Strange logs -> losing OpenVPN connection every 20 - 120 seconds

2.1.1 Snapshot Feedback and Problems - RETIRED
Log in to reply
  • O

    Hi,

    lately my 2.1.1-PRERELEASE pfSense machine is going full retard and I don't know why. I'm losing connection on my OpenVPN site-to-site tunnel every 20-120 seconds. I can't remember changing any setting since the last time everything was still working fine.

    Here are some facts:

    • I don't use multi WAN right now.
    • GW1_DHCP always gets an IPv4 with a very, very high lease time - I've been using my current IPv4 address for about two months now.
    • GW1 is a rock solid cable connection, no packet loss, no high latencies.
    • I don't use DynDNS at all.
    • The OpenVPN endpoint is a pfSense VM on a dedicated server in a data centre that claims to have a 99,999% uptime.

    check_reload_status: Reloading filter
    check_reload_status: updating dyndns GW1_DHCP
    check_reload_status: Restarting ipsec tunnels
    check_reload_status: Restarting OpenVPN tunnels/interfaces
    check_reload_status: Reloading filter
    check_reload_status: updating dyndns GW1_DHCP
    check_reload_status: Restarting ipsec tunnels
    check_reload_status: Restarting OpenVPN tunnels/interfaces
    check_reload_status: Reloading filter
    php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW1_DHCP. « no, it has not!!!
    php: rc.openvpn: OpenVPN: Resync client1
    php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW1_DHCP. « still, nope!!!
    kernel: ovpnc1: link state changed to DOWN
    php: rc.openvpn: The command '/sbin/route -q delete 10.10.11.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    php: rc.newwanip: pfSense package system has detected an ip change 10.10.11.2 -> 10.10.11.2 … Restarting packages. « what the actual ****?

    What could possibly cause this?

    Thanks in advance!

    0
  • O

    For some reason I can't edit my previous post.  :-\

    Here are some updates on my case:

    • The ISP was nice enough to hook me up with an entirely different dedicated server. Everything has changed, but the IP addresses, which is nice. But that didn't solve the problem.
    • I turned off gateway monitoring altogether. This didn't solve the problem either.
    • Server sided OpenVPN logs just showed me what I already knew. It's all like "The client disconnected… hey, it's the same client again..."
    • Client sided OpenVPN logs are still the same. It detects an IP change (IP address changed to the exact same IP address, yeah, that's exactly what I'd call an IP change as well!) and thus restarts the tunnels, because f*** logic.
    • The interface the tunnel is running on / over (pick the right preposition, sorry for my English) is running rock solid. There's no evidence of it going down and thus causing the tunnel to be reestablished.
    • I'm using multi WAN now again. I created a second tunnel to the same server over a different interface, just to see if this one would be a bit more stable. But, nope.

    Here once again are the logs:

