OpenVPN does not start automatically when listening to CARP address

BN82

Hello,

I've noticed that on PfSense 2.5 (2.5.0.a.20190816.0044) OpenVPN does not start automatically when it's listening to a CARP address. If I changed the interface to the normal address (Not CARP), then OpenVPN will start at next reboot.
Also if OpenVPN stops for any reasons, it will not start again automatically.

Can you have a look at it ? what other information do you need ?

Regards,
BN

jimp

I'm seeing sort of a similar thing here but it's not consistent. Some start, some don't, even ones that are using the CARP VIP for an interface. If I put the master into maintenance mode, all of the instances stop on the primary start on the secondary (as they should). If I take the primary out of maintenance mode, the same ones that didn't start at boot also fail to start.

Probably need to see if there are any errors in the OpenVPN log at least.

BN82

@jimp I have nothing in OpenVPN logs, it is simply not started at all.
For me OpenVPN failover doesn't work, it is not started at all when a switchover occurs.

jimp

Is there anything in the main system log from devd or about CARP VIP status changes?

jimp

I have a feeling it may be related to this: https://redmine.pfsense.org/issues/9384

BN82

@jimp I have this, and nothing more for OpenVPN :

Aug 22 23:51:31 php-fpm 78082 /rc.carpmaster: Starting haproxy on CARP master.
Aug 22 23:51:31 check_reload_status 564 Updating all dyndns
Aug 22 23:51:31 dhcpleases 64285 kqueue error: unknown
Aug 22 23:51:31 kernel done.
Aug 22 23:51:31 kernel done.
Aug 22 23:51:31 php 586 rc.bootup: NTPD is starting up.
Aug 22 23:51:30 check_reload_status 564 Carp master event
Aug 22 23:51:30 kernel carp: 1@igb0: BACKUP -> MASTER (preempting a slower master)
Aug 22 23:51:30 kernel carp: 2@igb0: BACKUP -> MASTER (preempting a slower master)
Aug 22 23:51:30 check_reload_status 564 Carp master event
Aug 22 23:51:29 kernel carp: demoted by -240 to 0 (pfsync bulk done)
Aug 22 23:51:29 php 586 rc.bootup: sync unbound done.
Aug 22 23:51:28 check_reload_status 564 Linkup starting $igb0
Aug 22 23:51:28 check_reload_status 564 Carp backup event
Aug 22 23:51:28 kernel igb0: link state changed to UP
Aug 22 23:51:28 kernel carp: demoted by -240 to 240 (interface up)
Aug 22 23:51:28 kernel carp: 2@igb0: INIT -> BACKUP (initialization complete)
Aug 22 23:51:28 kernel carp: demoted by -240 to 480 (interface up)
Aug 22 23:51:28 kernel carp: 1@igb0: INIT -> BACKUP (initialization complete)
Aug 22 23:51:28 syslogd sendto: Host is down
Aug 22 23:51:28 check_reload_status 564 Carp backup event
Aug 22 23:51:27 syslogd sendto: Host is down
Aug 22 23:51:27 kernel done.
Aug 22 23:51:27 syslogd sendto: Host is down
Aug 22 23:51:27 kernel done.
Aug 22 23:51:27 syslogd sendto: Host is down
Aug 22 23:51:27 php 586 rc.bootup: Default gateway setting as default.
Aug 22 23:51:27 syslogd sendto: Host is down
Aug 22 23:51:27 kernel ...done.
Aug 22 23:51:27 syslogd sendto: Host is down
Aug 22 23:51:27 kernel .
Aug 22 23:51:27 kernel .
Aug 22 23:51:26 kernel pflog0: promiscuous mode enabled
Aug 22 23:51:26 kernel tun1: changing name to 'ovpns1'
Aug 22 23:51:26 kernel done.
Aug 22 23:51:26 php 586 rc.bootup: Resyncing OpenVPN instances.
Aug 22 23:51:26 php 586 rc.bootup: Configuring CARP settings finalize...
Aug 22 23:51:26 php 586 rc.bootup: pfsync done in 0 seconds.
Aug 22 23:51:26 php 586 rc.bootup: waiting for pfsync...
Aug 22 23:51:25 php 586 rc.bootup: Configuring CARP settings finalize...
Aug 22 23:51:25 php 586 rc.bootup: pfsync done in 0 seconds.
Aug 22 23:51:25 php 586 rc.bootup: waiting for pfsync...
Aug 22 23:51:25 syslogd Logging subprocess 11340 (exec /usr/local/sbin/sshguard) exited due to signal 15.
Aug 22 23:51:25 sshd 11036 Server listening on 0.0.0.0 port 22.
Aug 22 23:51:25 sshd 11036 Server listening on :: port 22.
Aug 22 23:51:24 kernel carp: demoted by 240 to 720 (pfsync bulk start)
Aug 22 23:51:24 kernel carp: demoted by 240 to 480 (interface down)
Aug 22 23:51:24 kernel carp: demoted by 240 to 240 (interface down)

jimp

I added a workaround for the bug I linked above and it is working much better here. Try a snapshot from later today/tomorrow or later and see if it helps yours as well.

BN82

@jimp Thanks, it now works for me, OpenVPN starts automatically.