Project

General

Profile

Bug #4661

OpenVPN client can't assign to GWGroup specifying VIPs

Added by z z about 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN
Target version:
Start date:
04/29/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2.x
Affected Architecture:

Description

  1. Failover pfSense with CARP —> OpenVPN client autostart OK.
  2. Failover multi-WAN —> OpenVPN client autostart OK.
  3. Failover pfSense with CARP + multi-WAN —> OpenVPN client can't assign to interface GateWay_Group.

http://rghost.ru/6Rc5hbZVJ.view

I made a virtual machine for the test (84,4 МБ).
Start VirtualBox. File -> Import -> pfSense.ova.
Start VM pfsense.
After start go to 192.168.1.10
Login admin
Pass pfsense
Menu VPN -> OpenVPN -> Client.
The settings in the screenshot.

http://rghost.ru/6XNb9t8cf.view

Error:
An IPv4 protocol was selected, but the selected interface has no IPv4 address.

How fix this error?

Associated revisions

Revision e6807c5a (diff)
Added by Chris Buechler almost 4 years ago

Return IP correctly in get_interface_ip for gateway groups specifying a
VIP. Ticket #4661

Revision 89953fe7 (diff)
Added by Chris Buechler almost 4 years ago

Return IP correctly in get_interface_ip for gateway groups specifying a
VIP. Ticket #4661

History

#1 Updated by Phillip Davis about 4 years ago

As I remember, when creating or editing an OpenVPN instance, the interface or highest tier of the gateway group to which it is assigned must currently have an IP address. I believe this is also a problem if you have a DHCP WANx and it is currently waiting to get DHCP (or the cable is not even plugged in).
The validation code here could be smarter to try and work out if the interface selected has IPv4/6 DHCP enabled, or if the gateway group looks like it has IPv4/6 members and then check if it matches the selected UDP or TCP 4/6.

#2 Updated by z z about 4 years ago

WAN1 and WAN2 — static IP. May want to try it in my virtual machine for test.

#3 Updated by Grzegorz Sliwa almost 4 years ago

I have this same issue.
I want to create MultiWan CARP, but when I choice Interface (GW Group Wan1FailoverWan2) on OpenVPN Server i get error message: The following input errors were detected:

An IPv4 protocol was selected, but the selected interface has no IPv4 address.

Wan1 and Wan2 have statis IP.
I'm using pfSense 2.2.2

I can choice WAN CARP IP and WAN2 CARP IP with no errors.
How to fix it? I need it!

#4 Updated by Krzysztof Szczesniak almost 4 years ago

Yesterday I discovered the same problem. Any chance to fix it in nearest release?
Thanks in advance!

#5 Updated by Chris Buechler almost 4 years ago

  • Subject changed from Failover pfSense with CARP + multi-WAN —> OpenVPN client can't assign to GWGroup to OpenVPN client can't assign to GWGroup specifying VIPs
  • Category set to OpenVPN
  • Status changed from New to Feedback
  • Target version set to 2.2.3
  • Affected Version set to 2.2.x
  • Affected Architecture deleted (i386)

fixed by what I just pushed, leaving for feedback. Will be in June 2 and newer 2.2.3 snapshots, or can gitsync to RELENG_2_2 if you want to try sooner.

#6 Updated by Grzegorz Sliwa almost 4 years ago

Hello Chris.

I tested this twice,and it's not working properly.

I used version 2.2.3-DEVELOPMENT (amd64) built on Tue Jun 02 13:30:21 CDT 2015 FreeBSD 10.1-RELEASE-p10

Now I can choice Wan1VIPFailoverWan2VIP on OpenVPN Server settins.
1) working fine:
disconnect Wan1 cable on Node2 and next on Node1. OpenVPN Server listening on Node1 Wan2VIP -OK .tunnel was re-establish.
2) not working:
a) reboot/turn off Node1 . Node2 was marked as Master (from Backup). But OpenVPN server don't start. - Unable to contact daemon - Service not running?
b) disconnect only Wan1 cable on Node1 .Node2 was marked as Master (from Backup). But OpenVPN server don't start. - Unable to contact daemon - Service not running?
connect again Wan1 cable to Node1. Node1 was marked as Master and OpenVPN server starts again.

#7 Updated by Chris Buechler almost 4 years ago

  • Assignee set to Chris Buechler

#8 Updated by Chris Buechler almost 4 years ago

  • Target version changed from 2.2.3 to 2.3

#9 Updated by Cullen Trey almost 4 years ago

Hello,

even worse, if a OpenVPN client in 2.2.3 is set to a GWGroup specifying VIPs, first it is working. Meening MultiWan failover happens but Node failover not. And what is really a pain in the ***, when you reboot the first node, the OpenVPN client wont start... So as a lookout VPN Admin I had to drive 800 km and click on start OpenVPN client service :-( (Okay, that is not true, but I had to give away the password for first node the start the client by remote hands... which is worse... :-) )

However, these symptoms could be interrelated. Why are the OpenVPN clients are not started, when node failover happens? Why are the OpenVPN clients are not started after a reboot?

Kind regards and I love pfSense

#10 Updated by Chris Buechler almost 4 years ago

  • Status changed from Feedback to Confirmed
  • Target version changed from 2.3 to 2.2.4

#11 Updated by Chris Buechler almost 4 years ago

  • Status changed from Confirmed to Resolved
  • Target version changed from 2.2.4 to 2.2.3

The original issue here was fixed in 2.2.3.

The issue Grzegorz and Cullen noted is separate. Opened #4854 for that one. Should have a fix pushed for that in a bit.

Also available in: Atom PDF