Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Minor issue - Changing WAN IP breaks OpenVPN until restart

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 931 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jeremy11one
      last edited by

      We got a new ISP last week so I updated my static IP info on the WAN interface and various aliases.  After applying, everything seemed to work fine.  Days later, I noticed that nobody has been able to connect to the VPN since the IP change.  I went to Status > OpenVPN and clicked the restart service button, and everything immediately starting connecting properly again.  I'm guessing that OpenVPN listens on a specific IP address instead of just "whatever IP the WAN interface has", and so it got left behind when that WAN IP was changed.

      I request that, if OpenVPN's bound interface IP gets changed, that the OpenVPN service automatically restart.  Or better, OpenVPN server should automatically be informed of the IP change so that a service restart isn't necessary.

      Thanks for the amazing product!

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Yes, you can look at two things:

        • In your OpenVPN config, you will see a line stating:

          • Local (wan_ip) - Which shows the IP that the service was bound to when the OpenVPN service started
        • Run "sockstat -4 -l" from the shell.  Which will show you what IP, port, and protocol the openvpn service is currently listening on

        Neither of the above is going to update until the OpenVPN service is restarted.  So, there currently must not be a mechanism to restart the OpenVPN service once an IP change has been detected on the WAN interface. If it's something that happens frequently on your connection,  I would submit an enhancement or feature request.  Unfortunately, I am not sure how that would be submitted.  Possibly thru the bug tracker -> https://redmine.pfsense.org?

        1 Reply Last reply Reply Quote 0
        • PippinP
          Pippin
          last edited by

          There is the –float directive.
          See manual 2.4:
          https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

          How that is handled by pfSense firewall. i do not know, just try it.

          I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
          Halton Arp

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            @Pippin:

            There is the –float directive.
            See manual 2.4:
            https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

            How that is handled by pfSense firewall. i do not know, just try it.

            As I read about the float directive, it appears to deal with incoming connections from clients and does not address updating the IP that the OpenVPN service is bound to after a WAN IP change on PFsense.    E.g. if a client is on a laptop connected to a flaky cellular hotsot and the connection breaks briefly causing the hotspot to reconnect and acquires a new public IP … the float directive will allow the client to re-connect and authenticate even though subsequent connections (post reconnect) are coming from a different IP than the initial connection.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.