OpenVPN client status problem



  • Hi,

    This problem is related to 2.1.3.

    I have 2 openvpn clients defined. If they are connected the status display does not (correctly) reflect the status, when one of the 2 clients had a sucessfull reconnect it does not show connected, and keeps: showine "Unable to contact daemon Service not running? although the network to the client is up.

    Rudi



  • Somehow the web interface lost sync between the running instances of openvpn.

    enter console
    ps -aux | grep vpn

    see if they run indeed

    kill them by entering
    kill <pidnumber>for each

    go to web interface and start them from there.</pidnumber>



  • Thanks robi,

    but if the client ovpn fails, and automagically reconnects, the gui should keep track
    I suppose, maube there is room for enhancement here.

    Rudi



  • Yes it should and it does too. But sometimes it goes out of sync, dunno why. It happened to me only once in the last 6 months.



  • I am also experiencing issues with the web GUI not matching what is actually happening.

    See the attached picture where I have a site-to-site link going, healthy (we transferred 18gigs over it without a hitch), but the client status is not filled in.  The pfsense home screen widget also says that this link is down.

    I have seen the client status filled in, but it had the wrong virtual IP showing (which might possibly be a separate problem actually belonging to OpenVPN.)

    ![2014-08-25 20_34_08-pfsense.localdomain - Status_ OpenVPN - Internet Explorer.png](/public/imported_attachments/1/2014-08-25 20_34_08-pfsense.localdomain - Status_ OpenVPN - Internet Explorer.png)
    ![2014-08-25 20_34_08-pfsense.localdomain - Status_ OpenVPN - Internet Explorer.png_thumb](/public/imported_attachments/1/2014-08-25 20_34_08-pfsense.localdomain - Status_ OpenVPN - Internet Explorer.png_thumb)



  • Some good info about the problem in this thread:

    https://forum.pfsense.org/index.php?topic=70720.0



  • At the risk of spamming this thread, I'll post another few tidbits I'm seeing.

    The RRD graph for this particular site-to-site openvpn server instance is displaying zero users, even when the status page is displaying all the client info and appears to be working (although it shows the wrong virtual IP address).

    To clarify the "wrong virtual IP address" issue:
    The "virtual IP" shown in the client status is the IP address of pfsense's tunnel endpoint, not the client endpoint.  That's wrong.  I tried reducing the VPN subnet for this particular server to a /30 so that there would be only 2 host IP's available, but that didn't change it (and was a pretty weak attempt at a fix, anyway).

    Willing to do more troubleshooting here, if anyone desires.