Project

General

Profile

Bug #3554

apinger and OpenVPN: Gateway down after OpenVPN client service restart

Added by Cullen Trey over 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Gateway monitoring
Target version:
Start date:
03/28/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

Hi,

when i restart the OpenVPN client service, which has an interface assigned, the correspondig gateway is going down and never comes up again. The same holds true, if the openVPN server is restartet and the clients reconnect.

In both cases the openVPN client reconnects, however the gateway stays down.

The gateway for the OpenVPN client has a manuelly set monitoring IP. This works on startup, after a reboot of the server. Another way to get the gateway up again is to restart apinger.

In combination with Gateway Groups, the failover or load balancing options are not working as the gateway is still down.

This behavour has version 2.1 and the newest 2.1.1-PRERELEASE (i386) built on Wed Mar 26 13:50:29 EDT 2014.

History

#1 Updated by Cullen Trey over 4 years ago

Hi,

it seems to happen, if the openvpn interface comes up but encounters an error: in my configuration, a route add command failes:


Mar 28 17:14:13 openvpn[76990]: UDPv4 link local (bound): [AF_INET]192.168.2.3
Mar 28 17:14:13 openvpn[76990]: UDPv4 link remote: [AF_INET]78.47.141.140:25764
Mar 28 17:14:15 openvpn[76990]: [OpenVPN-Server] Peer Connection Initiated with [AF_INET]78.47.141.140:25764
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device ovpnc1 exists previously, keep at program end
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device /dev/tun1 opened
Mar 28 17:14:17 openvpn[76990]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Mar 28 17:14:17 openvpn[76990]: /sbin/ifconfig ovpnc1 10.0.8.4 10.0.8.4 mtu 1500 netmask 255.255.255.0 up
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.8.4 255.255.255.0 init
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: Initialization Sequence Completed

Perhaps the scripts ends because of the error and the event for apinger is missing because it is triggered afterwards. This point is however never reached? just a guess...

#2 Updated by Michael Sparks about 4 years ago

Cullen Trey wrote:

Hi,

it seems to happen, if the openvpn interface comes up but encounters an error: in my configuration, a route add command failes:


Mar 28 17:14:13 openvpn[76990]: UDPv4 link local (bound): [AF_INET]192.168.2.3
Mar 28 17:14:13 openvpn[76990]: UDPv4 link remote: [AF_INET]78.47.141.140:25764
Mar 28 17:14:15 openvpn[76990]: [OpenVPN-Server] Peer Connection Initiated with [AF_INET]78.47.141.140:25764
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device ovpnc1 exists previously, keep at program end
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device /dev/tun1 opened
Mar 28 17:14:17 openvpn[76990]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Mar 28 17:14:17 openvpn[76990]: /sbin/ifconfig ovpnc1 10.0.8.4 10.0.8.4 mtu 1500 netmask 255.255.255.0 up
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.8.4 255.255.255.0 init
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: Initialization Sequence Completed

Perhaps the scripts ends because of the error and the event for apinger is missing because it is triggered afterwards. This point is however never reached? just a guess...

I am having the same issue when I connect to PIA VPN. its bizaare, it seems to still work because when I check my ip its from PIA not my ISP however pfsense is showing the openvpn as down in services.

#3 Updated by Chris Buechler almost 4 years ago

  • Category changed from OpenVPN to Gateway monitoring
  • Status changed from New to Closed
  • Target version set to 2.2
  • Affected Version set to All
  • Affected Documentation 0 added

this isn't true on 2.2, haven't tried earlier versions. The "route add failed" scenarios could well be a problem, but that happens because there is a problem of some sort with the configuration.

Also available in: Atom PDF