    snip
    Feb 10 12:03:19 php: rc.newwanip: pfSense package system has detected an ip change 10.10.12.2 -> 10.10.12.2 … Restarting packages.
    Feb 10 12:03:19 check_reload_status: Starting packages
    Feb 10 12:03:19 php: rc.newwanip: pfSense package system has detected an ip change 10.10.11.2 -> 10.10.11.2 ... Restarting packages.
    Feb 10 12:03:19 check_reload_status: Starting packages
    Feb 10 12:03:20 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW0_DHCP.
    Feb 10 12:03:20 php: rc.openvpn: OpenVPN: Resync client1
    Feb 10 12:03:20 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW1_DHCP.
    Feb 10 12:03:20 kernel: ovpnc1: link state changed to DOWN
    Feb 10 12:03:20 php: rc.openvpn: The command '/sbin/route -q delete 10.10.11.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    Feb 10 12:03:20 php: rc.openvpn: OpenVPN: Resync client2
    Feb 10 12:03:20 kernel: ovpnc1: link state changed to UP
    Feb 10 12:03:20 kernel: ovpnc2: link state changed to DOWN
    Feb 10 12:03:20 check_reload_status: rc.newwanip starting ovpnc1
    Feb 10 12:03:21 php: rc.openvpn: The command '/sbin/route -q delete 10.10.12.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    Feb 10 12:03:21 kernel: ovpnc2: link state changed to UP
    Feb 10 12:03:21 check_reload_status: rc.newwanip starting ovpnc2
    Feb 10 12:03:22 php: rc.start_packages: Restarting/Starting all packages.
    Feb 10 12:03:22 php: rc.start_packages: Restarting/Starting all packages.
    Feb 10 12:03:23 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
    Feb 10 12:03:23 php: rc.newwanip: rc.newwanip: on (IP address: 10.10.11.2) (interface: opt3) (real interface: ovpnc1).
    Feb 10 12:03:23 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc2.
    Feb 10 12:03:23 php: rc.newwanip: rc.newwanip: on (IP address: 10.10.12.2) (interface: opt4) (real interface: ovpnc2).
    Feb 10 12:03:23 php: rc.newwanip: The command '/sbin/route change -host -inet6 fe80::e25f:b9ff:feb7:c25e' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Invalid argument change host fe80::e25f:b9ff:feb7:c25e: Invalid argument'
    Feb 10 12:03:23 php: rc.newwanip: Removing static route for monitor 208.67.222.222 and adding a new route through 100.78.31.254
    Feb 10 12:03:23 php: rc.newwanip: Removing static route for monitor 208.67.220.220 and adding a new route through 100.78.31.254
    Feb 10 12:03:23 php: rc.newwanip: The command '/sbin/route change -host -inet6 fe80::e25f:b9ff:feb7:c25e' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Invalid argument change host fe80::e25f:b9ff:feb7:c25e: Invalid argument'
    Feb 10 12:03:23 php: rc.newwanip: Removing static route for monitor 208.67.222.222 and adding a new route through 100.78.31.254
    Feb 10 12:03:23 php: rc.newwanip: Removing static route for monitor 208.67.220.220 and adding a new route through 100.78.31.254
    Feb 10 12:03:28 php: rc.newwanip: Creating rrd update script
    Feb 10 12:03:28 php: rc.newwanip: Creating rrd update script
    Feb 10 12:03:30 php: rc.newwanip: pfSense package system has detected an ip change 10.10.11.2 -> 10.10.11.2 ... Restarting packages.
    Feb 10 12:03:30 check_reload_status: Starting packages
    Feb 10 12:03:30 php: rc.newwanip: pfSense package system has detected an ip change 10.10.12.2 -> 10.10.12.2 ... Restarting packages.
    Feb 10 12:03:30 check_reload_status: Starting packages
    Feb 10 12:03:32 kernel: pid 37855 (ntpd), uid 0: exited on signal 11 (core dumped)
