New to pfSense, Does OpenVPN have a service running even if not setup and configured?

tikirover · Feb 27, 2024, 4:22 PM

@stephenw10 Thanks Steve- I appreciate the answer! I would agree that looks like what was happening. The "event" started at the Feb 27 03:27:45 mark as shown on this second screenshot. Most of the messages made sense for a dropped connection, just wasn't sure about the OpenVPN. Learning this is kinda like drinking from a firehose!

tikirover · Feb 27, 2024, 4:25 PM

@tikirover I should have added that it was all back up and running by the time I reviewed it this morning. Just trying to make sure I understand as much as possible.

stephenw10 · Feb 27, 2024, 4:29 PM

Yes the igc1 NIC lost link and hence all the VLANs on it. I assume that's connected to a switch? Maybe the switch rebooted?

tikirover · Feb 27, 2024, 4:33 PM

@tikirover This was in one of the other logs at the same time stamp, and I believe this supports the interruption at the gateway. Since it was running again by this morning. I'm assuming it was a lease renew.

stephenw10 · Feb 27, 2024, 4:37 PM

A lease renewal would not normally bring down the link.

Seeing dpinger restart like that implies the WAN did restart though. Is that on a VLAN on igc1?

tikirover · Feb 27, 2024, 4:44 PM

@stephenw10 No the WAN is through igc0 and coming via passthrough/ATT gateway (BCG320).

I do remember seeing an update time of 3 am from my Unifi switch - but I would have thought that would have been earlier - it is on the igc1. Timing is about a 27 minutes off, but related?

stephenw10 · Feb 27, 2024, 4:51 PM

I'd expect the switch to have logged a link change on the trunk.

Do you see igc0 logging a link state change in pfSense?

tikirover · Feb 27, 2024, 5:05 PM

@stephenw10 If it would be prior to this time frame, I will have to check later. I just grabbed a handful of screenshots that had this same time stamp this morning before I came into work.

The only thing 10 min before the linkstate change/Hot plug, etc on igc1 and its related vlans are sshguard messages about Now monitoring attacks.

The OpenVPN appearance had me wondering if I had a security issue or not.

Does this seem like a functional problem, or should I be concerned about something else?

tikirover · Feb 27, 2024, 5:15 PM

@tikirover In my screenshots, this message shows up for each of the igc1 interfaces

and in the gateway log the message I posted earlier was part of a string of similar messages with different PID numbers.

stephenw10 · Feb 27, 2024, 5:32 PM

The only thing I would be concerned about is the fact that igc1 lost link for some reason. Since it's connected to a switch directly it should not.

Some of the early i225v revision (<rev3) chips had link issues. Try running: pciconf -lv igc1
`