Project

General

Profile

Bug #4854

OpenVPN bound to gateway group using CARP IP doesn't start with CARP master status

Added by Chris Buechler about 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN
Target version:
Start date:
07/18/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

OpenVPN bound to a gateway group specifying CARP VIPs stops when CARP goes to backup status, but doesn't start when re-gaining master.

Associated revisions

Revision 6eb52093 (diff)
Added by Chris Buechler about 4 years ago

Handle OpenVPN bound to gateway groups using CARP IPs in rc.carpmaster/backup. Ticket #4854

Revision 401adacf (diff)
Added by Chris Buechler about 4 years ago

sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily.

Revision 34cd5348 (diff)
Added by Chris Buechler about 4 years ago

Reverting this for master, needs review in context of uniqid changes. Opening redmine ticket. Revert "sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily."

This reverts commit 401adacfefbc6006bc2270ccc1640e1b15f767c1.

History

#1 Updated by Chris Buechler about 4 years ago

  • Status changed from Confirmed to Feedback

looks to be fixed with what I just pushed

#2 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved

works

#3 Updated by Cullen Trey about 4 years ago

Hi Chris,

think there is still a problem.

When CARP goes to backup on let say pfsense#1, it stops openvpn and it start the openvpn on the new master let it name pfsense#2.

However, when we go back to Master on pfsense#1, it starts the openvon on pfsense#1. But why is it restarted on pfsense#2??? This causes me a lot of Problems, because the openvpn Clients try to reconnect and throw out the newly started Clients on pfsense#1.

But what is strange, is that the openvpn Clients on pfsense#2 are shown as stoped in the Services Status. The logs say something different, the are restarting because of inactivity. Even ps -ax Shows that the Clients are still running...

What Comes to my mind, is that openvpn_restart('client', $Settings) does not really stop / terminate the openvpn Clients. So in the rc.carpbackup the command openvpn_restart only tiggers the restart of openvpn Clients, because they are currently running. How can you stop them? Something like

+openvpn_stop('client', $settings);
-openvpn_restart('client', $settings);

Kind regards

Trey

#4 Updated by Joseph Huber about 4 years ago

Maybe the same problem with OpenVPN Client Connections:
We have a Master/Backup CARP setup with OpenVPN-Client Connections.
The OpenVPN-Client Connections are only active on the current active node.
If the Master goes down, the Client-Connection ist started on the Slave.
But when the Master comes up again the client connection on the Master is up and on the Backup down... but it is not working.
I have to restart it manually on the Master then it is working again.

#5 Updated by Joseph Huber over 3 years ago

Joseph Huber wrote:

Maybe the same problem with OpenVPN Client Connections:
We have a Master/Backup CARP setup with OpenVPN-Client Connections.
The OpenVPN-Client Connections are only active on the current active node.
If the Master goes down, the Client-Connection ist started on the Slave.
But when the Master comes up again the client connection on the Master is up and on the Backup down... but it is not working.
I have to restart it manually on the Master then it is working again.

In 2.2.6-RELEASE everything works fine!

Also available in: Atom PDF