Is there a way to prevent "newwanip" when an OVPN client connection changes?



  • Hi,

    I have two outgoing Open VPN connections (PIA) set up where the traffic to some destinations is routed to. These connections are used only for outgoing traffic and I don't care about the VPN IP address the connection gets.

    The VPN IP addresses of these connections are changing periodically, at least once per day. The big issue is that pfSense runs the "newwanip" event in these cases which restarts several services like ntopng, but even worse my HAPROXY which affects all active connections on my main link (which has a fixed IP address).

    How can I exclude the OpenVPN client connections from running the newwanip event (if that's possible and not mandatory needed when the VPN IP address changes)? Or at least exclude the HAPROXY restart from the OpenVPN IP change events. I've disabled all monitoring of the gateways associated to the OVPN connections, but that does not help.


  • Galactic Empire

    Thought this may work but it didn't.

    System -> Advanced -> Networking

    Untick Reset all states if WAN IP Address changes

    Mar 13 09:01:22	check_reload_status		Starting packages
    Mar 13 09:01:22	php-fpm	83439	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.8.0.32 -> 10.8.1.52 - Restarting packages.
    Mar 13 09:01:20	php-fpm	83439	/rc.newwanip: Creating rrd update script
    Mar 13 09:01:20	php-fpm	83439	/rc.newwanip: Ignoring IPsec reload since there are no tunnels on interface opt13
    Mar 13 09:01:15	php-fpm	83439	/rc.newwanip: 83439MONITOR: NORDVPN_US2896_VPNV4 is available now, adding to routing group NORDVPN 10.8.1.52|10.8.1.52|NORDVPN_US2896_VPNV4|0.09ms|0.027ms|0.0%|none
    Mar 13 09:01:12	php-fpm	83439	/rc.newwanip: Removing static route for monitor fe80::4afd:8eff:feaa:a4d1 and adding a new route through fe80::4afd:8eff:feaa:a4d1%pppoe0
    Mar 13 09:01:08	php-fpm	83439	/rc.newwanip: IP Address has changed, killing states on former IP Address 10.8.0.32.
    

Log in to reply