FailOver once wan1 return, openvpn goes down


  • Hello people.

    I have a strange case.

    I setup a FailOver setup in my pfsenseHQ, 2 WANS(wan1 static IP, wan2-pppoe), I setup dyndns and use my FO group for this.

    Latter I setup OpenVPN shared key, I use my FO interface and follow the normal steps for my OpenVPN server.

    Later, I setup my client, other pfsense box, 1 wan only and for the remote server I use my dyndns name and setup everything else.

    The VPN is online, FO working.

    Now, I test my FO setup, I disconnect my WAN1 in the server side, wait some couple of minutes, dyndns switch, latter Openvpn reconnect using my wan2.

    Here everything good, working as spec ted.

    Latter, if I connect again WAN1, OpenVPN goes down until WAN1 is ready for connections.

    This behavior is normal?

    I had test this with IPSEC and this won't happen.

    Here is the server log:

    Mar 12 19:31:50	openvpn	45808	Initialization Sequence Completed
    Mar 12 19:31:50	openvpn	45808	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 12 19:29:47	openvpn	45808	UDPv4 link remote: [AF_UNSPEC]
    Mar 12 19:29:47	openvpn	45808	UDPv4 link local (bound): [AF_INET]A.B.C.D:1194
    Mar 12 19:29:47	openvpn	45808	/usr/local/sbin/ovpn-linkup ovpns1 1500 1573 10.0.0.97 10.0.0.98 init
    Mar 12 19:29:47	openvpn	45808	/sbin/ifconfig ovpns1 10.0.0.97 10.0.0.98 mtu 1500 netmask 255.255.255.255 up
    Mar 12 19:29:47	openvpn	45808	TUN/TAP device /dev/tun1 opened
    Mar 12 19:29:47	openvpn	45808	TUN/TAP device ovpns1 exists previously, keep at program end
    Mar 12 19:29:47	openvpn	45808	GDG: problem writing to routing socket
    Mar 12 19:29:47	openvpn	45808	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 12 19:29:47	openvpn	45592	library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
    Mar 12 19:29:47	openvpn	45592	OpenVPN 2.4.8 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 17 2019
    Mar 12 19:29:47	openvpn	45592	disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
    Mar 12 19:29:47	openvpn	42141	SIGTERM[hard,] received, process exiting
    Mar 12 19:29:47	openvpn	42141	/usr/local/sbin/ovpn-linkdown ovpns1 1500 1573 10.0.0.97 10.0.0.98 init
    Mar 12 19:29:47	openvpn	42141	event_wait : Interrupted system call (code=4)
    ===HERE WAN1 IS BACK ONLINE AND OPENVPN GOES DOWN
    Mar 12 19:27:01	openvpn	42141	Initialization Sequence Completed
    Mar 12 19:27:01	openvpn	42141	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 12 19:27:01	openvpn	42141	Peer Connection Initiated with [AF_INET]A.B.C.D:5293
    Mar 12 19:25:07	openvpn	42141	UDPv4 link remote: [AF_UNSPEC]
    Mar 12 19:25:07	openvpn	42141	UDPv4 link local (bound): [AF_INET]W.X.Y.Z:1194
    Mar 12 19:25:07	openvpn	42141	/usr/local/sbin/ovpn-linkup ovpns1 1500 1573 10.0.0.97 10.0.0.98 init
    Mar 12 19:25:07	openvpn	42141	/sbin/ifconfig ovpns1 10.0.0.97 10.0.0.98 mtu 1500 netmask 255.255.255.255 up
    Mar 12 19:25:07	openvpn	42141	TUN/TAP device /dev/tun1 opened
    Mar 12 19:25:07	openvpn	42141	TUN/TAP device ovpns1 exists previously, keep at program end
    Mar 12 19:25:07	openvpn	42141	GDG: problem writing to routing socket
    Mar 12 19:25:07	openvpn	42141	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 12 19:25:07	openvpn	41908	library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
    Mar 12 19:25:07	openvpn	41908	OpenVPN 2.4.8 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 17 2019
    Mar 12 19:25:07	openvpn	41908	disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
    Mar 12 19:25:06	openvpn	91661	SIGTERM[hard,] received, process exiting
    Mar 12 19:25:06	openvpn	91661	/usr/local/sbin/ovpn-linkdown ovpns1 1500 1573 10.0.0.97 10.0.0.98 init
    Mar 12 19:25:06	openvpn	91661	event_wait : Interrupted system call (code=4)
    =====HERE WAN1 GOES DOWN AND DYNDNS SWITCH TO WAN2
    Mar 12 19:13:18	openvpn	91661	Initialization Sequence Completed
    Mar 12 19:13:18	openvpn	91661	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 12 19:13:18	openvpn	91661	Peer Connection Initiated with [AF_INET]A.B.C.D:33285
    

    Any comments are welcome!!!