Running pfSense 2.0 on a Dell server, using OpenVPN Roadwarrior.
In short: Some - but only some! - vpn clients restarts every 2 minutes after "inactivity timeout, ping-restart". Seems to be some issue with the p12-file (!).
I have created 5 user-connections in pfSense, Client config exported via Client Export -> Configuration archive.
The .ovpn and .key files are identical for all users, .p12 is password protected.
Problem:
* Some Windows-users have problem with the tunnel being restarted every 2 minutes.
Due to the OpenVPN log reconnection is done in a few seconds, however for the client the vpn-connection stalls for about half a minute each time.
* On my Debian connection is not restarted.
* On my Win7 connection is restarted with delay.
Fix one: The config-file (.ovpn) created has unix-style LF/CR!
So in Windows the config is all in one single line, with no space before new line.
I fixed this with notepad, and my problems are gone.
However, for my colleague this doesn't change anything.
But when he uses my .p12 then the problems are gone, when I use his .p12 I get the restart problem (both Win & Debian)!
So it has to be related to the .p12, how is that possible?
Summary:
2 WinXP both has problem.
Out of 5 users on Win7 Pro 3 have the delay problem 2 has no problems.
Adding "ping-restart 0" doesn't help.
Details:
Setup
Firewall & vpn server:
* One pfsense box in serverhall with one public & one private ip.
* OpenVPN as Roadwarrior server, Remote Access SSL/TLS.
* Certificate created, TLS Auth uses Enable authentication of TLS packets.
* Client config exported via Client Export -> Configuration archive
Workstations:
* 4 Office workstations running Win 7.
* I run Debian Lenny in VirtualBox on one of these workstations as my main OS.
* A bunch of home 'puters & laptops running Win 7 or Win XP.
Log:
Code:
Thu Dec 1 15:44:28 2011 Initialization Sequence Completed
Thu Dec 1 15:46:17 2011 [Roadwarrior_cert] Inactivity timeout (--ping-restart), restarting
Thu Dec 1 15:46:17 2011 SIGUSR1[soft,ping-restart] received, process restarting
.ovpn:
Code:
dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote #.#.#.# 1194
tls-remote Roadwarrior cert
pkcs12 mail-udp-1194.p12
tls-auth mail-udp-1194-tls.key 1