I successfully set up OpenVPN in pfSense using RADIUS / TOTP for authentication following Tom’s videos. I exported the config and added it to my iPhone X running iOS 14.1. Everything works.
The issue is that the VPN won’t stay connected. A few minutes after the phone locks, the VPN will disconnect. Is there a way to force it to stay connected all the time?
I would look at OpenVPN logs if you haven’t already and see what it is saying about this client/server. Have you also determined this is an issue only related to iPhone/iOS, maybe try another device if possible?
I am an iPhone user and have this setup minus RADIUS and don’t have any issues. I don’t remember needing to add/setup anything specific for the server but it has been a while since I have set it up.
You might have some battery saving features on the iphone that might be affecting which applications are running.
On my android phone I can see there are Battery Saver / Reconnect on Reboot options in the settings for OpenVPN.
I do have the first ipad, but it doesn’t have the issues you describe.
The only thing that jumps out at me in the logs is ~3 min after the “EVENT: CONNECTED” is an “OS EVENT: SLEEP”… After that it doesn’t appear to ever reconnect successfully. It does attempt “EVENT: CONNECTING” but ultimately fails at user auth likely because the TOTP has changed.
I’m now wondering two things:
- Why is it losing connection to begin with?
- If i switch to local user auth instead of RADIUS + TOTP will it successfully reconnect?
I will attempt to reconfigure tonight to test #2.
I checked in the settings for both the VPN and the battery - unfortunately no dice on either. Battery isn’t in low power mode and the “Battery Save” feature in the OpenVPN app is disabled. This was definitely a good thought though as I’m pretty sure last night when testing my phone was in lower power mode. I just tested again with full battery and it’s still disconnecting
Sorry for such a delayed follow-up. I ended up rebuilding the VPN, recreating the CA, and recreating the users. None of this had any impact so I finally reverted to local user auth instead of RADIUS and everything has been working smoothly since. There is a slight delay when I first unlock the phone where the VPN is reconnecting but it is auto reconnecting with no issue.
I am curious why the VPN doesn’t just stay on even when the phone is locked but for now this is acceptable.
Thanks again for the responses and suggestions.
That’s interesting, use RADIUS for my wifi connections but not VPN figuring if that went down I wouldn’t be able to dial home. Might hold off for a while longer.