OpenVPN server interface(tun) treated as WAN -type interface?



  • I have an OpenVPN remote access SSL/TLS server with a tun type device and I'm seeing this in my log very frequently:

    
    pr 10 17:38:38	php-fpm	22780	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 172.16.14.1 -> 172.16.14.1 - Restarting packages.
    
    

    The 172.16.14.1 address is the static address assigned to the OpenVPN interface by the service (IPv4 tunnel network set to 172.16.14.0/24, device type set to tun) and the OpenVPN interface is assigned to OPT2 interface the interface is enabled at Interfaces->OPT2. I have manually disabled the two gateways that were automatically created for me (OPENVPN1_VPNV4 and OPENVPN1_VPNV6) to disable all gateway monitoring.

    Now this is not optimal because everytime /rc.newwanip detects any change (IP address change or just reconnetion) on the WAN it also counts as a change on the OpenVPN interface and this causes a lot of unnecessary start/stop actions for the Unbound service:

    
    Apr 10 17:38:37	unbound	19669:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:36	unbound	19669:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:36	unbound	19669:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:35	unbound	19669:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:35	unbound	19669:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:33	unbound	57573:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:32	unbound	57573:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:32	unbound	57573:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:28	unbound	57573:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:28	unbound	57573:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:27	unbound	57573:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:27	unbound	57573:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:24	unbound	2477:0	info: service stopped (unbound 1.6.8).
    Apr 10 17:38:23	unbound	2477:0	info: start of service (unbound 1.6.8).
    Apr 10 17:38:23	unbound	2477:0	info: service stopped (unbound 1.6.8).
    
    

    Now the question is why does the OpenVPN server interface count as a WAN -type connection? It is by its nature equivalent to a LAN interface with a static IP address and I don't see any reason for monitoring it for IP address changes like you would on a DHCP configured WAN.


Log in to reply