Project

General

Profile

Actions

Bug #11142

closed

rc.newwanip restarts VPN services when the IP matches

Added by Viktor Gurov over 1 year ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Interfaces
Target version:
Start date:
12/08/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

If DHCP on WAN interface receives the same IP, rc.newwanip restarts all services:
https://github.com/pfsense/pfsense/blob/186ef8568345d216688e56e06ba08e02c44b1711/src/etc/rc.newwanip#L229

rc.newwanipv6 in more correct in this case and restarts VPN services only if WAN is PPP interface:
https://github.com/pfsense/pfsense/blob/186ef8568345d216688e56e06ba08e02c44b1711/src/etc/rc.newwanipv6#L156


Related issues

Related to Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online stateFeedbackViktor Gurov02/27/2021

Actions
Actions #2

Updated by Renato Botelho over 1 year ago

  • Status changed from New to Feedback
  • Assignee set to Viktor Gurov
  • Target version set to 2.5.0

PR has been merged. Thanks!

Actions #3

Updated by Viktor Gurov over 1 year ago

  • % Done changed from 0 to 100
Actions #4

Updated by Danilo Zrenjanin over 1 year ago

Tested on:

2.5.0-DEVELOPMENT (amd64)
built on Thu Dec 10 03:02:47 EST 2020
FreeBSD 12.2-STABLE

It doesn't restart services anymore if the IP address stays the same after DHCP renewal, that's fine.

However, it still restarts services if you make any change at the WAN interface, no matter if you didn't change the IP address(even if you just hit apply at the wan interface without changes). Maybe there is room for improvement too.

Actions #5

Updated by Alhusein Zawi over 1 year ago

Danilo Zrenjanin wrote:

Tested on:
[...]

It doesn't restart services anymore if the IP address stays the same after DHCP renewal, that's fine.

However, it still restarts services if you make any change at the WAN interface, no matter if you didn't change the IP address(even if you just hit apply at the wan interface without changes). Maybe there is room for improvement too.

ipsec tunnel will be restarted if you hit apply at any interface. (log file shows Restarting ipsec tunnels)
applied the same steps on 2.4.5-p1 and it shows same results .
log file shows "Restarting ipsec tunnels" , ipsec tunnel in status>Ipsec is not interrupted.

Actions #6

Updated by Viktor Gurov over 1 year ago

  • Status changed from Feedback to Resolved

Alhusein Zawi wrote:

Danilo Zrenjanin wrote:

ipsec tunnel will be restarted if you hit apply at any interface. (log file shows Restarting ipsec tunnels)
applied the same steps on 2.4.5-p1 and it shows same results .
log file shows "Restarting ipsec tunnels" , ipsec tunnel in status>Ipsec is not interrupted.

This is another issue, please create a ticket
Original issue is resolved

Actions #7

Updated by Scott Silver 5 months ago

Pretty sure this breaks gateway monitoring when the WAN comes back on the same IP.

See https://redmine.pfsense.org/issues/11570?next_issue_id=11567&prev_issue_id=11572

Perhaps is there a fix where we only don't restart the ip tunnels but continue to restart the gateway monitoring?

Actions #8

Updated by Viktor Gurov 5 months ago

  • Related to Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state added
Actions #9

Updated by Viktor Gurov 5 months ago

original user issue:

"We've noticed every X hours that services restart on our pfSense FW and this results in people being kicked off the VPN.
This pfSense FW runs in AWS and has 2 interfaces rather than 1.
Log entries:

check_reload_status        rc.newwanip starting ixv1

Actions

Also available in: Atom PDF