pfSense

First, thank you for building a awesome piece of software! This is my first bug report. I hope the information is useful.

After upgrading from 2.2.6 to 2.3 my OpenVPN remote access became very unstable. I have a pretty basic config. Remote Access with TLS & User Auth using TCP on port 443 (easy access to home through my work firewall). It has been bullet proof with 2.2.x. I assumed my config was screwed up after I upgraded so I recreated OpenVPN Server, everything including the CA and certs (user and server). Still the same issue. After a few hours of use, I would get disconnected from the OpenVPN server and it would not let me reconnect unless I either ran the openvpn_resync_all() (via the shell into pfSense) or rebooted the pfSense box. That seem more of a pfSense 2.3 oddity because with 2.2.x I could occasionally get a openvpn client connection reset and it would immediately reconnect.

I tried something interesting with pfSense 2.3 (OpenVPN 2.3.9). I ssh'd into the pfSense box and connected to the OpenVPN management socket (nc -U /var/etc/openvpn/server1.sock). I could get the status, state all, etc, no problem. What I found out was after about 30 seconds my OpenVPN client (on Ubuntu) would time out and disconnect. I tried the same exact test with pfSense 2.2.6 (OpenVPN 2.3.8) and everything stays connected. I also noticed in both cases when connected to the management socket after a few minutes would cause the openvpn process on the pfSense box to consume 100% of the CPU. When I exited out of the management socket the openvpn process would go back to normal. That seemed odd to me. I'm not sure what to make of my observation except to say that pfSense 2.3 w/ OpenVPN 2.3.9 is more frail than 2.2.x. Is it possible that pfSense 2.3 using the management socket is causing the OpenVPN Sever instability?