Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Notification when VPN is down

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    8
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robato
      last edited by

      Is it possible to get an email notification if a VPN tunnel goes down in pfsense?

      GertjanG D 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @robato
        last edited by

        @robato

        OpenVPN server ? Client ?

        If the tunnel goes down because the 'other side', or 'something' in between disconnects, then the mail notification should take WAN, not the tunnel.
        If the WAN itself goes down, the tunnel will go down also.
        Like : phone the phone company because your phone line is broken ...

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        R 1 Reply Last reply Reply Quote 0
        • R
          robato @Gertjan
          last edited by

          @gertjan
          Thanks for your reply. The service stopped in pfsense after I changed the Internet cables. I would like to get a notification if it stops again for some other reason.

          28b74faf-7a88-41ad-999a-d0561a804b87-bild.png

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @robato
            last edited by

            @robato said in Notification when VPN is down:

            after I changed the Internet cables

            That will take care of your connection.
            So you want to get notified that a connection goes down when you remove the cable used for that connection ....
            Isn't that like smashing the light bulb, and asking for a confirmation that the light went out ? ;)

            But, depending on your OpenVPN client settings, it should retry to establish a connection.
            Or just quit. You chose, - take your pick here :

            99a90a4e-2349-43b5-b6fe-abfee3d87b19-image.png

            Again ; when you remove the cable used for by the VPN connection, most probably the WAN cable, notifications won't go out neither.
            The WAN interface will go down, and the OpenVPN client needs this interface

            55402740-41bc-4fde-b427-c1275cf68f6c-image.png

            to connect to the remote VPN server.

            When there is no cable in that interface, the interface is undefined at that moment. The OpenVPN client service won't start.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • R
              robato
              last edited by

              Please read the question before posting: I would like to get a notification if it stops again for some other reason.

              Thanks for the tip on ping settings!

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @robato
                last edited by Gertjan

                @robato

                Email alert when OpenVPN disconnects - Server Fault

                Or, as this is a OpenVPN question (there is an official openvpn forum) : [Solved]running scripts when VPN is "down"

                You want 'extra' things, the pfSense GUI can't cover that.
                First step, have a look at your /var/etc/openvpn/client1/config.ovpn file.
                Becaus eyou need to know what's in there - so you can evntually add your own commands in the custom box. : this one :

                845c9004-4b86-4f1d-85fc-ec1ba2e6d6ff-image.png

                ...
script-security 3
....
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
...

                script-security has to be 2 or 3 laready, that a good thing. See the OpenVPN doc for the why part.
                The bad news : pfSense is already using scripts for the (interface) up and down events. Have a look at the /usr/local/sbin/ovpn-linkdown what it does. A OpenVPN client normally creates a WAN type interface. This implies "routing" - pfSense is a router - and when this interface comes up, or goes down, the routing table needs to be changed.

                You can of course edit these scripts ***, and add at the end a line that send you a mail notification.

                I guess the best solution is what's has been show @serverfault.com page : the checkprocess.sh shell script file.
                It's stand alone file, and executes every x minutes.
                Get the pfSense cron package to see and add/edit cron tasks.

                See this OpenVPN thread, it show how to send a mail from pfSense using a script.

                See this thread - it shows how to start/stop/restart the openvpn (server ! but the client is the same - replace "server" for "client" - and check the ID, which is normally "1").

                Btw : if your WAN connection reconnects daily, or weekly, and it changes the WAN IP, the OpenVPN client would disconnect. Normally, it should try to rebuild the VPN connection right away. The VPN connection will be broken only a couple of seconds.
                If the client works well - is set up correctly - it will stay up, unless the 'server' goes down. Less likely in your situation.

                If you have youtube, go over there and an look for : "openvpn pfsense kill switch". like this one pfsense OpenVPN Policy Routing With Kill Switch Using PIA / Private Internet Access
                Keep in mind that if this works, and the VPN connection goes down, nothing gets out. Nothing includes 'mails', these notification will get send when the connection comes up again.

                Also : the easy answer to your question : Mail notification when the OpenVPN client goes down isn't implemented in the pfSense GUI.
                But if you're will to do some keyboard work, it's possible.

                *** you'll be editing pfSense core files. Not a big deal, but keep original copies, as you want to go back to a working state if you 'mess' up.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                R 1 Reply Last reply Reply Quote 0
                • R
                  robato @Gertjan
                  last edited by

                  Thanks a lot, I'll give it a go!

                  1 Reply Last reply Reply Quote 0
                  • D
                    ddbnj @robato
                    last edited by

                    @robato

                    I have gateways setup for my vpn tunnels. Gateway monitoring via dpinger is pinging across the tunnel. If pings fail at a rate set up under routing / gateway advanced, then I get an email from pfsense.

                    It sounds similar to what you would like to achieve.

                    Set up a client gateway and make sure it's pings go across the tunnel. If gateway fails, so should pings and you should get a notification.

                    -Devan

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.