OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP.
-
I keep getting this message in my logs, however, I have no OpenVPN clients even enabled nor any assigned to any interface. I have no logs from OpenVPN itself generated since I disabled the last OpenVPN client nearly a month ago.
What is going on here? Any ideas?
-
The message was being logged if the openvpn-server or openvpn-client array even exists in the config - which it does for you, since you used to have OpenVPN instances - but of course now it is an empty array. The will be needlessly iterating zero times over the empty arrays!
I made the check tighter in rc.openvpn so that log message will only happen if the system actually has at least 1 real OpenVPN instance defined.
https://github.com/pfsense/pfsense/pull/1376 -
The message was being logged if the openvpn-server or openvpn-client array even exists in the config - which it does for you, since you used to have OpenVPN instances - but of course now it is an empty array. The will be needlessly iterating zero times over the empty arrays!
I made the check tighter in rc.openvpn so that log message will only happen if the system actually has at least 1 real OpenVPN instance defined.
https://github.com/pfsense/pfsense/pull/1376Thank you for both the explanation and the fix, I'm sure anybody else would have found it slightly confusing as well if they found themselves in the same situation.
-
For the record, the final version of the enhanced check for this is:
Master: https://github.com/pfsense/pfsense/commit/04c0724ed8a173e02e3d2501576b4c49f8719590
RELENG_2_2: https://github.com/pfsense/pfsense/commit/07ab838e3fd536f68d1970ef76f286a3937673e3 -
I am on the latest snapshot and noticed this in my logs again FYI, I still don't have any OpenVPN clients enabled:
OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
-
At that point the code has not checked for enabled/disabled status of each OpenVPN instance. The message is emitted if there are any OpenVPN instances defined. If they happen to be all disabled, then as the code loops through each it will ignore all the disabled instances.
So in your case with all disabled, no action will be needed/taken.