OpenVPN: Dropped connections not restarted
MrHorizontal last edited by
In yesterday's snap (22/04), OpenVPN client connections are being mysteriously killed with a hard exit well before any timeouts are triggered and not brought up again automatically.
Connections are dropping from a mysterious log message:
Apr 22 23:32:16 pf2 openvpn: event_wait : Interrupted system call (code=4) Apr 22 23:32:16 pf2 openvpn: /etc/rc.filter_configure ovpnc1 1500 1562 10.0.61.30 10.0.61.29 init Apr 22 23:32:16 pf2 openvpn: SIGTERM[hard,] received, process exiting
In the main system log at the same time, I have the following messages:
Apr 22 23:32:01 pf2 dhclient: netstat Apr 22 23:32:01 pf2 dhclient: RENEW Apr 22 23:32:01 pf2 dhclient: Creating resolv.conf Apr 22 23:32:11 pf2 php: : rc.newwanip: Informational is starting . Apr 22 23:32:11 pf2 php: : rc.newwanip: on (IP address: 10.0.0.136) (interface: wan) (real interface: em1). Apr 22 23:32:11 pf2 php: : The command 'route add -host A.B.C.D 10.0.32.1' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add host A.B.C.D: gateway 10.0.32.1: Network is unreachable' Apr 22 23:32:16 pf2 kernel: ovpnc1: link state changed to DOWN
If I resave each OVPN connection, the connections duly come back up again and then go down again after about 30 mins. The earliest timeout configured in the OVPN connections is 3 hours (recycle TLS control channel)
blackb1rd last edited by
I saw this behavior of dropping OVPN connections today and it seems to happen when dhclient renews it's wan ip address (which never changes in my case, no need to drop it), however the connection came back quite rapidly. I guess your wan ip dhcp renewal interval is set to 30 minutes, which explains the drops you're experiencing. I think it's a bug, as said before, no need to drop it's tunnels when the ip address remains the same.
Not sure why in my case the connection came back, possibly being triggered by packets, don't know.
Using snapshot 14/04.
cmb last edited by
yeah updated this. http://redmine.pfsense.org/issues/show/449