Bug #12310
closed
WAN drop crashes OpenVPN, doesn't restart
0%
Description
Under pfSense CE 2.50, with an active OpenVPN tunnel to my ISP's VPN, unplugging the WAN cable crashes the OpenVPN client, which then fails to restart, leaving the VPN dead until I manually restart it. The crash occurs about ~1 min after disconnecting the cable, and is completely reproducible.
The OpenVPN log contains the relevant lines
Aug 27 hh:mm:ss openvpn 48798 Exiting due to fatal error
Aug 27 hh:mm:ss openvpn 48798 TCP/UDP: Socket bind failed on local address [AF_INET]aaa.bbb.ccc.ddd:0: Can't assign requested address (errno=49)
where "aaa.bbb.ccc.ddd" is the former IP address of the WAN interface (WAN gets its IP via DHCP). Before OpenVPN crashes, the system/general log contains ~50 repeated messages of the form:
arpresolve: can't allocate llinfo for aaa.bbb.ccc.ddd on igb0
where igb0 is the WAN interface.
Manually restarting the relevant OpenVPN client works, but obviously that's not a good solution.
Installing Service Watchdog, and configuring it to watch the relevant OpenVPN client instance, appears to work. Probably this should be the default?
Updated by b b over 3 years ago
(I forgot to note that, of course, I replugged the cable after OpenVPN crashed, and the WAN interface properly got a new IP (same as the old IP) from my ISP's DHCP server).
Updated by Jim Pingle over 3 years ago
- Category changed from VPN (Multiple Types) to OpenVPN
- Status changed from New to Not a Bug
I can't reproduce this here, there must be some other aspect of your configuration or environment contributing to the problem.
The errors you list typically indicate that it's still attempting to use the old address but once DHCP places a new address on the interface it should be restarting the service again with the new address.
Additionally, you say you are on 2.5.0 which is several versions out of date. Update to 2.5.2 and try again. If you can still replicate the problem there, try again on a 2.6.0 snapshot. If you can still replicate the problem there, please post on the Netgate Forum to discuss your issue in more detail to find out what it is about your setup that is leading to this condition. If we can find a way to replicate it in lab conditions, then this can be reopened or a new issue created with more accurate details.
Updated by b b over 3 years ago
Jim Pingle wrote in #note-2:
I can't reproduce this here, there must be some other aspect of your configuration or environment contributing to the problem.
The errors you list typically indicate that it's still attempting to use the old address but once DHCP places a new address on the interface it should be restarting the service again with the new address.
That doesn't happen. After the OpenVPN client dies, it stays dead, even after replugging the WAN (and the WAN getting a new address), until I manually restart it, or let Service Watchdog do so.
Additionally, you say you are on 2.5.0 which is several versions out of date. Update to 2.5.2 and try again. If you can still replicate the problem there, try again on a 2.6.0 snapshot....
I'll wait for the 2.6.0 release to try it again.