Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 1.2.3 site-to-site client OpenVPN tunnel fails to restart

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      s-n-ushakov
      last edited by

      Hi,

      I've got two pfSense 1.2.3 routers linked over OpenVPN. I have also defined a dedicated OpenVPN interface (Interfaces -> (assign)) at the client pfSense for fine-grain firewall administration as 'OpenVPN Traffic Filtering on 1.2.3' wiki article suggests.

      Everything is perfect, except that the tunnel fails to restart when I bring the OpenVPN interface down and then up.

      After system reboot the interface configuration is as follows:

      $ ifconfig
      ...
      tun1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
      	inet6 fe80::206:4fff:fe66:bef0%tun1 prefixlen 64 scopeid 0xa 
      	inet 10.1.0.5 --> 10.1.0.6 netmask 0xffffffff 
      	Opened by PID 438</up,pointopoint,running,multicast> 
      

      When I disable the OpenVPN interface, it becomes as follows:

      $ ifconfig
      ...
      tun1: flags=8050 <pointopoint,running,multicast>metric 0 mtu 1500
      	inet6 fe80::206:4fff:fe66:bef0%tun1 prefixlen 64 scopeid 0xa 
      	Opened by PID 438</pointopoint,running,multicast> 
      

      And after I enable the interface again, it becomes as follows:

      $ ifconfig
      ...
      tun1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
      	inet6 fe80::206:4fff:fe66:bef0%tun1 prefixlen 64 scopeid 0xa 
      	Opened by PID 438</up,pointopoint,running,multicast> 
      

      'ifconfig' shows that the interface is up, but no address is assigned. And the server-side OpenVPN log shows absolutely no activity after the the client system startup was finished.

      Any ideas what may be missing?

      Thanks in advance,
      Sergey

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I seem to recall on 1.2.3 when you disable or delete an OpenVPN instance it doesn't actually kill the associated OpenVPN process. Though normally if it's enabled and you edit/save it should kill and restart the process and come back ok.

        Why do you need to disable and re-enable the OpenVPN interface at all during normal usage?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          s-n-ushakov
          last edited by

          @jimp:

          I seem to recall on 1.2.3 when you disable or delete an OpenVPN instance it doesn't actually kill the associated OpenVPN process. Though normally if it's enabled and you edit/save it should kill and restart the process and come back ok.

          Why do you need to disable and re-enable the OpenVPN interface at all during normal usage?

          Well, there is definitely no point in disabling and re-enabling the interface during normal usage :) But while building and troubleshooting the network, routing, etc this is something one is likely to do from time to time… By the moment I have learned that I have to restart the router every time I make changes like these...

          Thank you for the clue, I'll try to look into the scripts and see if I can get the OpenVPN process restarted...

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            FYI- On 2.0 there are no issues of this kind. Processes are started and stopped as expected, and each OpenVPN instance has an entry under Status > Services so they can be restarted individually if needed.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              If you touch an assigned tun interface on 1.2.3, you must edit and save the associated OpenVPN client or server before it will function again (which will restart it). That works fine.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.