I decided to sign up for a VPN service provider to pipe some traffic out of, as VZ FiOS has been finicky with Netflix lately, causing some unnecessary and unwanted buffering (obviously). Since I already have an account with Giganews, I figured I’d sign up for their Vyprvpn/Goldenfrog VPN offering so I could setup an OpenVPN connection and just pass the IPs of some devices on my network through the tunnel to a US based Vyprvpn server. The connection is setup properly, from what I can tell, but once the connection is started…all Internet traffic just decides to die, and I can’t understand why. I don’t have any rules present to pass all of my Internet traffic through Vyprvpn, nor have I gotten to the point of creating anything to pass through it.
I’ll get a lot of these messages in the OpenVPN system log:
Mar 3 01:39:05 openvpn[41699]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19660009 / time = (1393696330) Sat Mar 1 12:52:10 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
When I’m not checking the firewall remotely, I’ll post some more logs. Here’s some screenshots of the config also. Just wanted to make sure there’s not something I’m missing here. When the connection is setup and the tunnel is up, I’ll get a 10.10.x based IP address for the Virtual IP, and a proper 216.x address as the remote IP of the Los Angeles server I’m connecting to.
Can you show us an export of your local route table with the OpenVPN client connected? One thing I had to do that helped me immensely was using “push route” statements in the advanced configuration, however I did not see those present in your configuration.
My name is Adam and I am a support technician for Golden Frog.
I would like to troubleshoot the issues that you are facing live in our chat system.
Please log into our website and use the live chat option in the lower right and we will be happy to assist you. Please join us in chat and ask for Adam.
Hey simplyzero. I see this thread is dated a few months back and I just wanted to chime in as well. I recently signed up for VyperVPN and I have intermittent issues with connection stability. Normally I would start looking at my hardware and machines but most of the problems don’t look to be caused locally. I’ll explain.
I subscribed to the premier package so I can run VyperVPN on three clients at a time. I have three clients in three separate physical locations and networks. From across the network, I’ve watched all three connections drop for a few minutes and reconnect (auto reconnect in software setting) within minutes of each other.
Connection times were compared and confirmed. Unfortunately, to have connections last for several hours then mysteriously drop and reconnect at the same time brings another question to the table.
As I’ve been testing, and per Adam’s recommendation, I changed the port number to 443 from 1194 last night to see if that would help. However, I still lost Internet connectivity. Based on looking through the OpenVPN log, it does appear that they’re pushing a 0.0.0.0/1 route to me, I assume trying to pull all the traffic through the tunnel: Mar 3 20:51:17 openvpn[98455]: Data Channel MTU parms [ L:1557 D:1450 EF:57 EB: - Pastebin.com
I did try to use --route-nopull to see if that would do the trick, but no such luck.
Unfortunately, I’ve tried to do this a couple of different times, but people keep insisting that pfsense simply “isn’t supported” and refuse to really do any troubleshooting with me.
Thanks for the update. My guess is that the OpenVPN server is pushing down a “default” route to you which is overriding your local default and instead is trying to push your Internet based traffic through the OpenVPN tunnel.
Could you try only pushing down the routes of the traffic you need to access via openVPN (split-tunnel method). To do this, you will need to use the following command in the advanced configuration of your OpenVPN section:
push “route network netmask” (include the “”)
After you have changed this, try to reconnect your OpenVPN client and observe the routes that are pushed to it. If the default route no longer looks to be pushed to your client, try to access the Internet and see if you can get out.
From the looks of what I was seeing last night, that seemed to be the case from what I could understand as well. At the time I did try to push just one route with issuing “route 10.2.1.0 255.255.255.0;” in the advanced configuration area, since that’s a subnet I don’t use currently just to see if that would apply and leave the regular Internet traffic alone on my 10.0.0.X subnet, but that didn’t seem to work. Is the “push” necessary? Maybe that’s what was throwing me off.
Actually, I take that back. I wasn’t continuing to use the “–route-nopull” before, and now I am. The tunnel is up, but guess I need to make a rule and create an interface for what specific IPs I want to route through. Strangely though, Vyprvpn keeps changing the internal IP assigned pretty often. It goes from 10.14.4.X to just random IPs every 30 seconds or so.
The tunnel will come up, but will then drop my connection to the Internet. This still shows they’re pushing and pfsense is accepting it, but not ignoring it: