4. OpenVPN server interface(tun) treated as WAN -type interface?

OpenVPN server interface(tun) treated as WAN -type interface?

  • K

    I have an OpenVPN remote access SSL/TLS server with a tun type device and I'm seeing this in my log very frequently:

    
pr 10 17:38:38	php-fpm	22780	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 172.16.14.1 -> 172.16.14.1 - Restarting packages.

    The 172.16.14.1 address is the static address assigned to the OpenVPN interface by the service (IPv4 tunnel network set to 172.16.14.0/24, device type set to tun) and the OpenVPN interface is assigned to OPT2 interface the interface is enabled at Interfaces->OPT2. I have manually disabled the two gateways that were automatically created for me (OPENVPN1_VPNV4 and OPENVPN1_VPNV6) to disable all gateway monitoring.

    Now this is not optimal because everytime /rc.newwanip detects any change (IP address change or just reconnetion) on the WAN it also counts as a change on the OpenVPN interface and this causes a lot of unnecessary start/stop actions for the Unbound service:

    
Apr 10 17:38:37	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:36	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:35	unbound	19669:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:33	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:32	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:32	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:27	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:24	unbound	2477:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:23	unbound	2477:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:23	unbound	2477:0	info: service stopped (unbound 1.6.8).

    Now the question is why does the OpenVPN server interface count as a WAN -type connection? It is by its nature equivalent to a LAN interface with a static IP address and I don't see any reason for monitoring it for IP address changes like you would on a DHCP configured WAN.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy