Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN server interface(tun) treated as WAN -type interface?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 324 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kpa
      last edited by

      I have an OpenVPN remote access SSL/TLS server with a tun type device and I'm seeing this in my log very frequently:

      
      pr 10 17:38:38	php-fpm	22780	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 172.16.14.1 -> 172.16.14.1 - Restarting packages.
      
      

      The 172.16.14.1 address is the static address assigned to the OpenVPN interface by the service (IPv4 tunnel network set to 172.16.14.0/24, device type set to tun) and the OpenVPN interface is assigned to OPT2 interface the interface is enabled at Interfaces->OPT2. I have manually disabled the two gateways that were automatically created for me (OPENVPN1_VPNV4 and OPENVPN1_VPNV6) to disable all gateway monitoring.

      Now this is not optimal because everytime /rc.newwanip detects any change (IP address change or just reconnetion) on the WAN it also counts as a change on the OpenVPN interface and this causes a lot of unnecessary start/stop actions for the Unbound service:

      
      Apr 10 17:38:37	unbound	19669:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:36	unbound	19669:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:35	unbound	19669:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:33	unbound	57573:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:32	unbound	57573:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:32	unbound	57573:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:27	unbound	57573:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:24	unbound	2477:0	info: service stopped (unbound 1.6.8).
      Apr 10 17:38:23	unbound	2477:0	info: start of service (unbound 1.6.8).
      Apr 10 17:38:23	unbound	2477:0	info: service stopped (unbound 1.6.8).
      
      

      Now the question is why does the OpenVPN server interface count as a WAN -type connection? It is by its nature equivalent to a LAN interface with a static IP address and I don't see any reason for monitoring it for IP address changes like you would on a DHCP configured WAN.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.