    Feb 10 12:03:32 php: rc.start_packages: Restarting/Starting all packages.
    Feb 10 12:03:32 php: rc.start_packages: Restarting/Starting all packages.
    Feb 10 12:08:07 check_reload_status: updating dyndns GW0_DHCP
    Feb 10 12:08:07 check_reload_status: Restarting ipsec tunnels
    Feb 10 12:08:07 check_reload_status: Restarting OpenVPN tunnels/interfaces
    Feb 10 12:08:07 check_reload_status: Reloading filter
    Feb 10 12:08:07 check_reload_status: updating dyndns GW1_DHCP
    Feb 10 12:08:07 check_reload_status: Restarting ipsec tunnels
    Feb 10 12:08:07 check_reload_status: Restarting OpenVPN tunnels/interfaces
    Feb 10 12:08:07 check_reload_status: Reloading filter
    Feb 10 12:08:09 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW0_DHCP.
    Feb 10 12:08:09 php: rc.openvpn: OpenVPN: Resync client1
    Feb 10 12:08:10 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW1_DHCP.
    Feb 10 12:08:10 kernel: ovpnc1: link state changed to DOWN
    Feb 10 12:08:10 php: rc.openvpn: The command '/sbin/route -q delete 10.10.11.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    Feb 10 12:08:10 php: rc.openvpn: OpenVPN: Resync client2
    Feb 10 12:08:10 kernel: ovpnc1: link state changed to UP
    Feb 10 12:08:10 kernel: ovpnc2: link state changed to DOWN
    Feb 10 12:08:10 check_reload_status: rc.newwanip starting ovpnc1
    Feb 10 12:08:10 php: rc.openvpn: The command '/sbin/route -q delete 10.10.12.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    Feb 10 12:08:10 kernel: ovpnc2: link state changed to UP
    Feb 10 12:08:10 check_reload_status: rc.newwanip starting ovpnc2
    Feb 10 12:08:12 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
    Feb 10 12:08:12 php: rc.newwanip: rc.newwanip: on (IP address: 10.10.11.2) (interface: opt3) (real interface: ovpnc1).
    Feb 10 12:08:13 php: rc.newwanip: The command '/sbin/route change -host -inet6 fe80::e25f:b9ff:feb7:c25e' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Invalid argument change host fe80::e25f:b9ff:feb7:c25e: Invalid argument'
    Feb 10 12:08:13 php: rc.newwanip: Removing static route for monitor 208.67.222.222 and adding a new route through 100.78.31.254
    Feb 10 12:08:13 php: rc.newwanip: Removing static route for monitor 208.67.220.220 and adding a new route through 100.78.31.254
    Feb 10 12:08:13 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc2.
    Feb 10 12:08:13 php: rc.newwanip: rc.newwanip: on (IP address: 10.10.12.2) (interface: opt4) (real interface: ovpnc2).
    Feb 10 12:08:13 php: rc.newwanip: The command '/sbin/route change -host -inet6 fe80::e25f:b9ff:feb7:c25e' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Invalid argument change host fe80::e25f:b9ff:feb7:c25e: Invalid argument'
    Feb 10 12:08:13 php: rc.newwanip: Removing static route for monitor 208.67.222.222 and adding a new route through 100.78.31.254
    Feb 10 12:08:13 php: rc.newwanip: Removing static route for monitor 208.67.220.220 and adding a new route through 100.78.31.254
    Feb 10 12:08:17 check_reload_status: updating dyndns GW0_DHCP
    Feb 10 12:08:17 check_reload_status: Restarting OpenVPN tunnels/interfaces
    Feb 10 12:08:17 check_reload_status: updating dyndns GW1_DHCP
    Feb 10 12:08:17 check_reload_status: Restarting OpenVPN tunnels/interfaces
    Feb 10 12:08:18 php: rc.newwanip: Creating rrd update script
    Feb 10 12:08:18 php: rc.newwanip: Creating rrd update script
    Feb 10 12:08:19 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW1_DHCP.
    Feb 10 12:08:19 php: rc.openvpn: OpenVPN: Resync client2
    Feb 10 12:08:19 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW0_DHCP.
    Feb 10 12:08:19 kernel: ovpnc2: link state changed to DOWN
    Feb 10 12:08:20 php: rc.openvpn: The command '/sbin/route -q delete 10.10.12.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    Feb 10 12:08:20 php: rc.openvpn: OpenVPN: Resync client1
    Feb 10 12:08:20 kernel: ovpnc2: link state changed to UP
    Feb 10 12:08:20 check_reload_status: rc.newwanip starting ovpnc2
    Feb 10 12:08:20 kernel: ovpnc1: link state changed to DOWN
    Feb 10 12:08:20 php: rc.newwanip: pfSense package system has detected an ip change 10.10.11.2 -> 10.10.11.2 ... Restarting packages.
    Feb 10 12:08:20 check_reload_status: Starting packages
    Feb 10 12:08:20 php: rc.newwanip: pfSense package system has detected an ip change 10.10.12.2 -> 10.10.12.2 ... Restarting packages.
    Feb 10 12:08:20 check_reload_status: Starting packages
    Feb 10 12:08:20 php: rc.openvpn: The command '/sbin/route -q delete 10.10.11.2' returned exit code '1', the output was 'route: writing to routing socket: No such process'
    Feb 10 12:08:20 kernel: ovpnc1: link state changed to UP
    Feb 10 12:08:20 check_reload_status: rc.newwanip starting ovpnc1
    Feb 10 12:08:22 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc2.
    Feb 10 12:08:22 php: rc.newwanip: rc.newwanip: on (IP address: 10.10.12.2) (interface: opt4) (real interface: ovpnc2).
    Feb 10 12:08:22 php: rc.start_packages: Restarting/Starting all packages.
    Feb 10 12:08:23 php: rc.start_packages: Restarting/Starting all packages.
    Feb 10 12:08:23 php: rc.newwanip: The command '/sbin/route change -host -inet6 fe80::e25f:b9ff:feb7:c25e' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Invalid argument change host fe80::e25f:b9ff:feb7:c25e: Invalid argument'
    Feb 10 12:08:23 php: rc.newwanip: Removing static route for monitor 208.67.222.222 and adding a new route through 100.78.31.254
    Feb 10 12:08:23 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
    Feb 10 12:08:23 php: rc.newwanip: rc.newwanip: on (IP address: 10.10.11.2) (interface: opt3) (real interface: ovpnc1).
    Feb 10 12:08:23 php: rc.newwanip: Removing static route for monitor 208.67.220.220 and adding a new route through 100.78.31.254
    Feb 10 12:08:23 php: rc.newwanip: The command '/sbin/route change -host -inet6 fe80::e25f:b9ff:feb7:c25e' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Invalid argument change host fe80::e25f:b9ff:feb7:c25e: Invalid argument'
    Feb 10 12:08:23 php: rc.newwanip: Removing static route for monitor 208.67.222.222 and adding a new route through 100.78.31.254
    Feb 10 12:08:23 php: rc.newwanip: Removing static route for monitor 208.67.220.220 and adding a new route through 100.78.31.254
    Feb 10 12:08:28 php: rc.newwanip: Creating rrd update script
    Feb 10 12:08:28 php: rc.newwanip: Creating rrd update script
    Feb 10 12:08:30 php: rc.newwanip: pfSense package system has detected an ip change 10.10.12.2 -> 10.10.12.2 ... Restarting packages.
    Feb 10 12:08:30 check_reload_status: Reloading filter
    Feb 10 12:08:30 php: rc.newwanip: pfSense package system has detected an ip change 10.10.11.2 -> 10.10.11.2 ... Restarting packages.
    Feb 10 12:08:30 check_reload_status: Reloading filter
    Feb 10 12:08:32 kernel: pid 28471 (ntpd), uid 0: exited on signal 11 (core dumped)
    Feb 10 12:08:35 php: rc.start_packages: Restarting/Starting all packages.
    snip

