https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162013-07-31T13:49:04ZpfSense bugtrackerpfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=120912013-07-31T13:49:04ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>apinger restarts IPv4 services when an IPv6 gateway goes down (and vice versa)</i> to <i>apinger restarts all services on an interface when a gateway goes down, not just services using the gateway in question</i></li></ul><p>Changed the subject as it does not apply strictly to IPv6 vs IPv4.</p>
<p>Easy way to reproduce it:</p>
<p>1. Create an OpenVPN server or client<br />2. Assign the interface, enable, etc<br />3. Add a second WAN gateway using a bogus IP that will not respond to ping<br />4. Watch it fall into a loop an explode.</p>
<p>rc.newwanip includes protections to prevent an OpenVPN interface from triggering an OpenVPN reload, but rc.openvpn does not contain any protections. That seems the best place to look for a band-aid solution.</p>
<p>Longer term, we should at least explore the idea of apinger understanding IPv6 vs IPv4 service loss when restarting things.</p> pfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=120922013-07-31T13:51:25ZJim Pingle
<ul></ul><p>Though rc.openvpn is being called with the physical interface (wan, etc) not the openvpn interface so perhaps that's not simple either.</p>
<p>The real problem seems to be rc.newwanip on the OpenVPN interface triggering apinger to be killed and restarted.</p> pfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=120932013-07-31T13:57:47ZJim Pingle
<ul></ul><p>Updated the above again, the OpenVPN part is irrelevant, too. Further testing shows that just a second dead gateway will cause the looping:</p>
<p>apinger sees the gateway down, triggers the interface reload, which triggers apinger to restart, which sees the gateway still down, which triggers the interface reload, repeat forever until monitoring is disabled or the gateway responds.</p> pfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=120942013-07-31T14:07:44ZJim Pingle
<ul></ul><p>Spoke too quickly on that last one, the OpenVPN interface does play into it but it wasn't completely gone when I saw the last looping happen.</p>
<p>So you do need to assign and enable an OpenVPN interface, then have a down gateway on the same interface as the VPN.</p> pfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=121312013-08-06T05:40:10ZErmal Luçieri@pfsense.org
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset pfsense-tools:commit:276eaf1009790760b5fe788156d8ba420f100046.</p> pfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=121342013-08-06T08:04:38ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>apinger restarts all services on an interface when a gateway goes down, not just services using the gateway in question</i> to <i>apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitely</i></li></ul><p>Updating the subject again to more accurately describe the core issue here. The other part is a different bug than we were chasing here, but it's not quite as critical and can wait for 2.2. I'll start a new ticket for that.</p>
<p>After Ermal's latest patches apinger is behaving itself aside from a minor/cosmetic quirk: It's printing negative RTTs in certain cases.</p> pfSense - Bug #3119: apinger falls into a loop with assigned OpenVPN interface, restarting itself and triggering events indefinitelyhttps://redmine.pfsense.org/issues/3119?journal_id=123642013-09-03T13:54:06ZErmal Luçieri@pfsense.org
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul>