Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN restarts on slave after XMLRPC sync

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    7 Posts 4 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saymeeeow
      last edited by

      Hello everyone,

      We're experiencing issues with XMLRPC sync. When we do a change in master (for example, adding a new user), OpenVPN resyncs in slave, causing network problems to users connected to that OpenVPN instances.

      We're running 2.4.5 version on both master and slave hosts.

      I'm referencing this old post as seems to be experiencing the same issue:
      Re: issues with xmlrpc sync after upgrade from 2.4.3 to 2.4.4-RELEASE-p2

      On High Availability Sync settings we're syncing these options:

      fwsync2.png

      Logs on slave pfSense:

      Dec 29 08:52:35	check_reload_status		Starting packages
      Dec 29 08:52:35	check_reload_status		Reloading filter
      Dec 29 08:52:35	php-fpm		/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.236.1 - Restarting packages.
      Dec 29 08:52:35	php-fpm		/rc.newwanip: rc.newwanip called with empty interface.
      Dec 29 08:52:35	php-fpm		/rc.newwanip: rc.newwanip: on (IP address: 10.110.236.1) (interface: []) (real interface: ovpns2).
      Dec 29 08:52:35	php-fpm		/rc.newwanip: rc.newwanip: Info: starting on ovpns2.
      Dec 29 08:52:34	check_reload_status		Starting packages
      Dec 29 08:52:34	check_reload_status		Reloading filter
      Dec 29 08:52:34	php-fpm		/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.244.1 - Restarting packages.
      Dec 29 08:52:34	php-fpm		/rc.newwanip: rc.newwanip called with empty interface.
      Dec 29 08:52:34	php-fpm		/rc.newwanip: rc.newwanip: on (IP address: 10.110.244.1) (interface: []) (real interface: ovpns1).
      Dec 29 08:52:34	php-fpm		/rc.newwanip: rc.newwanip: Info: starting on ovpns1.
      Dec 29 08:52:34	php-fpm		OpenVPN PID written: 94356
      Dec 29 08:52:34	check_reload_status		rc.newwanip starting ovpns2
      Dec 29 08:52:34	kernel		ovpns2: link state changed to UP
      Dec 29 08:52:33	kernel		ovpns2: link state changed to DOWN
      Dec 29 08:52:33	php-fpm		OpenVPN terminate old pid: 85457
      Dec 29 08:52:33	php-fpm		OpenVPN PID written: 76872
      Dec 29 08:52:33	check_reload_status		rc.newwanip starting ovpns1
      Dec 29 08:52:33	kernel		ovpns1: link state changed to UP
      Dec 29 08:52:33	check_reload_status		Reloading filter
      Dec 29 08:52:33	kernel		ovpns1: link state changed to DOWN
      Dec 29 08:52:33	php-fpm		OpenVPN terminate old pid: 67395
      Dec 29 08:52:33	php-fpm		/xmlrpc.php: Resyncing OpenVPN instances.
      Dec 29 08:52:33	php-fpm		/xmlrpc.php: Gateway, none 'available' for inet6, use the first one configured. ''
      Dec 29 08:52:33	check_reload_status		Reloading filter
      Dec 29 08:52:33	check_reload_status		Syncing firewall
      

      Anyone have any idea if this behavior is normal and if it is not, how to fix it?

      Many thanks

      P 1 Reply Last reply Reply Quote 0
      • P
        pcosta @saymeeeow
        last edited by

        @saymeeeow said in OpenVPN restarts on slave after XMLRPC sync:

        pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.236.1 - Restarting packages.

        Hey @saymeeeow it seems the appliance is receiving a new IP address on its WAN interface and thus restarting the OpenVPN daemon even though the OpenVPN configuration is not sync'd.

        S 1 Reply Last reply Reply Quote 0
        • S
          saymeeeow @pcosta
          last edited by

          Hi @pcosta,

          You're right, it seems the WAN interface is reconnecting and thus, restarting all the packages.
          We think that's because our WAN interface is configured to use DHCP instead of having a static IP.

          As our pfSenses are running in AWS, we're not sure if configuring a static IP in the pfSense interface is a good practice, so we're going to ask AWS support if it's OK to do that. If it is, we'll change the interface configuration and see if it fixes the problem.

          We'll keep you updated.

          Thanks

          S 1 Reply Last reply Reply Quote 0
          • S
            saymeeeow @saymeeeow
            last edited by

            Well... so AWS answered us and there's no problem with changing the WAN IP address to static.

            We've done that on both pfSense and forced a sync, but the problem still persists...

            Any other thoughts?

            Thanks!

            viktor_gV 1 Reply Last reply Reply Quote 0
            • viktor_gV
              viktor_g Netgate @saymeeeow
              last edited by

              @saymeeeow this is a know bug: https://redmine.pfsense.org/issues/11082

              you could try to replace xmlrpc.php on slave with this file:
              xmlrpc.php.zip

              be careful, it's not 100% tested

              1 Reply Last reply Reply Quote 1
              • S
                saymeeeow
                last edited by

                Hi @viktor_g,

                First of all thanks for sharing this information with us, we didn't know it was a known bug.
                We've been comparing the XMLRPC.php file from our pfSense with yours and we see too much differences, so we prefer to wait for an official update that hopefully fixes this issue.

                Many thanks

                N 1 Reply Last reply Reply Quote 0
                • N
                  netblues @saymeeeow
                  last edited by

                  @saymeeeow This is as official as it gets.

                  Redmine says its scheduled after version 2.5
                  So its gonna take a while.

                  I'm also experiencing issues with openvpn
                  Used as a client, when secondary node restarts, even though isn't master, openvpn client starts, causing havoc to main instance.

                  Straight forward to replicate.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.