Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Status Issues in 2.4.5-RELEASE-p1

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 445 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      Gcon
      last edited by

      I'm having some issues with OpenVPN tunnel status in the Dashboard of 2.4.5-RELEASE-p1. Am running pfsense on a Dell R710 with ESXI 6.5 + latest updates. Never seemed to have issues prior to upgrade to the latest code (previously was on the last 2.4.4 version, and skipped the first release of 2.4.5).

      What happens is the statuses of my three OpenVPN tunnels are fine upon reboot, but over time they seem to randomly report as down, even though the tunnels are up - confirmed with pinging and browsing to web GUIs of devices through the tunnels, and also the gateway monitoring shows them up with correct latencies etc.

      Anyway if I go to status > OpenVPN I can "Restart openvpn Service" and that'll get the "Status" back to "up". I have been doing this after hours for several days now, and have rebooted a few times which hasn't fixed the issue. Any ideas of what's going on? Thanks in advance.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Gcon
        last edited by Gertjan

        Hi,

        @Gcon said in OpenVPN Status Issues in 2.4.5-RELEASE-p1:

        Any ideas of what's going on?

        Not really.

        Normally, you should see this :

        fb1a6d4f-a67f-4d91-b727-2da351bfdf31-image.png

        this is a GUI or graphical representation of what could be found in the OpenVPN logs :

        The manual way :

        [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/etc/inc: telnet /var/etc/openvpn/client2.sock
Trying /var/etc/openvpn/client2.sock...
Connected to /var/etc/openvpn/client2.sock.
Escape character is '^]'.
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
state 1
1597761620,CONNECTED,SUCCESS,10.26.0.50,203.159.81.117,1195,192.168.10.3,5922
END
status 2
OpenVPN STATISTICS
Updated,Tue Aug 18 16:48:31 2020
TUN/TAP read bytes,116
TUN/TAP write bytes,0
TCP/UDP read bytes,8732
TCP/UDP write bytes,8649
Auth read bytes,768
pre-compress bytes,0
post-compress bytes,0
pre-decompress bytes,0
post-decompress bytes,0
END
quit
Connection closed by foreign host.
[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/etc/inc:

        I TELNET'ed to the socket of the OpenVPN cient process, and gave the commands :

        state 1
status 2

        and

        quit

        to end.

        The info obtained is used to format the GUI info.

        You should have the

        1597761620,CONNECTED,SUCCESS,10.26.0.50,203.159.81.117,1195,192.168.10.3,5922

        which states that openvpn (client mode) is connected right now, the IP's, the ports etc.

        This is what is shown - normally, in the logs :

        3c006529-a12e-43cb-8867-ff8df7e6d652-image.png

        edit : Please understand that I not explaining what happens on your system. Only you can find that out.
        I showed you how to obtain 'some more' info.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        G 1 Reply Last reply Reply Quote 0
        • G Offline
          Gcon @Gertjan
          last edited by

          @Gertjan Thanks for the great info. None of the statuses have reported incorrectly today so all good there. I'll check the sockets if/when it happens again. Only issue I'm seeing in the logs is,
          "WARNING: 'ifconfig' is present in local config but missing in remote config, local='ifconfig 10.255.27.9 10.255.27.10'"

          same as this old post https://forum.netgate.com/topic/31751/openvpn-ifconfig-warning
          ...and I've reached the same conclusons as the OP in that - in that I believe my configuration is correct and there's no config actually to correct in the web GUI. Doesn't seem related but just thought I'd mention it.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.