https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162022-04-06T02:35:55ZpfSense bugtrackerpfSense Plus - Bug #13031: Openvpn Float bughttps://redmine.pfsense.org/issues/13031?journal_id=602432022-04-06T02:35:55ZAzamat Khakimyanov
<ul><li><strong>Priority</strong> changed from <i>High</i> to <i>Low</i></li></ul><p>I think it's important: Sam uses the same certificate for these 2 different OpenVPN tunnels (2 different OpenVPN Servers) so my thought was that OpenVPN widget on a Dashboad uses username or common name from certificate to show active connections. So when it's the same certificate, it shows the identical info for these OpenVPN connections.</p> pfSense Plus - Bug #13031: Openvpn Float bughttps://redmine.pfsense.org/issues/13031?journal_id=602472022-04-06T08:06:20ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Not a Bug</i></li><li><strong>Target version</strong> deleted (<del><i>2.7.0</i></del>)</li></ul><p>Looks like it's doing what you're telling it to do and what the server allows you to do.</p>
<p>We just report the status reported by OpenVPN -- using the same exact cert/keys and such to two servers will allow the same client on both, and if the server(s) have "Dynamic IP" checked then it has trouble figuring out which is which because it allows the peer to renegotiate freely.</p>
<p>So either way there is no bug here that we can do anything for -- it's either expected behavior for the configuration (uncheck "Dynamic IP" on both servers) or it's OpenVPN itself misreporting the status, so it's a bug that OpenVPN would have to fix.</p> pfSense Plus - Bug #13031: Openvpn Float bughttps://redmine.pfsense.org/issues/13031?journal_id=602712022-04-07T13:20:41ZSam Jay
<ul></ul><p>Hi Jim,</p>
<p>This "Dynamic IP" feature on both the tunnels are already un-checked. Please advice.</p> pfSense Plus - Bug #13031: Openvpn Float bughttps://redmine.pfsense.org/issues/13031?journal_id=602722022-04-07T13:54:16ZJim Pingle
<ul></ul><p>If it's the same on the widget and status page, then it's likely being misreported by OpenVPN itself.</p>
<p>You can try connecting to the management sockets and looking yourself:</p>
<pre>
nc -U /var/etc/openvpn/server<id>/sock
status 3
quit
</pre>
<p>Do that on both servers and see what it shows. You might try <code>status 2</code> instead if the format on that one doesn't look right. <code>3</code> is supposed to be more human-readable, <code>2</code> is easier for scripts to parse.</p>