IPSec not useable if openvpn server down
-
If I stop openvpn server (pfsense2) the client (pfsense1) will cyclic restart racoon.
02:06:51 php: : Forcefully reloading IPsec racoon daemon 02:06:51 php: : Forcefully reloading IPsec racoon daemon 02:06:51 php: : Forcefully reloading IPsec racoon daemon 02:06:45 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.215 02:06:45 php: : rc.newwanip: on (IP address: 10.255.255.130) (interface: opt6) (real interface: ovpnc2). 02:06:45 php: : rc.newwanip: Informational is starting ovpnc2. 02:06:45 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.215 02:06:45 php: : rc.newwanip: on (IP address: 10.255.255.2) (interface: opt7) (real interface: ovpnc1). 02:06:45 php: : rc.newwanip: Informational is starting ovpnc1. 02:06:45 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.215 02:06:45 php: : rc.newwanip: on (IP address: 10.255.255.193) (interface: opt8) (real interface: ovpns3). 02:06:45 php: : rc.newwanip: Informational is starting ovpns3. 02:06:43 php: : phpDynDNS (): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:06:43 check_reload_status: rc.newwanip starting ovpnc2 02:06:43 kernel: ovpnc2: link state changed to UP 02:06:43 php: : The command '/sbin/route -q delete 10.255.255.130' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:06:43 kernel: ovpnc2: link state changed to DOWN 02:06:43 check_reload_status: rc.newwanip starting ovpnc1 02:06:43 kernel: ovpnc1: link state changed to UP 02:06:43 php: : The command '/sbin/route -q delete 10.255.255.2' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:06:42 kernel: ovpnc1: link state changed to DOWN 02:06:42 check_reload_status: rc.newwanip starting ovpns3 02:06:42 kernel: ovpns3: link state changed to UP 02:06:42 php: : The command '/sbin/route -q delete 10.255.255.193' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:06:42 php: : phpDynDNS (): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:06:42 kernel: ovpns3: link state changed to DOWN 02:06:42 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. 02:06:40 check_reload_status: Reloading filter 02:06:40 check_reload_status: Restarting OpenVPN tunnels/interfaces 02:06:40 check_reload_status: Restarting ipsec tunnels 02:06:40 check_reload_status: Updating all dyndns 02:06:26 php: : Forcefully reloading IPsec racoon daemon 02:06:25 php: : Forcefully reloading IPsec racoon daemon 02:06:25 php: : Forcefully reloading IPsec racoon daemon 02:06:20 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.215 02:06:20 php: : rc.newwanip: on (IP address: 10.255.255.130) (interface: opt6) (real interface: ovpnc2). 02:06:20 php: : rc.newwanip: Informational is starting ovpnc2. 02:06:19 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.215 02:06:19 php: : rc.newwanip: on (IP address: 10.255.255.2) (interface: opt7) (real interface: ovpnc1). 02:06:19 php: : rc.newwanip: Informational is starting ovpnc1. 02:06:19 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.215 02:06:19 php: : rc.newwanip: on (IP address: 10.255.255.193) (interface: opt8) (real interface: ovpns3). 02:06:19 php: : rc.newwanip: Informational is starting ovpns3. 02:06:18 php: : phpDynDNS (): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:06:17 check_reload_status: rc.newwanip starting ovpnc2 02:06:17 kernel: ovpnc2: link state changed to UP 02:06:17 php: : The command '/sbin/route -q delete 10.255.255.130' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:06:17 check_reload_status: rc.newwanip starting ovpnc1 02:06:17 kernel: ovpnc2: link state changed to DOWN 02:06:17 kernel: ovpnc1: link state changed to UP 02:06:17 php: : The command '/sbin/route -q delete 10.255.255.2' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:06:17 kernel: ovpnc1: link state changed to DOWN 02:06:17 check_reload_status: rc.newwanip starting ovpns3 02:06:17 kernel: ovpns3: link state changed to UP 02:06:17 php: : The command '/sbin/route -q delete 10.255.255.193' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:06:17 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. 02:06:17 php: : phpDynDNS (): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:06:17 kernel: ovpns3: link state changed to DOWN 02:06:14 check_reload_status: Reloading filter 02:06:14 check_reload_status: Restarting OpenVPN tunnels/interfaces 02:06:14 check_reload_status: Restarting ipsec tunnels 02:06:14 check_reload_status: Updating all dyndns
-
I just see if the client is rebooting the server got a loop too.
02:28:47 check_reload_status: rc.newwanip starting ovpns3 02:28:47 kernel: ovpns3: link state changed to UP 02:28:47 php: : The command '/sbin/route -q delete 10.255.255.9' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:28:46 kernel: ovpns3: link state changed to DOWN 02:28:46 php: : phpDynDNS (sinsheim.dyndns.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:28:46 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. 02:28:44 check_reload_status: Reloading filter 02:28:44 check_reload_status: Restarting OpenVPN tunnels/interfaces 02:28:44 check_reload_status: Restarting ipsec tunnels 02:28:44 check_reload_status: Updating all dyndns 02:28:31 php: : Could not determine VPN endpoint for 'roadwarriors' 02:28:29 php: : Forcefully reloading IPsec racoon daemon 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:26 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:26 php: : Could not determine VPN endpoint for 'roadwarriors' 02:28:23 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.223 02:28:23 php: : rc.newwanip: on (IP address: 10.255.255.9) (interface: opt9) (real interface: ovpns3). 02:28:23 php: : rc.newwanip: Informational is starting ovpns3. 02:28:21 check_reload_status: rc.newwanip starting ovpns3 02:28:21 kernel: ovpns3: link state changed to UP 02:28:21 php: : The command '/sbin/route -q delete 10.255.255.9' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:28:21 kernel: ovpns3: link state changed to DOWN 02:28:21 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. 02:28:21 php: : phpDynDNS (sinsheim.dyndns.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:28:19 check_reload_status: Reloading filter 02:28:19 check_reload_status: Restarting OpenVPN tunnels/interfaces 02:28:19 check_reload_status: Restarting ipsec tunnels 02:28:19 check_reload_status: Updating all dyndns 02:28:05 php: : Could not determine VPN endpoint for 'roadwarriors' 02:28:04 php: : Forcefully reloading IPsec racoon daemon 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:28:00 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:28:00 php: : Could not determine VPN endpoint for 'roadwarriors' 02:27:58 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.223 02:27:58 php: : rc.newwanip: on (IP address: 10.255.255.9) (interface: opt9) (real interface: ovpns3). 02:27:58 php: : rc.newwanip: Informational is starting ovpns3. 02:27:56 check_reload_status: rc.newwanip starting ovpns3 02:27:56 kernel: ovpns3: link state changed to UP 02:27:56 php: : The command '/sbin/route -q delete 10.255.255.9' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:27:55 kernel: ovpns3: link state changed to DOWN 02:27:55 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. 02:27:55 php: : phpDynDNS (sinsheim.dyndns.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:27:53 check_reload_status: Reloading filter 02:27:53 check_reload_status: Restarting OpenVPN tunnels/interfaces 02:27:53 check_reload_status: Restarting ipsec tunnels 02:27:53 check_reload_status: Updating all dyndns 02:27:40 php: : Could not determine VPN endpoint for 'roadwarriors' 02:27:38 php: : Forcefully reloading IPsec racoon daemon 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: WAN) 02:27:35 php: : Gateways status could not be determined, considering all as up/active. (Group: Internet) 02:27:35 php: : Could not determine VPN endpoint for 'roadwarriors' 02:27:32 php: : Removing static route for monitor 194.25.2.129 and adding a new route through 217.0.117.223 02:27:32 php: : rc.newwanip: on (IP address: 10.255.255.9) (interface: opt9) (real interface: ovpns3). 02:27:32 php: : rc.newwanip: Informational is starting ovpns3. 02:27:30 check_reload_status: rc.newwanip starting ovpns3 02:27:30 kernel: ovpns3: link state changed to UP 02:27:30 php: : The command '/sbin/route -q delete 10.255.255.9' returned exit code '1', the output was 'route: writing to routing socket: No such process' 02:27:30 kernel: ovpns3: link state changed to DOWN 02:27:30 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. 02:27:30 php: : phpDynDNS (sinsheim.dyndns.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. 02:27:28 check_reload_status: Reloading filter 02:27:28 check_reload_status: Restarting OpenVPN tunnels/interfaces 02:27:28 check_reload_status: Restarting ipsec tunnels 02:27:28 check_reload_status: Updating all dyndns
-
Made a ticket for the real issue here:
https://redmine.pfsense.org/issues/2922