OpenVPN Status Issues in 2.4.5-RELEASE-p1


  • I'm having some issues with OpenVPN tunnel status in the Dashboard of 2.4.5-RELEASE-p1. Am running pfsense on a Dell R710 with ESXI 6.5 + latest updates. Never seemed to have issues prior to upgrade to the latest code (previously was on the last 2.4.4 version, and skipped the first release of 2.4.5).

    What happens is the statuses of my three OpenVPN tunnels are fine upon reboot, but over time they seem to randomly report as down, even though the tunnels are up - confirmed with pinging and browsing to web GUIs of devices through the tunnels, and also the gateway monitoring shows them up with correct latencies etc.

    Anyway if I go to status > OpenVPN I can "Restart openvpn Service" and that'll get the "Status" back to "up". I have been doing this after hours for several days now, and have rebooted a few times which hasn't fixed the issue. Any ideas of what's going on? Thanks in advance.


  • Hi,

    @Gcon said in OpenVPN Status Issues in 2.4.5-RELEASE-p1:

    Any ideas of what's going on?

    Not really.

    Normally, you should see this :

    fb1a6d4f-a67f-4d91-b727-2da351bfdf31-image.png

    this is a GUI or graphical representation of what could be found in the OpenVPN logs :

    The manual way :

    [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/etc/inc: telnet /var/etc/openvpn/client2.sock
    Trying /var/etc/openvpn/client2.sock...
    Connected to /var/etc/openvpn/client2.sock.
    Escape character is '^]'.
    >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
    state 1
    1597761620,CONNECTED,SUCCESS,10.26.0.50,203.159.81.117,1195,192.168.10.3,5922
    END
    status 2
    OpenVPN STATISTICS
    Updated,Tue Aug 18 16:48:31 2020
    TUN/TAP read bytes,116
    TUN/TAP write bytes,0
    TCP/UDP read bytes,8732
    TCP/UDP write bytes,8649
    Auth read bytes,768
    pre-compress bytes,0
    post-compress bytes,0
    pre-decompress bytes,0
    post-decompress bytes,0
    END
    quit
    Connection closed by foreign host.
    [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/etc/inc:
    

    I TELNET'ed to the socket of the OpenVPN cient process, and gave the commands :

    state 1
    status 2
    

    and

    quit
    

    to end.

    The info obtained is used to format the GUI info.

    You should have the

    1597761620,CONNECTED,SUCCESS,10.26.0.50,203.159.81.117,1195,192.168.10.3,5922
    

    which states that openvpn (client mode) is connected right now, the IP's, the ports etc.

    This is what is shown - normally, in the logs :

    3c006529-a12e-43cb-8867-ff8df7e6d652-image.png

    edit : Please understand that I not explaining what happens on your system. Only you can find that out.
    I showed you how to obtain 'some more' info.


  • @Gertjan Thanks for the great info. None of the statuses have reported incorrectly today so all good there. I'll check the sockets if/when it happens again. Only issue I'm seeing in the logs is,
    "WARNING: 'ifconfig' is present in local config but missing in remote config, local='ifconfig 10.255.27.9 10.255.27.10'"

    same as this old post https://forum.netgate.com/topic/31751/openvpn-ifconfig-warning
    ...and I've reached the same conclusons as the OP in that - in that I believe my configuration is correct and there's no config actually to correct in the web GUI. Doesn't seem related but just thought I'd mention it.