pfSense

When OpenVPN clients/servers are running on a gateway group interface, they should always bind to the most preferable interface within that group. In cases when cables are disconnected/reconnected or when IP changes occur, OpenVPN will often hug a lower priority interface and not resume operation on the most preferable online interface within a gateway group.

This is due to the following reason:

IP changes are monitored by the rc.newwanip file which in turn executes the function openvpn_resync_all in /etc/inc/openvpn.inc

An excerpt from this function is shown below:

if (is_array($config['openvpn']['openvpn-client'])) {
    foreach ($config['openvpn']['openvpn-client'] as & $settings) {
        if ($interface <> "" && $interface != $settings['interface']) {
            continue;
        }
        openvpn_resync('client', $settings);
    }
}

This excerpt sadly does not take account of the situation when OpenVPN instances are bound to gateway groups because the interface in question will never be equal to the OpenVPN interface, thus OpenVPN instances are never resynced when these situations occur.

The solution I propose will bring OpenVPN resyncs more in line with that currently implemented within rc.openvpn to allow for instances operating on gateway group interfaces to behave correctly.

I will submit a PR for review shortly.

Best wishes,
James.