Page 1 of 1

Constant Reconnects for some Users

Posted: Mon Jul 17, 2017 2:18 pm
by Seppic
We implemented a pfSense appliance running OpenVPN recently. Testing went very well with little to no issues. Now that it's been deployed to a wider user base I am seeing some consistent issues when there are some.

I am having a small handful of users who are experiencing constant reconnect prompts. It's a pretty big inconvenience for them since we also have DUO tied in, and them having to re-approve a notification on their phone every time it happens as well.

Other users experience this initially but after a 3rd or 4th time it "sticks" and then they don't have a problem for hours.

This (http://i.imgur.com/gB08ROB.png) seems to be a common issue. Connecting then getting an inactivity timeout within a few minutes after and prompting a reconnect.

I've seen some talk about modifying the keepalive time, but it's set to 10 60 by default. If there is no traffic going over the VPN for that period of time we have bigger problems obviously. I've been beating my head against Google and can't seem to find much. So basically any leads or tips would be super helpful, thanks!

Another thing the same user as the picture is experiencing is this:

Fri Jun 30 05:22:48 2017 MANAGEMENT: >STATE:1498814568,CONNECTED,SUCCESS,172.31.2.5,67.107.32.249,443,192.168.0.13,55475
Fri Jun 30 05:23:11 2017 read TCP_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Fri Jun 30 05:23:11 2017 Connection reset, restarting [-1]
Fri Jun 30 05:23:11 2017 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jun 30 05:23:11 2017 MANAGEMENT: >STATE:1498814591,RECONNECTING,connection-reset,,,,,

Being disconnected for a timeout after a minute of being connected.

Side note: Should we consider switching from TCP to UDP?

Re: Constant Reconnects for some Users

Posted: Mon Jul 17, 2017 3:26 pm
by TinCanTech
Which version of openvpn is that ?

Please see:
HOWTO: Request Help !

Re: Constant Reconnects for some Users

Posted: Mon Jul 17, 2017 6:08 pm
by Seppic
TinCanTech wrote:Which version of openvpn is that ?

Please see:
HOWTO: Request Help !


It's the latest Windows Client and it's OpenVPN running on a latest updated pfSense physical device.

Re: Constant Reconnects for some Users

Posted: Tue Jul 18, 2017 3:10 am
by TinCanTech
Seppic wrote: Connecting then getting an inactivity timeout within a few minutes
See --inactive in The Manual v24x

Re: Constant Reconnects for some Users

Posted: Wed Jul 19, 2017 3:28 pm
by Seppic

Code: Select all

The default value is 0 seconds, which disables this feature.


We haven't changed the value so that wouldn't explain it unfortunately.

Re: Constant Reconnects for some Users

Posted: Wed Jul 19, 2017 8:39 pm
by TinCanTech
No logs .. No configs .. No idea.