    Edit: This problem seems to occur almost exactly every fifth minute.

    0
  • P

    The OpenVPN clients are restarted if a WAN seems to go down/up even if the new WAN IP turns out to be the same as the old one. I believe this is because there were (are?) issues with OpenVPN continuing on after such a WAN transition. Restarting them makes sure they re-establish happily.

    The DNS translations of Aliases that contain FQDNs are re-checked every 5 minutes. But that happens on my (and many people's) systems without triggering a WAN transition and all the resultant processing.

    What is in cron? (Install the Cron package to look at that easily) Any jobs that specify "3-59/5" that would make it start at 00:03 and every 5 minutes thereafter?

    Or is there a 5-minute egg timer somewhere on a connected device or cable that glitches it every 5 minutes  ;)

    0
  • D

    I have the same problem, the problem is less since the 2.1.1-PRERELEASE (i386) built on Fri Feb 7 11:46:37 EST 2014
    I had to change the "DOWN" time in gateway monitoring to 60 seconds.

    BUT:

    OpenVPN does restart all services, even if there was no change to the WAN-ip:

    Feb 10 12:46:24 	php: rc.start_packages: Restarting/Starting all packages.
Feb 10 12:46:22 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(opt1).
Feb 10 12:46:22 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(wan).
Feb 10 12:46:22 	check_reload_status: Starting packages
Feb 10 12:46:22 	php: rc.newwanip: pfSense package system has detected an ip change -> 192.168.8.1 ... Restarting packages.
Feb 10 12:46:22 	php: rc.newwanip: rc.newwanip: on (IP address: 192.168.8.1) (interface: ) (real interface: ovpns1).
Feb 10 12:46:22 	php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.
Feb 10 12:46:19 	check_reload_status: rc.newwanip starting ovpns1
Feb 10 12:46:19 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(opt1).
Feb 10 12:46:19 	kernel: ovpns1: link state changed to UP
Feb 10 12:46:19 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(wan).
Feb 10 12:46:19 	check_reload_status: Reloading filter
Feb 10 12:46:19 	kernel: ovpns1: link state changed to DOWN
Feb 10 12:46:19 	php: rc.openvpn: OpenVPN: Resync server1 OpenVPN WAN
Feb 10 12:46:19 	php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW_WAN.
Feb 10 12:46:16 	check_reload_status: Reloading filter
Feb 10 12:46:16 	check_reload_status: Restarting OpenVPN tunnels/interfaces
Feb 10 12:46:16 	check_reload_status: Restarting ipsec tunnels
Feb 10 12:46:16 	check_reload_status: updating dyndns GW_WAN
Feb 10 12:45:02 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(opt1).
Feb 10 12:45:01 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(wan).
Feb 10 12:30:39 	php: rc.update_urltables: /etc/rc.update_urltables: pfBlockerBadIPList does not need updated.
Feb 10 12:30:39 	php: rc.update_urltables: /etc/rc.update_urltables: Starting URL table alias updates
Feb 10 12:30:02 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(opt1).
Feb 10 12:30:01 	php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(wan).
Feb 10 12:30:01 	php: rc.update_urltables: /etc/rc.update_urltables: Sleeping for 37 seconds.
Feb 10 12:30:01 	php: rc.update_urltables: /etc/rc.update_urltables: Starting up.

    Also I keep getting```
    php: rc.filter_configure_sync: Could not find IPv6 gateway for interface(opt1).

    0
  • O

    @phil.davis:

    The OpenVPN clients are restarted if a WAN seems to go down/up even if the new WAN IP turns out to be the same as the old one. I believe this is because there were (are?) issues with OpenVPN continuing on after such a WAN transition. Restarting them makes sure they re-establish happily.

    Wouldn't be such an event logged under "Gateways"? If so, that's not the case.

    @phil.davis:

    The DNS translations of Aliases that contain FQDNs are re-checked every 5 minutes. But that happens on my (and many people's) systems without triggering a WAN transition and all the resultant processing.

    Just for the lols, how would one disable this?

    @phil.davis:

    What is in cron? (Install the Cron package to look at that easily) Any jobs that specify "3-59/5" that would make it start at 00:03 and every 5 minutes thereafter?

    Nope.```
    minute hour mday month wday who command
    1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
    1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
    */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
    1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
    */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
    30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables

    
@phil.davis:

> Or is there a 5-minute egg timer somewhere on a connected device or cable that glitches it every 5 minutes  ;)

I hope not, but it seems so…  :'(

Edit: I just tested this scenario using Mikrotik RouterOS. My OpenVPN tunnel is up and running fine for the last two hours or so. No hiccups at all. I really don't want to switch back to RouterOS tho. I'm already starting to miss pfSense's amazing WebUI. So, please continue help me to get this fixed. :-[
    0
  • E

    I think you have assigned your ovpn interface.
    That activates the monitoring and probably causing a lopping of sorts there.

    Can you check if you can ping the monitoring ip by default or disable it entirely?
    One of those i think will fix your issues.

    0
  • O

    @ermal:

    Can you check if you can ping the monitoring ip by default or disable it entirely?
    One of those i think will fix your issues.

    @Oliver:

    • I turned off gateway monitoring altogether. This didn't solve the problem either.

    No, it did not. :-\ And I disabled monitoring on all the gateways. They always appear as online, which is why I don't understand most of the logs.

    Btw. I had to assign it, because I wanted to transparently route all traffic of one specific workstation.

    0
  • E

    So find a machine to ping on the other side then :)

    Though disabling monitoring should have avoided this unless you have other problems in the tunnel.

    0
  • O

    I reverted back to

    2.1-RELEASE (amd64)
    built on Wed Sep 11 18:17:48 EDT 2013

    and this oddity is gone for good. Guess I'm going to stick to that for a some more time!

    0
  • C

    The system log isn't all that telling on its own, what does the OpenVPN log show?

    0
  • D
    Banned

    Still happening even with latest snapshot. The WAN IP is in fact static, it never changes. These newwanip detections are a pile of BS.

    
rc.newwanip: pfSense package system has detected an ip change

    Same thing happens with IPsec:

    
php: rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.

