OpenVPN server fails after reboot until restart...

sho1sho1sho1

Hi all,

Every time I reboot pfsense, OpenVPN server shows status of "up" but clients cannot connect.

After checking the OpenVPN logs, it looks like OpenVPN UDPv4 link local (bound) to a non-existent address 192.168.0.64:15000. After restarting OpenVPN service, OpenVPN UDPv4 link local (bound) to my wan1 ip address and clients can connect.

I have ATT wan and Comcast wan... Any idea why this is happening?

OpenVPN Logs
Jan 4 04:12:00 openvpn 71244 Initialization Sequence Completed
Jan 4 04:12:00 openvpn 71244 UDPv4 link remote: [AF_UNSPEC]
Jan 4 04:12:00 openvpn 71244 UDPv4 link local (bound): [AF_INET]192.168.0.64:15000
Jan 4 04:12:00 openvpn 71244 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.99.1 255.255.255.0 init
Jan 4 04:12:00 openvpn 71244 /sbin/ifconfig ovpns1 192.168.99.1 192.168.99.2 mtu 1500 netmask 255.255.255.0 up
Jan 4 04:12:00 openvpn 71244 ioctl(TUNSIFMODE): Device busy (errno=16)
Jan 4 04:12:00 openvpn 71244 TUN/TAP device /dev/tun1 opened
Jan 4 04:12:00 openvpn 71244 TUN/TAP device ovpns1 exists previously, keep at program end
Jan 4 04:12:00 openvpn 71244 WARNING: experimental option --capath /var/etc/openvpn/server1/ca
Jan 4 04:12:00 openvpn 71244 Initializing OpenSSL support for engine 'rdrand'
Jan 4 04:12:00 openvpn 71244 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 4 04:12:00 openvpn 71244 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Jan 4 04:12:00 openvpn 71227 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10

Pfsense System Logs
Jan 4 04:11:57 php-fpm 340 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.64) (interface: ATT_WAN[wan]) (real interface: igb0).
Jan 4 04:11:57 php-fpm 340 /rc.newwanip: rc.newwanip: Info: starting on igb0.
Jan 4 04:11:56 kernel re0: link state changed to DOWN
Jan 4 04:11:56 check_reload_status 377 Linkup starting re0
Jan 4 04:11:56 check_reload_status 377 rc.newwanip starting igb0
Jan 4 04:11:17 kernel igb0: link state changed to UP

Thanks!

viragomann

@sho1sho1sho1 said in OpenVPN server fails after reboot until restart...:

Jan 4 04:11:57 php-fpm 340 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.64) (interface: ATT_WAN[wan]) (real interface: igb0).

Obviously this is your WAN IP at this time. Check where you get it from.

Maybe you can circumvent this problem by set the OpenVPN server to listen on localhost and forward OpenVPN packets to it from WAN.

sho1sho1sho1

@viragomann Looking around and found there is a "reject lease from" option under wan1 interface.

I think for some reason when pfsense reboots, upon restarting, it gets the dhcp of 192.168.0.254 from the ATT Modem. I put in "reject lease from" 192.168.0.254... I'll check tonight if this solves the issue.

Not sure if the ATT Modem's dhcp is passing out it's own ip address while it's asking upstream ATT server for the actual wan ip address.

Maybe someone with ATT can explain why modem's address gets pick up as the wan ip and then later renews to the actual wan ip.

Thanks!