OpenVPN restarts on slave after XMLRPC sync


  • Hello everyone,

    We're experiencing issues with XMLRPC sync. When we do a change in master (for example, adding a new user), OpenVPN resyncs in slave, causing network problems to users connected to that OpenVPN instances.

    We're running 2.4.5 version on both master and slave hosts.

    I'm referencing this old post as seems to be experiencing the same issue:
    Re: issues with xmlrpc sync after upgrade from 2.4.3 to 2.4.4-RELEASE-p2

    On High Availability Sync settings we're syncing these options:

    fwsync2.png

    Logs on slave pfSense:

    Dec 29 08:52:35	check_reload_status		Starting packages
    Dec 29 08:52:35	check_reload_status		Reloading filter
    Dec 29 08:52:35	php-fpm		/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.236.1 - Restarting packages.
    Dec 29 08:52:35	php-fpm		/rc.newwanip: rc.newwanip called with empty interface.
    Dec 29 08:52:35	php-fpm		/rc.newwanip: rc.newwanip: on (IP address: 10.110.236.1) (interface: []) (real interface: ovpns2).
    Dec 29 08:52:35	php-fpm		/rc.newwanip: rc.newwanip: Info: starting on ovpns2.
    Dec 29 08:52:34	check_reload_status		Starting packages
    Dec 29 08:52:34	check_reload_status		Reloading filter
    Dec 29 08:52:34	php-fpm		/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.244.1 - Restarting packages.
    Dec 29 08:52:34	php-fpm		/rc.newwanip: rc.newwanip called with empty interface.
    Dec 29 08:52:34	php-fpm		/rc.newwanip: rc.newwanip: on (IP address: 10.110.244.1) (interface: []) (real interface: ovpns1).
    Dec 29 08:52:34	php-fpm		/rc.newwanip: rc.newwanip: Info: starting on ovpns1.
    Dec 29 08:52:34	php-fpm		OpenVPN PID written: 94356
    Dec 29 08:52:34	check_reload_status		rc.newwanip starting ovpns2
    Dec 29 08:52:34	kernel		ovpns2: link state changed to UP
    Dec 29 08:52:33	kernel		ovpns2: link state changed to DOWN
    Dec 29 08:52:33	php-fpm		OpenVPN terminate old pid: 85457
    Dec 29 08:52:33	php-fpm		OpenVPN PID written: 76872
    Dec 29 08:52:33	check_reload_status		rc.newwanip starting ovpns1
    Dec 29 08:52:33	kernel		ovpns1: link state changed to UP
    Dec 29 08:52:33	check_reload_status		Reloading filter
    Dec 29 08:52:33	kernel		ovpns1: link state changed to DOWN
    Dec 29 08:52:33	php-fpm		OpenVPN terminate old pid: 67395
    Dec 29 08:52:33	php-fpm		/xmlrpc.php: Resyncing OpenVPN instances.
    Dec 29 08:52:33	php-fpm		/xmlrpc.php: Gateway, none 'available' for inet6, use the first one configured. ''
    Dec 29 08:52:33	check_reload_status		Reloading filter
    Dec 29 08:52:33	check_reload_status		Syncing firewall
    

    Anyone have any idea if this behavior is normal and if it is not, how to fix it?

    Many thanks


  • @saymeeeow said in OpenVPN restarts on slave after XMLRPC sync:

    pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.236.1 - Restarting packages.

    Hey @saymeeeow it seems the appliance is receiving a new IP address on its WAN interface and thus restarting the OpenVPN daemon even though the OpenVPN configuration is not sync'd.


  • Hi @pcosta,

    You're right, it seems the WAN interface is reconnecting and thus, restarting all the packages.
    We think that's because our WAN interface is configured to use DHCP instead of having a static IP.

    As our pfSenses are running in AWS, we're not sure if configuring a static IP in the pfSense interface is a good practice, so we're going to ask AWS support if it's OK to do that. If it is, we'll change the interface configuration and see if it fixes the problem.

    We'll keep you updated.

    Thanks


  • Well... so AWS answered us and there's no problem with changing the WAN IP address to static.

    We've done that on both pfSense and forced a sync, but the problem still persists...

    Any other thoughts?

    Thanks!


  • @saymeeeow this is a know bug: https://redmine.pfsense.org/issues/11082

    you could try to replace xmlrpc.php on slave with this file:
    xmlrpc.php.zip

    be careful, it's not 100% tested


  • Hi @viktor_g,

    First of all thanks for sharing this information with us, we didn't know it was a known bug.
    We've been comparing the XMLRPC.php file from our pfSense with yours and we see too much differences, so we prefer to wait for an official update that hopefully fixes this issue.

    Many thanks


  • @saymeeeow This is as official as it gets.

    Redmine says its scheduled after version 2.5
    So its gonna take a while.

    I'm also experiencing issues with openvpn
    Used as a client, when secondary node restarts, even though isn't master, openvpn client starts, causing havoc to main instance.

    Straight forward to replicate.