https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162016-03-05T07:08:59ZpfSense bugtrackerpfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=255792016-03-05T07:08:59ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Subject</strong> changed from <i>Incorrect gateway entry update</i> to <i>dpinger issue on OpenVPN interfaces</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Assignee</strong> set to <i>Chris Buechler</i></li></ul><p>ran into this on Friday, there is some kind of issue with dpinger on OpenVPN interfaces. I haven't had a chance to look far into it yet.</p>
<p>At least I believe that's the same root cause.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256452016-03-10T00:28:43ZChris Buechlercbuechler@gmail.com
<ul></ul><p>This isn't as easily replicable as I figured. I know it exists in some form, from OP's description, another forum report, and jporter's system did it Friday and Monday post-reboot. But I've been through a variety of circumstances, and am not seeing any problems. The only scenario I can find here that doesn't work post-boot is SLAAC-assigned interfaces ("DHCPv6" type minus a DHCPv6 server), as SLAAC on its own doesn't trigger rc.newwanipv6 (which is OK).</p>
<p>Renato: no need to pick up here, I'll need to replicate on jporter's system and find the root cause.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256462016-03-10T00:54:48ZDmitriy K
<ul></ul><p>Maybe there is a way to turn on nice debug logs in pfSense which I could provide to you?</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256482016-03-10T10:13:14ZDmitriy K
<ul></ul><p>Just updated 2nd router to latest snapshot and ran into the same issue. it's 100% reproducible on both routers.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256532016-03-10T19:14:52ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Feedback</i></li></ul><p>This issue happens when OpenVPN instances aren't yet connected at the time setup_gateways_monitor runs during boot. Then when they connect, rc.newwanip skips a chunk of what it does including setup_gateways_monitor if the system is booting. There doesn't appear to be any reason it needs to skip all those things while booting. Commit message where it was added ~6 years ago just said something like "skip during boot" without any explanation as to why. We've moved that check down further in the file since then to fix similar types of issues. On several systems tested, removing the booting checks from rc.newwanip had no negative impact on anything. And that does fix this issue.</p>
<p>Pushed that change. Reviewing rc.newwanipv6 for whether same should be done there.</p>
<p>Dmitriy: the next snapshot past the time of this comment will have that change and should work for you. You're on a new enough snapshot that you can just gitsync to master if you'd like.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256552016-03-11T01:52:10ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Subject</strong> changed from <i>dpinger issue on OpenVPN interfaces</i> to <i>dpinger doesn't start at times on OpenVPN interfaces</i></li></ul><p>this looks to be working in all cases now, and the changes didn't result in any regressions that I can find. It also fixes a range of other potential problems on dynamic interfaces that may be a bit slow to come up during boot.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256672016-03-11T14:04:04ZDmitriy K
<ul></ul><p>Well, this happens not only during boot. You can create a ovpn client in any time and you'll get the same result without rebooting: No gw ip in gw entry till it is not disabled. Are you sure this issue is a dpinger related?</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256682016-03-11T14:05:32ZDmitriy K
<ul></ul><p>Tested on 2.3.b.20160311.1315 x64: Issue is not fixed, unfortunately;</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256692016-03-11T14:08:43ZDmitriy K
<ul></ul><p>I have yet another an ovpn TLS TCP TUN net30 client connection and everything works fine. So TAP doesn't work and TUN does work.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256702016-03-11T14:14:55ZJim Pingle
<ul></ul><p>Does that tun actually get a gateway sent by the far side?</p>
<p>In lots of tun or topology subnet configs the server sends no gateway so pfSense has no way to tell what it is.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256712016-03-11T15:20:24ZDmitriy K
<ul></ul><p>Jim Pingle wrote:</p>
<blockquote>
<p>Does that tun actually get a gateway sent by the far side?</p>
<p>In lots of tun or topology subnet configs the server sends no gateway so pfSense has no way to tell what it is.</p>
</blockquote>
<p>I mean the IP field itself isn't empty. If I recall correctly I always saw local endpoint IP as GW IP. Dynamic? never heard of.</p>
<p>I don't understand why pushed gw ip is not set properly? Maybe it's a ovpn-linkup script bug?</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256722016-03-11T15:52:40ZChris Buechlercbuechler@gmail.com
<ul></ul><p>I turned this into something different from where it started having seen the same "pending" status on a couple other systems. Dmitriy's issue looks to be related to pushed gateway IPs on tap interfaces. I'll investigate that further.</p> pfSense - Bug #5952: dpinger doesn't start at times on OpenVPN interfaceshttps://redmine.pfsense.org/issues/5952?journal_id=256742016-03-11T23:37:24ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>The issue I turned this into is fixed.</p>
<p>Dmitriy: your issue is <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: OpenVPN gateways incorrectly handled with tap (Resolved)" href="https://redmine.pfsense.org/issues/5981">#5981</a>, fix for that coming on that ticket momentarily.</p>