PfSense 1.2.3 site-to-site client OpenVPN tunnel fails to restart



  • Hi,

    I've got two pfSense 1.2.3 routers linked over OpenVPN. I have also defined a dedicated OpenVPN interface (Interfaces -> (assign)) at the client pfSense for fine-grain firewall administration as 'OpenVPN Traffic Filtering on 1.2.3' wiki article suggests.

    Everything is perfect, except that the tunnel fails to restart when I bring the OpenVPN interface down and then up.

    After system reboot the interface configuration is as follows:

    $ ifconfig
    ...
    tun1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
    	inet6 fe80::206:4fff:fe66:bef0%tun1 prefixlen 64 scopeid 0xa 
    	inet 10.1.0.5 --> 10.1.0.6 netmask 0xffffffff 
    	Opened by PID 438</up,pointopoint,running,multicast> 
    

    When I disable the OpenVPN interface, it becomes as follows:

    $ ifconfig
    ...
    tun1: flags=8050 <pointopoint,running,multicast>metric 0 mtu 1500
    	inet6 fe80::206:4fff:fe66:bef0%tun1 prefixlen 64 scopeid 0xa 
    	Opened by PID 438</pointopoint,running,multicast> 
    

    And after I enable the interface again, it becomes as follows:

    $ ifconfig
    ...
    tun1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
    	inet6 fe80::206:4fff:fe66:bef0%tun1 prefixlen 64 scopeid 0xa 
    	Opened by PID 438</up,pointopoint,running,multicast> 
    

    'ifconfig' shows that the interface is up, but no address is assigned. And the server-side OpenVPN log shows absolutely no activity after the the client system startup was finished.

    Any ideas what may be missing?

    Thanks in advance,
    Sergey


  • Rebel Alliance Developer Netgate

    I seem to recall on 1.2.3 when you disable or delete an OpenVPN instance it doesn't actually kill the associated OpenVPN process. Though normally if it's enabled and you edit/save it should kill and restart the process and come back ok.

    Why do you need to disable and re-enable the OpenVPN interface at all during normal usage?



  • @jimp:

    I seem to recall on 1.2.3 when you disable or delete an OpenVPN instance it doesn't actually kill the associated OpenVPN process. Though normally if it's enabled and you edit/save it should kill and restart the process and come back ok.

    Why do you need to disable and re-enable the OpenVPN interface at all during normal usage?

    Well, there is definitely no point in disabling and re-enabling the interface during normal usage :) But while building and troubleshooting the network, routing, etc this is something one is likely to do from time to time… By the moment I have learned that I have to restart the router every time I make changes like these...

    Thank you for the clue, I'll try to look into the scripts and see if I can get the OpenVPN process restarted...


  • Rebel Alliance Developer Netgate

    FYI- On 2.0 there are no issues of this kind. Processes are started and stopped as expected, and each OpenVPN instance has an entry under Status > Services so they can be restarted individually if needed.



  • If you touch an assigned tun interface on 1.2.3, you must edit and save the associated OpenVPN client or server before it will function again (which will restart it). That works fine.


Locked