OpenVPN server interface(tun) treated as WAN -type interface?
-
I have an OpenVPN remote access SSL/TLS server with a tun type device and I'm seeing this in my log very frequently:
pr 10 17:38:38 php-fpm 22780 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 172.16.14.1 -> 172.16.14.1 - Restarting packages.The 172.16.14.1 address is the static address assigned to the OpenVPN interface by the service (IPv4 tunnel network set to 172.16.14.0/24, device type set to tun) and the OpenVPN interface is assigned to OPT2 interface the interface is enabled at Interfaces->OPT2. I have manually disabled the two gateways that were automatically created for me (OPENVPN1_VPNV4 and OPENVPN1_VPNV6) to disable all gateway monitoring.
Now this is not optimal because everytime /rc.newwanip detects any change (IP address change or just reconnetion) on the WAN it also counts as a change on the OpenVPN interface and this causes a lot of unnecessary start/stop actions for the Unbound service:
Apr 10 17:38:37 unbound 19669:0 info: start of service (unbound 1.6.8). Apr 10 17:38:36 unbound 19669:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:36 unbound 19669:0 info: start of service (unbound 1.6.8). Apr 10 17:38:36 unbound 19669:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:35 unbound 19669:0 info: start of service (unbound 1.6.8). Apr 10 17:38:35 unbound 19669:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:35 unbound 19669:0 info: start of service (unbound 1.6.8). Apr 10 17:38:33 unbound 57573:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:32 unbound 57573:0 info: start of service (unbound 1.6.8). Apr 10 17:38:32 unbound 57573:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:28 unbound 57573:0 info: start of service (unbound 1.6.8). Apr 10 17:38:28 unbound 57573:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:28 unbound 57573:0 info: start of service (unbound 1.6.8). Apr 10 17:38:28 unbound 57573:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:27 unbound 57573:0 info: start of service (unbound 1.6.8). Apr 10 17:38:27 unbound 57573:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:27 unbound 57573:0 info: start of service (unbound 1.6.8). Apr 10 17:38:24 unbound 2477:0 info: service stopped (unbound 1.6.8). Apr 10 17:38:23 unbound 2477:0 info: start of service (unbound 1.6.8). Apr 10 17:38:23 unbound 2477:0 info: service stopped (unbound 1.6.8).Now the question is why does the OpenVPN server interface count as a WAN -type connection? It is by its nature equivalent to a LAN interface with a static IP address and I don't see any reason for monitoring it for IP address changes like you would on a DHCP configured WAN.