    As for OpenVPN log, nothing useful there either:

    
Mar 6 12:25:37	openvpn[47673]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.1 mtu 1500 netmask 255.255.255.0 up
Mar 6 12:25:37	openvpn[47673]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Mar 6 12:25:37	openvpn[47673]: TUN/TAP device /dev/tun1 opened
Mar 6 12:25:37	openvpn[47673]: TUN/TAP device ovpns1 exists previously, keep at program end
Mar 6 12:25:37	openvpn[47673]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Mar 6 12:25:36	openvpn[47673]: Initializing OpenSSL support for engine 'cryptodev'
Mar 6 12:25:36	openvpn[47673]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 6 12:25:36	openvpn[47673]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 23 2014
Mar 6 12:25:36	openvpn[97470]: SIGTERM[hard,] received, process exiting
Mar 6 12:25:36	openvpn[97470]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1558 10.0.8.1 255.255.255.0 init
Mar 6 12:25:36	openvpn[97470]: event_wait : Interrupted system call (code=4)
    0
  • E

    Every time a connection/reconnection occurs you see the logs for newwanip.

    Do you have anything similar to below in your logs?

    
log_error("DEVD Ethernet attached event for {$iface}");
log_error("HOTPLUG: Configuring interface {$iface}");

    Give this a try again as well:

    
diff --git a/etc/rc.linkup b/etc/rc.linkup
index 1994336..43607b1 100755
--- a/etc/rc.linkup
+++ b/etc/rc.linkup
@@ -100,7 +100,7 @@ if (!file_exists("{$g['varrun_path']}/booting") && empty($g['booting'])) {
                break;
        }
        $interface = convert_real_interface_to_friendly_interface_name($argv[2]);
-       if (!empty($interface))
+       if (!empty($interface) && substr($argv[2], 0, 4) != "ovpn")
                handle_argument_group($interface, $action);
 }
    0
  • D
    Banned

    No, no hotplug/devd events in the log. As for the patch, well yes I can try that (should obviously stop triggering the OVPN restart), but it's not really like it'd happen for any good reason at all. It seems like it just decides the WAN IP "changed" a couple of times a day, randomly.

    0
  • E

    Well if your Dyndns or any other monitoring for hostname changes triggers the event you have to find which is doing that.
    Also find out why its triggering the event.

    To me from the logs it looked like devd was doing that since it was not clear on dyndns/hostnames on vpns being used from the logs.

    Maybe the config.xml can help to validate the options here.

    0
  • D
    Banned

    @ermal:

    Well if your Dyndns or any other monitoring for hostname changes triggers the event you have to find which is doing that.
    Also find out why its triggering the event.

    To me from the logs it looked like devd was doing that since it was not clear on dyndns/hostnames on vpns being used from the logs.

    Now that you mention dyndns…

    
Mar 7 08:22:53	check_reload_status: Restarting OpenVPN tunnels/interfaces
Mar 7 08:22:53	check_reload_status: updating dyndns HEIPV6_TUNNELV6
Mar 7 08:22:53	check_reload_status: Restarting OpenVPN tunnels/interfaces
Mar 7 08:22:53	check_reload_status: updating dyndns WAN_DHCP
Mar 7 08:22:52	check_reload_status: Reloading filter
Mar 7 08:22:52	check_reload_status: Restarting OpenVPN tunnels/interfaces
Mar 7 08:22:52	check_reload_status: Restarting ipsec tunnels
Mar 7 08:22:52	check_reload_status: updating dyndns WAN_DHCP
Mar 7 08:22:52	check_reload_status: Reloading filter
Mar 7 08:22:52	check_reload_status: Restarting OpenVPN tunnels/interfaces
Mar 7 08:22:52	check_reload_status: Restarting ipsec tunnels
Mar 7 08:22:52	check_reload_status: updating dyndns HEIPV6_TUNNELV6

    Obviously, this again makes no sense since there is nothing dynamic - except for the gateway being statically "dynamic". The GW IP never changes, it is configured as static IP on the GIF interface. What's "updating" there? Again, the WAN_DHCP is a static DHCP lease, never changes.

    0
  • E

    Can you check the relevant files for this to see why it triggers?

    0
  • D
    Banned

    @ermal:

    Can you check the relevant files for this to see why it triggers?

    Maybe… if only I knew the relevant files. :D

    0
  • E

    /conf/dyndns*.cache

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy