FailOver once wan1 return, openvpn goes down
-
Hello people.
I have a strange case.
I setup a FailOver setup in my pfsenseHQ, 2 WANS(wan1 static IP, wan2-pppoe), I setup dyndns and use my FO group for this.
Latter I setup OpenVPN shared key, I use my FO interface and follow the normal steps for my OpenVPN server.
Later, I setup my client, other pfsense box, 1 wan only and for the remote server I use my dyndns name and setup everything else.
The VPN is online, FO working.
Now, I test my FO setup, I disconnect my WAN1 in the server side, wait some couple of minutes, dyndns switch, latter Openvpn reconnect using my wan2.
Here everything good, working as spec ted.
Latter, if I connect again WAN1, OpenVPN goes down until WAN1 is ready for connections.
This behavior is normal?
I had test this with IPSEC and this won't happen.
Here is the server log:
Mar 12 19:31:50 openvpn 45808 Initialization Sequence Completed Mar 12 19:31:50 openvpn 45808 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mar 12 19:29:47 openvpn 45808 UDPv4 link remote: [AF_UNSPEC] Mar 12 19:29:47 openvpn 45808 UDPv4 link local (bound): [AF_INET]A.B.C.D:1194 Mar 12 19:29:47 openvpn 45808 /usr/local/sbin/ovpn-linkup ovpns1 1500 1573 10.0.0.97 10.0.0.98 init Mar 12 19:29:47 openvpn 45808 /sbin/ifconfig ovpns1 10.0.0.97 10.0.0.98 mtu 1500 netmask 255.255.255.255 up Mar 12 19:29:47 openvpn 45808 TUN/TAP device /dev/tun1 opened Mar 12 19:29:47 openvpn 45808 TUN/TAP device ovpns1 exists previously, keep at program end Mar 12 19:29:47 openvpn 45808 GDG: problem writing to routing socket Mar 12 19:29:47 openvpn 45808 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 12 19:29:47 openvpn 45592 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10 Mar 12 19:29:47 openvpn 45592 OpenVPN 2.4.8 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 17 2019 Mar 12 19:29:47 openvpn 45592 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Mar 12 19:29:47 openvpn 42141 SIGTERM[hard,] received, process exiting Mar 12 19:29:47 openvpn 42141 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1573 10.0.0.97 10.0.0.98 init Mar 12 19:29:47 openvpn 42141 event_wait : Interrupted system call (code=4) ===HERE WAN1 IS BACK ONLINE AND OPENVPN GOES DOWN Mar 12 19:27:01 openvpn 42141 Initialization Sequence Completed Mar 12 19:27:01 openvpn 42141 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mar 12 19:27:01 openvpn 42141 Peer Connection Initiated with [AF_INET]A.B.C.D:5293 Mar 12 19:25:07 openvpn 42141 UDPv4 link remote: [AF_UNSPEC] Mar 12 19:25:07 openvpn 42141 UDPv4 link local (bound): [AF_INET]W.X.Y.Z:1194 Mar 12 19:25:07 openvpn 42141 /usr/local/sbin/ovpn-linkup ovpns1 1500 1573 10.0.0.97 10.0.0.98 init Mar 12 19:25:07 openvpn 42141 /sbin/ifconfig ovpns1 10.0.0.97 10.0.0.98 mtu 1500 netmask 255.255.255.255 up Mar 12 19:25:07 openvpn 42141 TUN/TAP device /dev/tun1 opened Mar 12 19:25:07 openvpn 42141 TUN/TAP device ovpns1 exists previously, keep at program end Mar 12 19:25:07 openvpn 42141 GDG: problem writing to routing socket Mar 12 19:25:07 openvpn 42141 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 12 19:25:07 openvpn 41908 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10 Mar 12 19:25:07 openvpn 41908 OpenVPN 2.4.8 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 17 2019 Mar 12 19:25:07 openvpn 41908 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Mar 12 19:25:06 openvpn 91661 SIGTERM[hard,] received, process exiting Mar 12 19:25:06 openvpn 91661 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1573 10.0.0.97 10.0.0.98 init Mar 12 19:25:06 openvpn 91661 event_wait : Interrupted system call (code=4) =====HERE WAN1 GOES DOWN AND DYNDNS SWITCH TO WAN2 Mar 12 19:13:18 openvpn 91661 Initialization Sequence Completed Mar 12 19:13:18 openvpn 91661 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mar 12 19:13:18 openvpn 91661 Peer Connection Initiated with [AF_INET]A.B.C.D:33285
Any comments are welcome!!!