pfSense openvpn client auto reconnect

Look like pfSense doesn’t  reconnect to VPN server when disconnect. Administrators need to reconnect/restart openVPN client service manually. This so annoying task. To solve this problem  we have to add some script do that things for us.

Shell into pfSense console

ssh [email protected]

Create shell script for ping test to VPN gateway and reconnect when fail

#!/usr/bin/env sh

if /sbin/ping -c 3 {private.vpn.gateway.ip}; then
    # Success, Nothing to do
    exit 0
else
    # Fail, Reconnect VPN
    /usr/local/sbin/pfSsh.php playback svc restart openvpn client {your openVPN client id}
fi

exit 1

Note: You will see opvnVPN client id in pfSense openVPN client config files like this /var/etc/openvpn/client{ID}.conf then use ID into script

Add cronjob for auto run script

crontab -e

*/5 * * * * /root/chkOvpn.sh > /dev/null
โซเชียล

7 Replies to “pfSense openvpn client auto reconnect”

  1. Exactly what I needed. I have one service that mysteriously goes down sometimes. Thank you so much for sharing!

  2. Thanks for the snippet! This works for OPNSense to restart the OpenVPN client.

    #!/usr/bin/env sh
    VPNSRCIP=”$(/sbin/ifconfig ovpnc1 | grep ‘inet ‘ | cut -f1 -d ‘-‘ | awk ‘{ print $2}’)”
    if /sbin/ping -S “${VPNSRCIP}” -c 3 1.0.0.1; then
    # Success, Nothing to do
    exit 0
    else
    # Fail, Reconnect VPN
    configctl openvpn reload
    fi

    exit 1

  3. Thanks for the snippet! This code works for OPNSense and pings the gateway address, restarting the OpenVPN service if no connection. It should work with PFSense as well with your snippet!

    #!/usr/bin/env sh
    VPNSRCIP=”$(/sbin/ifconfig ovpnc1 | grep ‘inet ‘ | cut -f1 -d ‘-‘ | awk ‘{ print $2}’)”
    VPNGWIP=”$(/sbin/ifconfig ovpnc1 | grep ‘inet ‘ | cut -d ‘ ‘ -f 4)”
    if /sbin/ping -S “${VPNSRCIP}” -c 3 “${VPNGWIP}”; then
    # Success, Nothing to do
    exit 0
    else
    # Fail, Reconnect VPN
    configctl openvpn reload
    fi

    exit 1

  4. thanks for the snippet.

    in my case (PFSense 2.4.3) the id was different ..

    Note: You will see opvnVPN client id on address bar in pfSense openVPN client edit page like this https://your.pfSense.ip/vpn_openvpn_client.php?act=edit&id=0 then use id + 1 into script
    would give id = 1 .. but it turned out to be id = 3

    this id=3 i could find in the dashboard below the services tab ..
    the services were :
    openvpn
    openvpn_2
    openvpn_3

    and i needed to restart the 3rd of them..

  5. Thanks for sharing! I love your slogan, something to live by!

    I think what you are describing could be linked to the same that plagues OPNSense also.

    My turn…

    On both forms of OpenBSD firewalls (PFSense and OPNSense) openvpn can seeming get stuck in reconnecting while it thinks it is already connected (PID existing) so this script will find the PID, Kill and restart the connection. I use it manually, but it could be tied to an if, else statement too I suppose.

    Only tested on OPNSense, slight modifications could be needed for PFSense.

    ###

    #!/usr/bin/env sh
    PID=ps auxww | grep openvpn | grep -v grep | awk '{print $2}'
    echo “Killing OpenVPN at $PID”
    sleep 05
    kill -9 $PID
    sleep 05
    echo “Restarting OpenVPN”
    /usr/local/sbin/openvpn –config /var/etc/openvpn/client1.conf
    exit 0

Leave a Reply