New to pfSense, Does OpenVPN have a service running even if not setup and configured?
-
@stephenw10 Thanks Steve- I appreciate the answer! I would agree that looks like what was happening. The "event" started at the Feb 27 03:27:45 mark as shown on this second screenshot. Most of the messages made sense for a dropped connection, just wasn't sure about the OpenVPN. Learning this is kinda like drinking from a firehose!
-
@tikirover I should have added that it was all back up and running by the time I reviewed it this morning. Just trying to make sure I understand as much as possible.
-
Yes the igc1 NIC lost link and hence all the VLANs on it. I assume that's connected to a switch? Maybe the switch rebooted?
-
@tikirover This was in one of the other logs at the same time stamp, and I believe this supports the interruption at the gateway. Since it was running again by this morning. I'm assuming it was a lease renew.
-
A lease renewal would not normally bring down the link.
Seeing dpinger restart like that implies the WAN did restart though. Is that on a VLAN on igc1?
-
@stephenw10 No the WAN is through igc0 and coming via passthrough/ATT gateway (BCG320).
I do remember seeing an update time of 3 am from my Unifi switch - but I would have thought that would have been earlier - it is on the igc1. Timing is about a 27 minutes off, but related?
-
I'd expect the switch to have logged a link change on the trunk.
Do you see igc0 logging a link state change in pfSense?
-
@stephenw10 If it would be prior to this time frame, I will have to check later. I just grabbed a handful of screenshots that had this same time stamp this morning before I came into work.
The only thing 10 min before the linkstate change/Hot plug, etc on igc1 and its related vlans are sshguard messages about Now monitoring attacks.
The OpenVPN appearance had me wondering if I had a security issue or not.
Does this seem like a functional problem, or should I be concerned about something else?
-
@tikirover In my screenshots, this message shows up for each of the igc1 interfaces
and in the gateway log the message I posted earlier was part of a string of similar messages with different PID numbers.
-
The only thing I would be concerned about is the fact that igc1 lost link for some reason. Since it's connected to a switch directly it should not.
Some of the early i225v revision (<rev3) chips had link issues. Try running:
pciconf -lv igc1
`
