OpenVPN restarts on slave after XMLRPC sync
-
Hello everyone,
We're experiencing issues with XMLRPC sync. When we do a change in master (for example, adding a new user), OpenVPN resyncs in slave, causing network problems to users connected to that OpenVPN instances.
We're running 2.4.5 version on both master and slave hosts.
I'm referencing this old post as seems to be experiencing the same issue:
Re: issues with xmlrpc sync after upgrade from 2.4.3 to 2.4.4-RELEASE-p2On High Availability Sync settings we're syncing these options:
Logs on slave pfSense:
Dec 29 08:52:35 check_reload_status Starting packages Dec 29 08:52:35 check_reload_status Reloading filter Dec 29 08:52:35 php-fpm /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.236.1 - Restarting packages. Dec 29 08:52:35 php-fpm /rc.newwanip: rc.newwanip called with empty interface. Dec 29 08:52:35 php-fpm /rc.newwanip: rc.newwanip: on (IP address: 10.110.236.1) (interface: []) (real interface: ovpns2). Dec 29 08:52:35 php-fpm /rc.newwanip: rc.newwanip: Info: starting on ovpns2. Dec 29 08:52:34 check_reload_status Starting packages Dec 29 08:52:34 check_reload_status Reloading filter Dec 29 08:52:34 php-fpm /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.244.1 - Restarting packages. Dec 29 08:52:34 php-fpm /rc.newwanip: rc.newwanip called with empty interface. Dec 29 08:52:34 php-fpm /rc.newwanip: rc.newwanip: on (IP address: 10.110.244.1) (interface: []) (real interface: ovpns1). Dec 29 08:52:34 php-fpm /rc.newwanip: rc.newwanip: Info: starting on ovpns1. Dec 29 08:52:34 php-fpm OpenVPN PID written: 94356 Dec 29 08:52:34 check_reload_status rc.newwanip starting ovpns2 Dec 29 08:52:34 kernel ovpns2: link state changed to UP Dec 29 08:52:33 kernel ovpns2: link state changed to DOWN Dec 29 08:52:33 php-fpm OpenVPN terminate old pid: 85457 Dec 29 08:52:33 php-fpm OpenVPN PID written: 76872 Dec 29 08:52:33 check_reload_status rc.newwanip starting ovpns1 Dec 29 08:52:33 kernel ovpns1: link state changed to UP Dec 29 08:52:33 check_reload_status Reloading filter Dec 29 08:52:33 kernel ovpns1: link state changed to DOWN Dec 29 08:52:33 php-fpm OpenVPN terminate old pid: 67395 Dec 29 08:52:33 php-fpm /xmlrpc.php: Resyncing OpenVPN instances. Dec 29 08:52:33 php-fpm /xmlrpc.php: Gateway, none 'available' for inet6, use the first one configured. '' Dec 29 08:52:33 check_reload_status Reloading filter Dec 29 08:52:33 check_reload_status Syncing firewall
Anyone have any idea if this behavior is normal and if it is not, how to fix it?
Many thanks
-
@saymeeeow said in OpenVPN restarts on slave after XMLRPC sync:
pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.110.236.1 - Restarting packages.
Hey @saymeeeow it seems the appliance is receiving a new IP address on its WAN interface and thus restarting the OpenVPN daemon even though the OpenVPN configuration is not sync'd.
-
Hi @pcosta,
You're right, it seems the WAN interface is reconnecting and thus, restarting all the packages.
We think that's because our WAN interface is configured to use DHCP instead of having a static IP.As our pfSenses are running in AWS, we're not sure if configuring a static IP in the pfSense interface is a good practice, so we're going to ask AWS support if it's OK to do that. If it is, we'll change the interface configuration and see if it fixes the problem.
We'll keep you updated.
Thanks
-
Well... so AWS answered us and there's no problem with changing the WAN IP address to static.
We've done that on both pfSense and forced a sync, but the problem still persists...
Any other thoughts?
Thanks!
-
@saymeeeow this is a know bug: https://redmine.pfsense.org/issues/11082
you could try to replace
xmlrpc.php
on slave with this file:
xmlrpc.php.zipbe careful, it's not 100% tested
-
Hi @viktor_g,
First of all thanks for sharing this information with us, we didn't know it was a known bug.
We've been comparing the XMLRPC.php file from our pfSense with yours and we see too much differences, so we prefer to wait for an official update that hopefully fixes this issue.Many thanks
-
@saymeeeow This is as official as it gets.
Redmine says its scheduled after version 2.5
So its gonna take a while.I'm also experiencing issues with openvpn
Used as a client, when secondary node restarts, even though isn't master, openvpn client starts, causing havoc to main instance.Straight forward to replicate.