Disconnecting WAN Interface Kills OpenVPN Servers on Other Interface
-
Netgate SG-2100
21.02.2-RELEASE (arm64)I have a cable modem plugged into WAN getting a DHCP address from a provider.
I have the 4 port switch configured each with their own VLAN. I followed the SG2100 guide. All except port 1. I left port one as an access port, and lan port, and left it alone.
Here is a copy and paste:
SG-2100 Switch 802.1Q VLANs
EnableEnable 802.1q VLAN mode
If enabled, packets with unknown VLAN tags will be dropped.
VLAN table
VLAN group VLAN tag Members Description Action
0 1 1,5 Default System VLANDefault System VLAN
1 4084 4,5t LAN Switch Port 4
2 4083 3,5t LAN Switch Port 3
3 4082 2,5t LAN Switch Port 2LAN1 - mvneta1
LAN4VZW - VLAN 4084 on mvneta1
WAN - mvneta0
When I pull the cable from the WAN. The TCP OpenVPN running over LAN4VZW stops instantly, and will not work again until I plug the cable back into the WAN.
I tested just internet failure, and leaving the interface up. I had someone unscrew the coax from the back of the modem, and let the gateway fail, and the VPN did not stop working running over LAN4VZW.
I also tested the reverse. If I unplug a cable from LAN4VZW, the VPN on WAN keeps on trucking.
VPN on WAN:
WAN UDP4 / 45465
(TUN)VPN on LAN4VZW:
LAN4VZW TCP4 / 45465
(TUN)Both have the same mode:
Mode: Remote Access ( SSL/TLS + User Auth )
Data Ciphers: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305, AES-256-CBC
Digest: SHA1
D-H Params: 4096 bitsDifferent users/same users, makes no difference.
tun layer 3 vpn/tcp on ipv4 only with the specific interface selected in each config respectivly.
subnet topology with different unused /24 subnets dedicated to each VPN.
Gateway creation ipv4 only.
I tried to report it as a bug, but Jim's bug hate shot me down.
-
Nothing here?
I guess I should purchase a Netgate support package to get an answer to this?
-
@webdawg said in Disconnecting WAN Interface Kills OpenVPN Servers on Other Interface:
When I pull the cable from the WAN. The TCP OpenVPN running over LAN4VZW stops instantly, and will not work again until I plug the cable back into the WAN.
I tested just internet failure, and leaving the interface up. I had someone unscrew the coax from the back of the modem, and let the gateway fail, and the VPN did not stop working running over LAN4VZW.Difference is that Wan Cable pull , makes the IF go down immediately.
Are you sure it's not Unbound (DNS) or some other process , that aborts.
When Wan goes down ?How do you reach the LAN4VZW if the wan is down , or are you running OpenVPN internally" ??
/Bingo
-
So as one of the final tests after installing a router at one of our locations is for my to VPN in via a VPN server hosted on the Verizon Cell backup. I then ask the manager to unplug the wan cable, so we can test the cell failover.
As soon as the manager unplugs the cable, the VPN goes down. I have verified that I am connected to the right VPN server, and that all the traffic is on the correct interface.
If the manager unplugs the cable on the Verizon interface the WAN VPN does not go down. The VPNS are basically exactly the same. I copy one from the other.
-
@webdawg
Based on the info you have given , and not answered.
I have no clue about what can be wrong, or help you out further.You might be right in trying to approach Netgate for help.
/Bingo
-
@bingo600 what are you talking about?
I know it goes down, because the VPN stops working?
The VPN stops working immediately.
What does unbound or any other service have to do with pinging a router over a VPN?
