Skip to content

OpenVPN Open Beta

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
235 posts Page 13 of 24
Post a reply

Re: OpenVPN Open Beta

by mediahound » Sat Sep 26, 2015 1:34 pm
This speed test appears to give an accurate result when on the VPN, rather than super inflated like others:

http://speedof.me

I wish the Sonic VPN didn't have quite as much downstream speed hit. I get about 17Mbps with it on and 22Mpbs with it off. That may just be this speed tester though because interestingly, measuring actual download speeds with the VPN on, I'm actually getting a bit faster.
Last edited by mediahound on Sun Sep 27, 2015 8:09 am, edited 2 times in total.
by mikeditty » Sat Sep 26, 2015 6:40 pm
Has anyone figure out how to get pfsense to restart the openVPN tunnel after the 24 hour session expiration that is currently setup?
by forest » Sun Sep 27, 2015 11:35 am
kgc wrote:I don't believe that there is a time limit on the connection to the VPN server. Is anyone else having similar issues?
I'm having the same problem with an EdgeRouter Lite. Right around the 24 hour mark, this message appears in the router's log:

Code: Select all

openvpn[123456]:  AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate
The openvpn process then sends itself a SIGTERM and exits, causing all the devices in my house to lose connectivity until I log in to the router and manually restart the vpn client.

I found some openvpn timeout-related options that I plan to try, but I don't have high hopes that they will help, since the problem happens even when the vpn has not been idle for long. I hope there's a solution better than writing scripts to periodically restart the client. I imagine that would be difficult for some users, and it wouldn't solve the problem of established network connections being forcibly broken every day.
by netllama » Sun Sep 27, 2015 12:43 pm
I've hacked around the timeout with a simple cronjob that runs every 20 minutes. It checks whether the tun0 interface is up, and if not, restarts the openvpn service:

Code: Select all

tuncount=$(ifconfig | grep tun0 | wc -l)
if [[ ${tuncount} -ne 1 ]] ; then
    systemctl restart openvpn\@netllama.client.service > /dev/null 2>&1
    date
fi
Not ideal, but gets the job done.
by forest » Sun Sep 27, 2015 1:03 pm
netllama wrote:I've hacked around the timeout with a simple cronjob that runs every 20 minutes. It checks whether the tun0 interface is up, and if not, restarts the openvpn service:

Not ideal, but gets the job done.
Sort of. I expect all existing connections will be broken when this runs. That might not matter much for web browsing, but lots of other applications will be crippled or broken with this approach.
by netllama » Sun Sep 27, 2015 1:37 pm
forest wrote:
netllama wrote:I've hacked around the timeout with a simple cronjob that runs every 20 minutes. It checks whether the tun0 interface is up, and if not, restarts the openvpn service:

Not ideal, but gets the job done.
Sort of. I expect all existing connections will be broken when this runs. That might not matter much for web browsing, but lots of other applications will be crippled or broken with this approach.
The connections are going to be broken when the vpn goes down regardless. Nothing that the cronjob is doing is causing that problem.
by forest » Sun Sep 27, 2015 2:02 pm
netllama wrote:The connections are going to be broken when the vpn goes down regardless.
Yep. That is what I meant when I said it "sort of" gets the job done. It gets rid of the hassle of manually restarting, but it doesn't solve the underlying problem.
by pmbell » Sun Sep 27, 2015 4:35 pm
the profile I just downloaded seems to imply the server expects to renegotiate after 604800 seconds, or one full week. with client settings, you might try forcing that to smaller values - I use 4 or six hours - at which point your client should be able to force a negotiation, which may help with the 24 hour limit as some session counters will be less than 24 hours.

there are also keepalive parameters you can set on the client side - I don't see a keepalive setting in the pushed file.
Last edited by pmbell on Mon Sep 28, 2015 6:19 am, edited 1 time in total.
by mediahound » Sun Sep 27, 2015 4:52 pm
Anyone know if there's a way to get the OSX Open VPN app to connect automatically? Every time I wake my Mac I have to login again and type my Sonic password, even though I have the profile loaded.

EDIT: Looks like the app Viscosity can do this:

http://accc.uic.edu/answer/how-do-i-con ... n-mac-os-x

Verified, tried it, it works fine so far. Way better interface and features than the OpenVPN app on OSX. (The Open VPN app works fine on iOS however since it can be set to connect automatically).
by forest » Mon Sep 28, 2015 8:35 pm
svist wrote:If you could, please update the server certificate to say it's used as a server. Currently, my config gives me this warning while connecting:
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
...and as I described in previous message, turning the option on makes it impossible to connect.
I'm getting the same warning from my linux OpenVPN client. As svist described, enabling server certificate verification on my client (in an attempt to fix the problem) currently prevents the VPN from being established.
kgc wrote:I'm not sure if I can update the cert without having everyone have to to import a new connection so I may wait on that.
I'm new to OpenVPN, but the warning seems to be telling us that our clients can't distinguish Sonic's server from an impostor. Doesn't that make the VPN rather ineffective?
235 posts Page 13 of 24

Return to “Access”