.com] Inactivity timeout (--ping-restart), restarting
Do you have any idea why? And how to troubleshoot problem?
Many thanks
Vladimir
I have my servers running in housing center, all of them are virtual, protected by pfsense firewall. Directly on this firewall I created OpenVPN, created certificates, created users and ditsributed client software.
Now I am sitting in my home office with my wife, we have exactly same configuration of workstation computers but while when I connect to OpenVPN, I can see no restarts from 8 a.m. in the morning, her VPN client is full of restarts, maybe every 5-10 minutes,
Her restarts are initiated by this command (client side)
[ovpn.chubbable.com] Inactivity timeout (--ping-restart), restarting
Do you have any idea why? And how to troubleshoot problem?
Many thanks
Vladimir
ASKER
Dear Dipraj
many thanks for your comments. I have checked connection and it is good. No problem with dropouts at all. For duplicate-cn, I setup server to ALLOW it originally, but as part of testing I disabled this, i.e. only one connection with one CN is allowed. I have also create client overide rule to give my wife static IP (just curious whether there could be any problem in dynamic assignment of IP), but no, it is still the same.
What do you advice more to test?
many thanks
Vladimir
many thanks for your comments. I have checked connection and it is good. No problem with dropouts at all. For duplicate-cn, I setup server to ALLOW it originally, but as part of testing I disabled this, i.e. only one connection with one CN is allowed. I have also create client overide rule to give my wife static IP (just curious whether there could be any problem in dynamic assignment of IP), but no, it is still the same.
What do you advice more to test?
many thanks
Vladimir
Maybe a little shotgunning (is that a word?):
Do you know what she is doing when it drops? Is it possible that she is doing anything with networking, or anything that might try and take over ports already in use?
Also, I assume you have disabled the no-activity timer on the VPN app and server (if they have one)?
How many other people are using it? I have seen heavy network congestion drop connections as well, but that would be effecting you as well.
Have you tried a different protocol on her machine? One of the VPN's I subscribe to has trouble with PPTP connections, dropping them all the time, but never drops with L2TP. Why that should make a difference is beyond me, but I have seen it.
Is there any difference between your machine and your wife's machine, and any difference in your local router for the two machine?
One of OpenVPN's suggestion is to disable local firewalls and see if the problem goes away. As much a I dislike that solution, could it be a local firewall issue on her machine?
Is her machine slower than yours by any chance? Maybe it can't keep up with SPIs on that machine, loose a packet, and disconnect. I have seen this as well.
Are you both using the same protocol? (udp or tcp?)
Are your MTU settings the same on both machines? If not, her's could be missing packets.
Have you examined the log files? Anything like this: ...MULTI: packet dropped due to output saturation (multi_process_incoming_tu
I can keep going, as there are so many reasons why it could happen.
Do you know what she is doing when it drops? Is it possible that she is doing anything with networking, or anything that might try and take over ports already in use?
Also, I assume you have disabled the no-activity timer on the VPN app and server (if they have one)?
How many other people are using it? I have seen heavy network congestion drop connections as well, but that would be effecting you as well.
Have you tried a different protocol on her machine? One of the VPN's I subscribe to has trouble with PPTP connections, dropping them all the time, but never drops with L2TP. Why that should make a difference is beyond me, but I have seen it.
Is there any difference between your machine and your wife's machine, and any difference in your local router for the two machine?
One of OpenVPN's suggestion is to disable local firewalls and see if the problem goes away. As much a I dislike that solution, could it be a local firewall issue on her machine?
Is her machine slower than yours by any chance? Maybe it can't keep up with SPIs on that machine, loose a packet, and disconnect. I have seen this as well.
Are you both using the same protocol? (udp or tcp?)
Are your MTU settings the same on both machines? If not, her's could be missing packets.
Have you examined the log files? Anything like this: ...MULTI: packet dropped due to output saturation (multi_process_incoming_tu
I can keep going, as there are so many reasons why it could happen.
hi..Vladimir,
kindly test in this way
1. if you both are using same ISP at the same time-----then try different ISP ---means if you are using office internet then the other person should use mobile hotspot or some other source of internet and check
2. after the first test....change one of vpn clinet ip range -- suppose you are using 192.168.1.2 then the other person should use 192.168.2.2 and check the result
3.if you are using TCP ports, if possible kindly configure the same on UDP port and check again.
general following ports are using in openvpn---->
UDP ports 1194, 1197, 1198, 8080, 9201,53 and TCP ports 502, 501, 443, 110, 80
kindly test in this way
1. if you both are using same ISP at the same time-----then try different ISP ---means if you are using office internet then the other person should use mobile hotspot or some other source of internet and check
2. after the first test....change one of vpn clinet ip range -- suppose you are using 192.168.1.2 then the other person should use 192.168.2.2 and check the result
3.if you are using TCP ports, if possible kindly configure the same on UDP port and check again.
general following ports are using in openvpn---->
UDP ports 1194, 1197, 1198, 8080, 9201,53 and TCP ports 502, 501, 443, 110, 80
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
1. first you check continuous ping response from both end public ip......if it drops more than 3 times....then it may create problem.
2. Secondly- ‘duplicate-cn ‘ is not recommended in open vpn because then two connections with same common name are allowed.so one certificate can be used by more than one connection.
Else every vpn certificate must have their own CN, so every connection have one unique certificate