Bug #9709
closed
OpenVPN "Peer to peer server Statistics" show wrong status of connection
0%
Description
Server and client both on pfSense Version 2.4.4-RELEASE-p3 (amd64).
In Peer to Peer ( SSL/TLS ) OpenVPN there is problems with link detection on Server side, in GUI on main page and in Status -> OpenVPN Server side show that connection is down, but on client side link is UP in Statistics and traffic flows by tunnel without any problems. This bug can be reproduced with:
1. Initial setup in server and than client side, both connection on server and client side in status is showing up;
2. Than restart WAN (or reboot) OpenVPN client router (<90 sec), and links in statistics on Server side will down and did not change to "up" state, even if link is really up and works;
3. If make "Save" on OpenVPN setup of server side, link will up in statistics until OpenVPN client WAN reconnects or reboot.
I have try same with usual non-pfSense router as client in Peer to Peer (SSL/TLS) , and problem same - after client (router) reconnection on Server (pfSense) statistics link is showing down, on client (router) - link is showing as up and tunnel works without any issues.
In Peer to Peer ( Shared Key ) statistics is works without any problems, bug is related only for Peer to Peer ( SSL/TLS ) and for Server side of pfSense only.
Updated by Jim Pingle almost 6 years ago
- Status changed from New to Not a Bug
I can't reproduce this as stated. No amount of restarting WAN, rebooting, or restarting OpenVPN on the client side results in a bad status on the server. It always shows the client connected. I'm trying it on 2.5.0, though. If you can still reproduce it on 2.5.0, try to figure out what other factors may be contributing here. There must be something else involved that is causing it to display the status incorrectly for you.
Updated by Dmitry Kuleshov almost 6 years ago
I don't have 2.5 version runed on production environment, only stable versions (2.4.4-p3). Did you try it with Peer to Peer ( SSL/TLS ) with certificates installed and TLS key for Authentication?
Updated by Jim Pingle almost 6 years ago
Yes, that is the config I used. Maybe post on the forum to see if anyone else sees the same behavior.
Updated by Dmitry Kuleshov almost 6 years ago
It's very weird, that in Shared Key config status shows correctly link state.
In Peer to Peer ( SSL/TLS ) mode i have tried add "keepalive 2 5" in Custom options on Server side (if type high values, it did not help in client reconnection, but on client reboot higher values works, it's important that keepalive was lower, than client reconnection time take), and seems that it helps shows correct link state on Server side.
Seems that client make "reconnection" very fast, that Server status did not catch new connect in default pfSense's "keepalive 10 120" or something look like this.
Updated by Jim Pingle almost 6 years ago
I still can't reproduce anything like that here. pfSense only reports what the OpenVPN management daemon reports, though. If you can somehow manage to reproduce that with OpenVPN itself you might file a bug upstream with them. This site is not for support or diagnostic discussion, though. If you wish to continue this discussion, please post on the Netgate Forum.