Project

General

Profile

Actions

Bug #13267

open

dpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.

Added by Marcos M over 2 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Tested on 22.05.r.20220609.1919.

  1. Configure OpenVPN client on pfSense
  2. Assign an interface to the OpenVPN client
    • Gateway monitoring sends pings through the tunnel, gateway is up
  3. Stop the OpenVPN client
    • dpinger continues to run and sends icmp out the default gateway

In this test, the monitoring IP/gateway address for the OpenVPN client was the same as the client IP address itself even though the logs on the client show the correct route-gateway address being pushed.

Actions #1

Updated by Marcos M over 2 years ago

  • Description updated (diff)
Actions #2

Updated by Alhusein Zawi over 2 years ago

Does it mean to stop openvpn service or disabling the openvpn client?

  1. Stop the OpenVPN client

If I try to disable openvpn client with the interface assigned, I get this error:

"Cannot disable an OpenVPN instance while the interface is assigned. Remove the interface assignment first."

Actions #3

Updated by Kris Phillips over 2 years ago

I can confirm this behavior. Running a pcap on the current default gateway will show traffic from the OpenVPN client after the client is downed, resulting in echo requests that go unanswered migrating from the OpenVPN client to whatever default gateway path is available. Here is a snippet of a capture I performed on a WAN connection that is my default gateway after stopping the OpenVPN client with the same source and gateway IP as what shows up in the echo requests in the capture:

21:40:51.441810 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19430, length 9
21:40:51.952446 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19431, length 9
21:40:52.452880 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19432, length 9

Actions

Also available in: Atom PDF