Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN server exists when WAN DHCP is renewed (fixed by dyn allocated - so not changed)

    OpenVPN
    1
    1
    222
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hoegge
      last edited by

      Every now and then my OpenVPN server crashes, and I found out it happens, when the WAN DHCP IP address is renewed (but not changed). From the syslog at 9:50 the WAN renews and then ovpn1s goes down. I manually restart it 5 @ 11:05

      Oct 17 09:50:27 fw1 rc.gateway_alarm[32439]: >>> Gateway alarm: WAN_DHCP (Addr:87.blinded.blinded.blinded Alarm:1 RTT:.951ms RTTsd:.187ms Loss:21%)
Oct 17 09:50:27 fw1 check_reload_status[2558]: updating dyndns WAN_DHCP
Oct 17 09:50:27 fw1 check_reload_status[2558]: Restarting IPsec tunnels
Oct 17 09:50:27 fw1 check_reload_status[2558]: Restarting OpenVPN tunnels/interfaces
Oct 17 09:50:27 fw1 check_reload_status[2558]: Reloading filter
Oct 17 09:50:28 fw1 php-fpm[61384]: /rc.openvpn: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP'
Oct 17 09:50:28 fw1 php-fpm[61384]: /rc.openvpn: Gateway, NONE AVAILABLE
Oct 17 09:50:28 fw1 php-fpm[61384]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Oct 17 09:50:28 fw1 php-fpm[2519]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'nat' rules.
Oct 17 09:50:28 fw1 php-fpm[2519]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'pfearly' rules.
Oct 17 09:50:28 fw1 php-fpm[2519]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'filter' rules.
Oct 17 09:51:35 fw1 kernel: ovpns1: link state changed to DOWN
Oct 17 09:51:35 fw1 check_reload_status[2558]: Reloading filter
Oct 17 09:51:36 fw1 php-fpm[2520]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'nat' rules.
Oct 17 09:51:37 fw1 php-fpm[2520]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'pfearly' rules.
Oct 17 09:51:37 fw1 php-fpm[2520]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'filter' rules.
Oct 17 10:00:00 fw1 php[41235]: [pfBlockerNG] Starting cron process.
Oct 17 10:06:40 fw1 check_reload_status[2558]: rc.newwanip starting igb0
Oct 17 10:06:41 fw1 php-fpm[20489]: /rc.newwanip: rc.newwanip: Info: starting on igb0.
Oct 17 10:06:41 fw1 php-fpm[20489]: /rc.newwanip: rc.newwanip: on (IP address: <secret>) (interface: WAN[wan]) (real interface: igb0).
Oct 17 10:06:41 fw1 php-fpm[20489]: /rc.newwanip: Accept router advertisements on interface igb0 
Oct 17 10:06:41 fw1 php-fpm[20489]: /rc.newwanip: Starting rtsold process
Oct 17 10:06:43 fw1 check_reload_status[2558]: Reloading filter
Oct 17 10:06:44 fw1 php-fpm[20489]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'nat' rules.
Oct 17 10:06:44 fw1 php-fpm[20489]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'pfearly' rules.
Oct 17 10:06:44 fw1 php-fpm[20489]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'filter' rules.
Oct 17 10:06:59 fw1 php[41235]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Oct 17 10:06:59 fw1 php[41235]: 
Oct 17 10:07:39 fw1 rc.gateway_alarm[36419]: >>> Gateway alarm: WAN_DHCP (Addr:<secret> Alarm:0 RTT:1.077ms RTTsd:.224ms Loss:5%)
Oct 17 10:07:39 fw1 check_reload_status[2558]: updating dyndns WAN_DHCP
Oct 17 10:07:39 fw1 check_reload_status[2558]: Restarting IPsec tunnels
Oct 17 10:07:39 fw1 check_reload_status[2558]: Restarting OpenVPN tunnels/interfaces
Oct 17 10:07:39 fw1 check_reload_status[2558]: Reloading filter
Oct 17 10:07:40 fw1 php-fpm[61384]: /rc.openvpn: Gateway, NONE AVAILABLE
Oct 17 10:07:40 fw1 php-fpm[61384]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
Oct 17 10:07:40 fw1 php-fpm[2519]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'nat' rules.
Oct 17 10:07:40 fw1 php-fpm[2519]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'pfearly' rules.
Oct 17 10:07:41 fw1 php-fpm[2519]: /rc.filter_configure_sync: [squid] Installed but disabled. Not installing 'filter' rules.
Oct 17 11:00:00 fw1 php[50112]: [pfBlockerNG] Starting cron process.
Oct 17 11:02:15 fw1 php[50112]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Oct 17 11:02:15 fw1 php[50112]: 
Oct 17 11:02:20 fw1 php-fpm[83949]: /index.php: Successful login for user '<secret>' from: 192.168.0.20 (Local Database)
Oct 17 11:04:00 fw1 sshguard[82423]: Exiting on signal.
Oct 17 11:04:00 fw1 sshguard[12219]: Now monitoring attacks.
Oct 17 11:05:27 fw1 kernel: ovpns1: link state changed to UP
Oct 17 11:05:27 fw1 php-fpm[61384]: OpenVPN PID written: 9768
Oct 17 11:05:27 fw1 check_reload_status[2558]: Reloading filter
Oct 17 11:05:27 fw1 check_reload_status[2558]: rc.newwanip starting ovpns1

