ICMP on openVPN flooding firewall log



  • Hello again!

    It started approximately 4 days ago, since then each and every second there is an entry in the firewall log of one of my pfSense boxes

    Aug 22 11:57:30  pfsense pf: 00:00:01.009987 rule 5/0(match): block in on ovpns3: (tos 0x0, ttl 64, id 4450, offset 0, flags [none], proto ICMP (1), length 84)
    Aug 22 11:57:30  pfsense pf:    >local IP  openVPN< > >LAN IP of pfSense<: ICMP echo request, id 11567, seq 19329, length 64

    The ICMP is apparently originating from the local tunnel IP of an openVPN tunnel server end wants to reach the LAN IP of the pfSense box.

    I didn't touch the config recently, as I had no time, so where does this suddenly start from?  :o

    Any input highly welcome!

    Kind regards

    chemlud


  • Rebel Alliance Developer Netgate

    Gateway monitoring would ping once per second, perhaps something on the side sending the ping started doing gateway monitoring with that LAN IP as a monitor IP? (Check System > Routing)



  • I set up a block rule on the openVPN interface without logging. Today (after your post) I disabled the rule and the problem was gone… As I setup the box on the other side of the tunnel new (with 2.1.5) maybe the issue was resolved by that.

    But many thanx for the reply!

    chemlud