Bug #3554
closed
apinger and OpenVPN: Gateway down after OpenVPN client service restart
Added by Cullen Trey over 10 years ago.
Updated about 10 years ago.
Category:
Gateway Monitoring
Description
Hi,
when i restart the OpenVPN client service, which has an interface assigned, the correspondig gateway is going down and never comes up again. The same holds true, if the openVPN server is restartet and the clients reconnect.
In both cases the openVPN client reconnects, however the gateway stays down.
The gateway for the OpenVPN client has a manuelly set monitoring IP. This works on startup, after a reboot of the server. Another way to get the gateway up again is to restart apinger.
In combination with Gateway Groups, the failover or load balancing options are not working as the gateway is still down.
This behavour has version 2.1 and the newest 2.1.1-PRERELEASE (i386) built on Wed Mar 26 13:50:29 EDT 2014.
Hi,
it seems to happen, if the openvpn interface comes up but encounters an error: in my configuration, a route add command failes:
Mar 28 17:14:13 openvpn[76990]: UDPv4 link local (bound): [AF_INET]192.168.2.3
Mar 28 17:14:13 openvpn[76990]: UDPv4 link remote: [AF_INET]78.47.141.140:25764
Mar 28 17:14:15 openvpn[76990]: [OpenVPN-Server] Peer Connection Initiated with [AF_INET]78.47.141.140:25764
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device ovpnc1 exists previously, keep at program end
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device /dev/tun1 opened
Mar 28 17:14:17 openvpn[76990]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Mar 28 17:14:17 openvpn[76990]: /sbin/ifconfig ovpnc1 10.0.8.4 10.0.8.4 mtu 1500 netmask 255.255.255.0 up
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.8.4 255.255.255.0 init
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: Initialization Sequence Completed
Perhaps the scripts ends because of the error and the event for apinger is missing because it is triggered afterwards. This point is however never reached? just a guess...
Cullen Trey wrote:
Hi,
it seems to happen, if the openvpn interface comes up but encounters an error: in my configuration, a route add command failes:
Mar 28 17:14:13 openvpn[76990]: UDPv4 link local (bound): [AF_INET]192.168.2.3
Mar 28 17:14:13 openvpn[76990]: UDPv4 link remote: [AF_INET]78.47.141.140:25764
Mar 28 17:14:15 openvpn[76990]: [OpenVPN-Server] Peer Connection Initiated with [AF_INET]78.47.141.140:25764
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device ovpnc1 exists previously, keep at program end
Mar 28 17:14:17 openvpn[76990]: TUN/TAP device /dev/tun1 opened
Mar 28 17:14:17 openvpn[76990]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Mar 28 17:14:17 openvpn[76990]: /sbin/ifconfig ovpnc1 10.0.8.4 10.0.8.4 mtu 1500 netmask 255.255.255.0 up
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.8.4 255.255.255.0 init
Mar 28 17:14:17 openvpn[76990]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 28 17:14:17 openvpn[76990]: Initialization Sequence Completed
Perhaps the scripts ends because of the error and the event for apinger is missing because it is triggered afterwards. This point is however never reached? just a guess...
I am having the same issue when I connect to PIA VPN. its bizaare, it seems to still work because when I check my ip its from PIA not my ISP however pfsense is showing the openvpn as down in services.
- Category changed from OpenVPN to Gateway Monitoring
- Status changed from New to Closed
- Target version set to 2.2
- Affected Version set to All
this isn't true on 2.2, haven't tried earlier versions. The "route add failed" scenarios could well be a problem, but that happens because there is a problem of some sort with the configuration.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by