      In the OpenVPN log it shows like this:

      Oct 17 11:05:34	openvpn	9768	Initialization Sequence Completed
Oct 17 11:05:34	openvpn	9768	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 17 11:05:34	openvpn	9768	Peer Connection Initiated with [AF_INET]<secret_ip>:32284
Oct 17 11:05:27	openvpn	9768	UDPv4 link remote: [AF_UNSPEC]
Oct 17 11:05:27	openvpn	9768	UDPv4 link local (bound): [AF_INET]<secret_ip>:1194
Oct 17 11:05:27	openvpn	9768	/usr/local/sbin/ovpn-linkup ovpns1 1400 1472 10.0.8.1 10.0.8.2 init
Oct 17 11:05:27	openvpn	9768	/sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1400 netmask 255.255.255.255 up
Oct 17 11:05:27	openvpn	9768	TUN/TAP device /dev/tun1 opened
Oct 17 11:05:27	openvpn	9768	TUN/TAP device ovpns1 exists previously, keep at program end
Oct 17 11:05:27	openvpn	9768	WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Oct 17 11:05:27	openvpn	9768	Incoming Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 17 11:05:27	openvpn	9768	Incoming Static Key Encryption: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 17 11:05:27	openvpn	9768	Outgoing Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 17 11:05:27	openvpn	9768	Outgoing Static Key Encryption: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 17 11:05:27	openvpn	9768	Initializing OpenSSL support for engine 'rdrand'
Oct 17 11:05:27	openvpn	9768	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 17 11:05:27	openvpn	9597	library versions: OpenSSL 1.1.1l-freebsd 24 Aug 2021, LZO 2.10
Oct 17 11:05:27	openvpn	9597	OpenVPN 2.5.4 amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 12 2022
Oct 17 11:05:27	openvpn	9597	Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Oct 17 09:51:35	openvpn	65663	/usr/local/sbin/ovpn-linkdown ovpns1 1400 1472 10.0.8.1 10.0.8.2 init
Oct 17 09:51:35	openvpn	65663	Closing TUN/TAP interface
Oct 17 09:51:35	openvpn	65663	Exiting due to fatal error
Oct 17 09:51:35	openvpn	65663	TCP/UDP: Socket bind failed on local address [AF_INET]<secret_ip>:1194: Can't assign requested address (errno=49)
Oct 17 09:51:35	openvpn	65663	Preserving previous TUN/TAP instance: ovpns1
Oct 17 09:51:35	openvpn	65663	WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Oct 17 09:51:35	openvpn	65663	Re-using pre-shared static key
Oct 17 09:51:35	openvpn	65663	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 17 09:51:30	openvpn	65663	SIGUSR1[soft,ping-restart] received, process restarting
Oct 17 09:51:30	openvpn	65663	Inactivity timeout (--ping-restart), restarting
Oct 17 09:51:29	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:51:28	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:51:27	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:51:26	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:51:19	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:51:09	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:50:59	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:50:49	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:50:39	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:50:38	openvpn	65663	write UDPv4: No route to host (code=65)
Oct 17 09:50:37	openvpn	65663	write UDPv4: No route to host (code=65)

      Is there a way to prevent OpenVPN server from crashing when WAN IP is refreshed? (it is a fixed IP but dynaically allocated).

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.