• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN server interface(tun) treated as WAN -type interface?

Scheduled Pinned Locked Moved OpenVPN
1 Posts 1 Posters 311 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kpa
    last edited by Apr 10, 2018, 3:01 PM

    I have an OpenVPN remote access SSL/TLS server with a tun type device and I'm seeing this in my log very frequently:

    
pr 10 17:38:38	php-fpm	22780	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 172.16.14.1 -> 172.16.14.1 - Restarting packages.

    The 172.16.14.1 address is the static address assigned to the OpenVPN interface by the service (IPv4 tunnel network set to 172.16.14.0/24, device type set to tun) and the OpenVPN interface is assigned to OPT2 interface the interface is enabled at Interfaces->OPT2. I have manually disabled the two gateways that were automatically created for me (OPENVPN1_VPNV4 and OPENVPN1_VPNV6) to disable all gateway monitoring.

    Now this is not optimal because everytime /rc.newwanip detects any change (IP address change or just reconnetion) on the WAN it also counts as a change on the OpenVPN interface and this causes a lot of unnecessary start/stop actions for the Unbound service:

    
Apr 10 17:38:37	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:36	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:35	unbound	19669:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:33	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:32	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:32	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:27	unbound	57573:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:24	unbound	2477:0	info: service stopped (unbound 1.6.8).
Apr 10 17:38:23	unbound	2477:0	info: start of service (unbound 1.6.8).
Apr 10 17:38:23	unbound	2477:0	info: service stopped (unbound 1.6.8).

    Now the question is why does the OpenVPN server interface count as a WAN -type connection? It is by its nature equivalent to a LAN interface with a static IP address and I don't see any reason for monitoring it for IP address changes like you would on a DHCP configured WAN.

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received