OpenVPN tunnels require restart after WAN failover

whosmatt

I have a dual WAN setup and have multiple OpenVPN tunnels, both clients and servers. The tunnels use a mix of both WAN connections with redundancies handled via BGP. My main WAN connection has a failure mode where suddenly the interface just doesn't have an IPv4 address any more. The manual intervention "fix" is simply to release and renew DHCP and it's back up.

The problem is that when this happens, all of my OpenVPN tunnels go down and the only thing that will bring them back up is restarting the services. This wouldn't be a problem if the connections utilizing the remaining working WAN connection remained up, but they don't.

As you can imagine this is pretty frustrating. Just wondering where to start troubleshooting this.

Thanks,
M

whosmatt

I managed to mitigate this somewhat by changing the configuration of the offending interface to static address assignment. That didn't prevent it from going down, but it did at least keep OpenVPN tunnels not bound to that interface from needing a restart. The WAN interface in question is passed through from an AT&T residential fiber gateway / ONT. It's an Intel I-225 for what that's worth.

I'm not convinced the interface isn't at fault, so I switched over from the igc0 interface to a vlan on my main NIC, which is ix0. That wastes a NBASE-T switch port but works ok so far.