OpenVPN does not start automatically when listening to CARP address



  • Hello,

    I've noticed that on PfSense 2.5 (2.5.0.a.20190816.0044) OpenVPN does not start automatically when it's listening to a CARP address. If I changed the interface to the normal address (Not CARP), then OpenVPN will start at next reboot.
    Also if OpenVPN stops for any reasons, it will not start again automatically.

    Can you have a look at it ? what other information do you need ?

    Regards,
    BN


  • Rebel Alliance Developer Netgate

    I'm seeing sort of a similar thing here but it's not consistent. Some start, some don't, even ones that are using the CARP VIP for an interface. If I put the master into maintenance mode, all of the instances stop on the primary start on the secondary (as they should). If I take the primary out of maintenance mode, the same ones that didn't start at boot also fail to start.

    Probably need to see if there are any errors in the OpenVPN log at least.



  • @jimp I have nothing in OpenVPN logs, it is simply not started at all.
    For me OpenVPN failover doesn't work, it is not started at all when a switchover occurs.


  • Rebel Alliance Developer Netgate

    Is there anything in the main system log from devd or about CARP VIP status changes?


  • Rebel Alliance Developer Netgate

    I have a feeling it may be related to this: https://redmine.pfsense.org/issues/9384



  • @jimp I have this, and nothing more for OpenVPN :

    Aug 22 23:51:31 php-fpm 78082 /rc.carpmaster: Starting haproxy on CARP master.
    Aug 22 23:51:31 check_reload_status 564 Updating all dyndns
    Aug 22 23:51:31 dhcpleases 64285 kqueue error: unknown
    Aug 22 23:51:31 kernel done.
    Aug 22 23:51:31 kernel done.
    Aug 22 23:51:31 php 586 rc.bootup: NTPD is starting up.
    Aug 22 23:51:30 check_reload_status 564 Carp master event
    Aug 22 23:51:30 kernel carp: 1@igb0: BACKUP -> MASTER (preempting a slower master)
    Aug 22 23:51:30 kernel carp: 2@igb0: BACKUP -> MASTER (preempting a slower master)
    Aug 22 23:51:30 check_reload_status 564 Carp master event
    Aug 22 23:51:29 kernel carp: demoted by -240 to 0 (pfsync bulk done)
    Aug 22 23:51:29 php 586 rc.bootup: sync unbound done.
    Aug 22 23:51:28 check_reload_status 564 Linkup starting $igb0
    Aug 22 23:51:28 check_reload_status 564 Carp backup event
    Aug 22 23:51:28 kernel igb0: link state changed to UP
    Aug 22 23:51:28 kernel carp: demoted by -240 to 240 (interface up)
    Aug 22 23:51:28 kernel carp: 2@igb0: INIT -> BACKUP (initialization complete)
    Aug 22 23:51:28 kernel carp: demoted by -240 to 480 (interface up)
    Aug 22 23:51:28 kernel carp: 1@igb0: INIT -> BACKUP (initialization complete)
    Aug 22 23:51:28 syslogd sendto: Host is down
    Aug 22 23:51:28 check_reload_status 564 Carp backup event
    Aug 22 23:51:27 syslogd sendto: Host is down
    Aug 22 23:51:27 kernel done.
    Aug 22 23:51:27 syslogd sendto: Host is down
    Aug 22 23:51:27 kernel done.
    Aug 22 23:51:27 syslogd sendto: Host is down
    Aug 22 23:51:27 php 586 rc.bootup: Default gateway setting as default.
    Aug 22 23:51:27 syslogd sendto: Host is down
    Aug 22 23:51:27 kernel ...done.
    Aug 22 23:51:27 syslogd sendto: Host is down
    Aug 22 23:51:27 kernel .
    Aug 22 23:51:27 kernel .
    Aug 22 23:51:26 kernel pflog0: promiscuous mode enabled
    Aug 22 23:51:26 kernel tun1: changing name to 'ovpns1'
    Aug 22 23:51:26 kernel done.
    Aug 22 23:51:26 php 586 rc.bootup: Resyncing OpenVPN instances.
    Aug 22 23:51:26 php 586 rc.bootup: Configuring CARP settings finalize...
    Aug 22 23:51:26 php 586 rc.bootup: pfsync done in 0 seconds.
    Aug 22 23:51:26 php 586 rc.bootup: waiting for pfsync...
    Aug 22 23:51:25 php 586 rc.bootup: Configuring CARP settings finalize...
    Aug 22 23:51:25 php 586 rc.bootup: pfsync done in 0 seconds.
    Aug 22 23:51:25 php 586 rc.bootup: waiting for pfsync...
    Aug 22 23:51:25 syslogd Logging subprocess 11340 (exec /usr/local/sbin/sshguard) exited due to signal 15.
    Aug 22 23:51:25 sshd 11036 Server listening on 0.0.0.0 port 22.
    Aug 22 23:51:25 sshd 11036 Server listening on :: port 22.
    Aug 22 23:51:24 kernel carp: demoted by 240 to 720 (pfsync bulk start)
    Aug 22 23:51:24 kernel carp: demoted by 240 to 480 (interface down)
    Aug 22 23:51:24 kernel carp: demoted by 240 to 240 (interface down)


  • Rebel Alliance Developer Netgate

    I added a workaround for the bug I linked above and it is working much better here. Try a snapshot from later today/tomorrow or later and see if it helps yours as well.



  • @jimp Thanks, it now works for me, OpenVPN starts automatically.


Log in to reply