OpenVPN Status Issues in 2.4.5-RELEASE-p1
-
I'm having some issues with OpenVPN tunnel status in the Dashboard of 2.4.5-RELEASE-p1. Am running pfsense on a Dell R710 with ESXI 6.5 + latest updates. Never seemed to have issues prior to upgrade to the latest code (previously was on the last 2.4.4 version, and skipped the first release of 2.4.5).
What happens is the statuses of my three OpenVPN tunnels are fine upon reboot, but over time they seem to randomly report as down, even though the tunnels are up - confirmed with pinging and browsing to web GUIs of devices through the tunnels, and also the gateway monitoring shows them up with correct latencies etc.
Anyway if I go to status > OpenVPN I can "Restart openvpn Service" and that'll get the "Status" back to "up". I have been doing this after hours for several days now, and have rebooted a few times which hasn't fixed the issue. Any ideas of what's going on? Thanks in advance.
-
Hi,
@Gcon said in OpenVPN Status Issues in 2.4.5-RELEASE-p1:
Any ideas of what's going on?
Not really.
Normally, you should see this :
this is a GUI or graphical representation of what could be found in the OpenVPN logs :
The manual way :
[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/etc/inc: telnet /var/etc/openvpn/client2.sock Trying /var/etc/openvpn/client2.sock... Connected to /var/etc/openvpn/client2.sock. Escape character is '^]'. >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info state 1 1597761620,CONNECTED,SUCCESS,10.26.0.50,203.159.81.117,1195,192.168.10.3,5922 END status 2 OpenVPN STATISTICS Updated,Tue Aug 18 16:48:31 2020 TUN/TAP read bytes,116 TUN/TAP write bytes,0 TCP/UDP read bytes,8732 TCP/UDP write bytes,8649 Auth read bytes,768 pre-compress bytes,0 post-compress bytes,0 pre-decompress bytes,0 post-decompress bytes,0 END quit Connection closed by foreign host. [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/etc/inc:
I TELNET'ed to the socket of the OpenVPN cient process, and gave the commands :
state 1 status 2
and
quit
to end.
The info obtained is used to format the GUI info.
You should have the
1597761620,CONNECTED,SUCCESS,10.26.0.50,203.159.81.117,1195,192.168.10.3,5922
which states that openvpn (client mode) is connected right now, the IP's, the ports etc.
This is what is shown - normally, in the logs :
edit : Please understand that I not explaining what happens on your system. Only you can find that out.
I showed you how to obtain 'some more' info. -
@Gertjan Thanks for the great info. None of the statuses have reported incorrectly today so all good there. I'll check the sockets if/when it happens again. Only issue I'm seeing in the logs is,
"WARNING: 'ifconfig' is present in local config but missing in remote config, local='ifconfig 10.255.27.9 10.255.27.10'"same as this old post https://forum.netgate.com/topic/31751/openvpn-ifconfig-warning
...and I've reached the same conclusons as the OP in that - in that I believe my configuration is correct and there's no config actually to correct in the web GUI. Doesn't seem related but just thought I'd mention it.