Bug #11942
closed
Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces
0%
Description
Netgate SG-2100
21.02.2-RELEASE (arm64)
I have a cable modem plugged into WAN getting a DHCP address from a provider.
I have the 4 port switch configured each with their own VLAN. I followed the SG2100 guide. All except port 1. I left port one as an access port, and lan port, and left it alone.
Here is a copy and paste:
SG-2100 Switch 802.1Q VLANs
EnableEnable 802.1q VLAN mode
If enabled, packets with unknown VLAN tags will be dropped.
VLAN table
VLAN group VLAN tag Members Description Action
0 1 1,5 Default System VLANDefault System VLAN
1 4084 4,5t LAN Switch Port 4
2 4083 3,5t LAN Switch Port 3
3 4082 2,5t LAN Switch Port 2
LAN1 - mvneta1
LAN4VZW - VLAN 4084 on mvneta1
WAN - mvneta0
When I pull the cable from the WAN. The TCP OpenVPN running over LAN4VZW stops instantly, and will not work again until I plug the cable back into the WAN.
I tested just internet failure, and leaving the interface up. I had someone unscrew the coax from the back of the modem, and let the gateway fail, and the VPN did not stop working running over LAN4VZW.
I also tested the reverse. If I unplug a cable from LAN4VZW, the VPN on WAN keeps on trucking.
VPN on WAN:
WAN UDP4 / 45465
(TUN)
VPN on LAN4VZW:
LAN4VZW TCP4 / 45465
(TUN)
Both have the same mode:
Mode: Remote Access ( SSL/TLS + User Auth )
Data Ciphers: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305, AES-256-CBC
Digest: SHA1
D-H Params: 4096 bits
Different users/same users, makes no difference.
tun layer 3 vpn/tcp on ipv4 only with the specific interface selected in each config respectivly.
subnet topology with different unused /24 subnets dedicated to each VPN.
Gateway creation ipv4 only.
Updated by 
Updated by 
Updated by Viktor Gurov