Bug #13267
opendpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.
0%
Description
Tested on 22.05.r.20220609.1919
.
- Configure OpenVPN client on pfSense
- Assign an interface to the OpenVPN client
- Gateway monitoring sends pings through the tunnel, gateway is up
- Stop the OpenVPN client
dpinger
continues to run and sends icmp out the default gateway
In this test, the monitoring IP/gateway address for the OpenVPN client was the same as the client IP address itself even though the logs on the client show the correct route-gateway
address being pushed.
Updated by Alhusein Zawi over 2 years ago
Does it mean to stop openvpn service or disabling the openvpn client?
- Stop the OpenVPN client
If I try to disable openvpn client with the interface assigned, I get this error:
"Cannot disable an OpenVPN instance while the interface is assigned. Remove the interface assignment first."
Updated by Kris Phillips over 2 years ago
I can confirm this behavior. Running a pcap on the current default gateway will show traffic from the OpenVPN client after the client is downed, resulting in echo requests that go unanswered migrating from the OpenVPN client to whatever default gateway path is available. Here is a snippet of a capture I performed on a WAN connection that is my default gateway after stopping the OpenVPN client with the same source and gateway IP as what shows up in the echo requests in the capture:
21:40:51.441810 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19430, length 9
21:40:51.952446 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19431, length 9
21:40:52.452880 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19432, length 9