pfSense

function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) {
    global $g, $config;

    $resync_needed = true;
    if (!empty($interface)) {
        $mode_id = $mode . $ovpn_settings['vpnid'];
        $fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
        if (file_exists($fpath)) {
            $current_device = file_get_contents($fpath);
            $current_device = trim($current_device, " \t\n");
            $new_device = get_failover_interface($ovpn_settings['interface']);
            if (isset($config['interfaces'][$interface])) {
                $this_device = $config['interfaces'][$interface]['if'];
                if (($current_device == $new_device) || ($current_device != $this_device) || ($new_device != $this_device))
                    $resync_needed = false;
            }
        }
    }
    if ($resync_needed == true) {
        log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
        openvpn_resync($mode, $ovpn_settings);
    }
}

When a gateway group is tied to CARP VIPs and OpenVPN client or server is bound to a gateway group, $resync_needed always gets set to false and OpenVPN never reloads on gateway failover.

That is because

1. $current_device is the name of the VIP (e.g. wan_vip1) and $this_device is the interface (e.g. em1) so they are always != .
2. $new_device is, again, the name of the VIP GWGroup failed over to (e.g. opt2_vip2) and $this_device is the interface (e.g. em1) so they are always != .

This also fails when VLANs are in use and GWGroup is bound to the interface address of a VLAN. Again because $this_device is the interface (e.g. em1) and it will never be equal to $current_device or $new_device, both of which will have "vlan" in the name (e.g. em2_vlan51).

Why do these two comparisons need to be in there to begin with:

($current_device != $this_device) and
($new_device != $this_device)

Isn't this comparison ($current_device == $new_device) enough to determine if the OpenVPN should reload or not?

Thanks,

Shahid