Bug #13267
open
dpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.
Added by Marcos M over 2 years ago.
Updated over 2 years ago.
Description
Tested on 22.05.r.20220609.1919.
- Configure OpenVPN client on pfSense
- Assign an interface to the OpenVPN client
- Gateway monitoring sends pings through the tunnel, gateway is up
- Stop the OpenVPN client
dpinger continues to run and sends icmp out the default gateway
In this test, the monitoring IP/gateway address for the OpenVPN client was the same as the client IP address itself even though the logs on the client show the correct route-gateway address being pushed.
- Description updated (diff)
Does it mean to stop openvpn service or disabling the openvpn client?
- Stop the OpenVPN client
If I try to disable openvpn client with the interface assigned, I get this error:
"Cannot disable an OpenVPN instance while the interface is assigned. Remove the interface assignment first."
I can confirm this behavior. Running a pcap on the current default gateway will show traffic from the OpenVPN client after the client is downed, resulting in echo requests that go unanswered migrating from the OpenVPN client to whatever default gateway path is available. Here is a snippet of a capture I performed on a WAN connection that is my default gateway after stopping the OpenVPN client with the same source and gateway IP as what shows up in the echo requests in the capture:
21:40:51.441810 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19430, length 9
21:40:51.952446 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19431, length 9
21:40:52.452880 IP 172.27.114.132 > 172.27.114.129: ICMP echo request, id 53517, seq 19432, length 9
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by