Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN-Verbindung klappt dauernd zusammen

    Scheduled Pinned Locked Moved Deutsch
    14 Posts 6 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tpf
      last edited by

      Servus,
      meine pfS 2.1.4, bisher völlig unauffällig, hat neuerdings Probleme. Mir klappt alle paar Minuten die OpenVPN-Verbindung zusammen. Im Log steht:

      Sep 1 12:09:41 php: rc.newwanip: rc.newwanip: Informational is starting ovpns2.
      Sep 1 12:09:40 php: rc.newwanip: Interface is disabled, nothing to do.
      Sep 1 12:09:40 php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.
      Sep 1 12:09:38 check_reload_status: rc.newwanip starting ovpns2
      Sep 1 12:09:38 kernel: ovpns2: link state changed to UP
      Sep 1 12:09:37 check_reload_status: rc.newwanip starting ovpns1
      Sep 1 12:09:37 kernel: ovpns2: link state changed to DOWN
      Sep 1 12:09:37 kernel: in6_purgeaddr: node-local all-nodesmulticast address deletion error
      Sep 1 12:09:37 kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
      Sep 1 12:09:37 kernel: ovpns1: link state changed to UP
      Sep 1 12:09:37 php: rc.openvpn: OpenVPN: Resync server2
      Sep 1 12:09:36 check_reload_status: Reloading filter
      Sep 1 12:09:36 kernel: ovpns1: link state changed to DOWN
      Sep 1 12:09:35 php: rc.dyndns.update: phpDynDNS (XXXXXXXXXXX): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
      Sep 1 12:09:35 php: rc.dyndns.update: DynDns (XXXXXXXXXXXX): Current WAN IP: XXXXXXXXXXXXX Cached IP: XXXXXXXXXX
      Sep 1 12:09:35 php: rc.dyndns.update: DynDns (XXXXXXXXXXX): XXXXXXXXXX extracted from local system.
      Sep 1 12:09:35 php: rc.openvpn: OpenVPN: Resync server1
      Sep 1 12:09:35 php: rc.dyndns.update: DynDNS (XXXXXXXX): running get_failover_interface for wan. found xl0
      Sep 1 12:09:35 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
      Sep 1 12:09:35 php: rc.dyndns.update: DynDns (XXXXXXXX): XXXXXXXX extracted from local system.
      Sep 1 12:09:35 php: rc.dyndns.update: DynDns: updatedns() starting
      Sep 1 12:09:32 check_reload_status: Reloading filter
      Sep 1 12:09:32 check_reload_status: Restarting OpenVPN tunnels/interfaces
      Sep 1 12:09:32 check_reload_status: Restarting ipsec tunnels
      Sep 1 12:09:32 check_reload_status: updating dyndns WAN_DHCP
      Sep 1 12:09:01 php: rc.newwanip: Interface is disabled, nothing to do.
      Sep 1 12:09:01 php: rc.newwanip: rc.newwanip: Informational is starting ovpns2.
      Sep 1 12:09:00 php: rc.newwanip: Interface is disabled, nothing to do.
      Sep 1 12:09:00 php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.
      Sep 1 12:08:58 check_reload_status: rc.newwanip starting ovpns2
      Sep 1 12:08:58 kernel: ovpns2: link state changed to UP
      Sep 1 12:08:58 check_reload_status: rc.newwanip starting ovpns1
      Sep 1 12:08:58 kernel: ovpns2: link state changed to DOWN
      Sep 1 12:08:58 kernel: in6_purgeaddr: node-local all-nodesmulticast address deletion error
      Sep 1 12:08:58 kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
      Sep 1 12:08:58 kernel: ovpns1: link state changed to UP
      Sep 1 12:08:57 php: rc.openvpn: OpenVPN: Resync server2
      Sep 1 12:08:57 kernel: ovpns1: link state changed to DOWN
      Sep 1 12:08:57 php: rc.dyndns.update: phpDynDNS (XXXXXXXX): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
      Sep 1 12:08:57 php: rc.dyndns.update: DynDns (XXXXXXXX): Current WAN IP: XXXXXXXX Cached IP: XXXXXXXX
      Sep 1 12:08:57 php: rc.dyndns.update: DynDns (XXXXXXXX): XXXXXXXX extracted from local system.
      Sep 1 12:08:57 php: rc.dyndns.update: DynDNS (XXXXXXXX): running get_failover_interface for wan. found xl0
      Sep 1 12:08:57 php: rc.dyndns.update: DynDns (XXXXXXXX): XXXXXXXX extracted from local system.
      Sep 1 12:08:57 php: rc.dyndns.update: DynDns: updatedns() starting
      Sep 1 12:08:57 php: rc.openvpn: OpenVPN: Resync server1
      Sep 1 12:08:57 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
      Sep 1 12:08:54 check_reload_status: Restarting OpenVPN tunnels/interfaces
      Sep 1 12:08:54 check_reload_status: Restarting ipsec tunnels
      Sep 1 12:08:54 check_reload_status: updating dyndns WAN_DHCP
      Sep 1 12:08:52 php: rc.newwanip: Interface is disabled, nothing to do.
      Sep 1 12:08:52 php: rc.newwanip: rc.newwanip: Informational is starting ovpns2.
      Sep 1 12:08:51 php: rc.newwanip: Interface is disabled, nothing to do.
      Sep 1 12:08:51 php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.
      Sep 1 12:08:50 check_reload_status: rc.newwanip starting ovpns2
      Sep 1 12:08:49 kernel: ovpns2: link state changed to UP
      Sep 1 12:08:48 kernel: ovpns2: link state changed to DOWN
      Sep 1 12:08:48 kernel: in6_purgeaddr: node-local all-nodesmulticast address deletion error
      Sep 1 12:08:48 kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
      Sep 1 12:08:48 check_reload_status: rc.newwanip starting ovpns1
      Sep 1 12:08:48 kernel: ovpns1: link state changed to UP
      Sep 1 12:08:48 php: rc.openvpn: OpenVPN: Resync server2
      Sep 1 12:08:47 check_reload_status: Reloading filter
      Sep 1 12:08:47 kernel: ovpns1: link state changed to DOWN
      Sep 1 12:08:47 php: rc.openvpn: OpenVPN: Resync server1
      Sep 1 12:08:47 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
      Sep 1 12:08:47 php: rc.dyndns.update: phpDynDNS (XXXXXXXX): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
      Sep 1 12:08:47 php: rc.dyndns.update: DynDns (XXXXXXXX): Current WAN IP: XXXXXXXX Cached IP: XXXXXXXX
      Sep 1 12:08:47 php: rc.dyndns.update: DynDns (XXXXXXXX): XXXXXXXX extracted from local system.
      Sep 1 12:08:47 php: rc.dyndns.update: DynDNS (XXXXXXXX): running get_failover_interface for wan. found xl0
      Sep 1 12:08:47 php: rc.dyndns.update: DynDns (XXXXXXXX): XXXXXXXX extracted from local system.
      Sep 1 12:08:47 php: rc.dyndns.update: DynDns: updatedns() starting
      Sep 1 12:08:44 check_reload_status: Reloading filter
      Sep 1 12:08:44 check_reload_status: Restarting OpenVPN tunnels/interfaces
      Sep 1 12:08:44 check_reload_status: Restarting ipsec tunnels
      Sep 1 12:08:44 check_reload_status: updating dyndns WAN_DHCP

      Ich checks nicht so ganz  ??? Wo kommt denn das neuerdings her?

      Grüße

      10 years pfSense! 2006 - 2016

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Mehr Infos zur Umgebung könnten helfen.

        CARP Cluster? CARP Member? Externe WAN Adresse eine VIP? Ggf. beide Knoten gleichzeitig Master, weil einer im Multicast durchdreht oder ein anderer den Multicast Traffic stört oder ggf. die IP doppelt vergeben hat?`
        Evtl. betroffenes Device mal neustarten.

        Grüße

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • T
          tpf
          last edited by

          Servus,
          normale standalone Firewall an einem Kabelanschluss. Derzeitige Konfig seit Monaten unangetestat und bisher stabil wie eh und je, seit dem Update auf 2.1.4 gar nichts mehr gemacht.

          Grüße

          10 years pfSense! 2006 - 2016

          1 Reply Last reply Reply Quote 0
          • B
            BeNe
            last edited by

            An der Gegenstelle kann es nicht liegen ?
            Hardware in Ordnung ? Auslastung ?

            Use *BSD and feel free

            1 Reply Last reply Reply Quote 0
            • JeGrJ
              JeGr LAYER 8 Moderator
              last edited by

              Update auf 2.1.5 und ordentlicher Reboot? ;)

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Mal in den RRD-graphs schauen, wie so die Qualität der Verbindung ist und beim gateway monitoring was apinger so treibt, der erklärt gerne mal die Verbindung für beendet und dann startet so einiges (inclusive dynDNS und Tunnel) neu durch.

                1 Reply Last reply Reply Quote 0
                • H
                  hege
                  last edited by

                  Steht doch eh in den Logs.

                  pfSense erkennt (glaubt), dass sich die WAN IP geändert hat und startet die VPN Dienste neu.

                  1 Reply Last reply Reply Quote 0
                  • JeGrJ
                    JeGr LAYER 8 Moderator
                    last edited by

                    @hege: prinzipiell würde ich dir ja rechtgeben, wenn nicht

                    Sep 1 12:08:57    php: rc.dyndns.update: phpDynDNS (XXXXXXXX): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.

                    der DynDNS Check sagen würde, dass sich die IP gar nicht geändert hat. Deshalb auch meine Aussage, dass rc.newwanip von recht vielen anderen Prozessen angeworfen wird. Was mich eher stutzig macht ist

                    Sep 1 12:08:52    php: rc.newwanip: Interface is disabled, nothing to do.
                    Sep 1 12:08:52    php: rc.newwanip: rc.newwanip: Informational is starting ovpns2.
                    Sep 1 12:08:51    php: rc.newwanip: Interface is disabled, nothing to do.
                    Sep 1 12:08:51    php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.

                    die Tatsache dass er immer wieder sagt, dass das Interface disabled ist als wäre keine Verbindung von OVPN aktiv.

                    Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                    If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                    1 Reply Last reply Reply Quote 0
                    • T
                      tpf
                      last edited by

                      Servus,
                      ich habe auf 2.1.5 akutalisiert und immer noch dasselbe Verhalten  :-[ Ich kann mir darauf keinen Reim bilden…

                      10 years pfSense! 2006 - 2016

                      1 Reply Last reply Reply Quote 0
                      • C
                        crashi102
                        last edited by

                        Hey,

                        ich hatte ähnliche Probleme mit meiner OpenVPN Verbindungen gehabt. Bei mir lag es am Gateway Monitoring. Aus irgendeinem Grund funktionierte das von einem auf den anderen Tag nicht mehr. Seitdem ich das Monitoring ausgeschaltet habe, laufen die Tunnel wieder stabil. Dadurch geht mir allerdings leider nun mein Multi-Wan Failover flöten :(.

                        1 Reply Last reply Reply Quote 0
                        • H
                          hege
                          last edited by

                          Das macht Sinn.

                          Schau mal in die Logs unter System/Gateway ob du etwas in der Art findest:

                          apinger: ALARM: WANGW(IP) *** down ***

                          1 Reply Last reply Reply Quote 0
                          • ?
                            Guest
                            last edited by

                            Hört mir hier überhaupt jemand zu?  :-\

                            1 Reply Last reply Reply Quote 0
                            • T
                              tpf
                              last edited by

                              Servus,
                              entschuldigt bitte die späte Rückmeldung…

                              Als Ursache konnte ich ein Handy identifizieren, welches bei jedem IP-Wechsel (passiert ja ständig bei normaler UMTS-Verbindung) einen Tunnel-Neustart auslöst. Abgestellt habe ich es noch nicht, mir ist nicht ganz klar wir ich das abstellen kann...

                              Grüße

                              10 years pfSense! 2006 - 2016

                              1 Reply Last reply Reply Quote 0
                              • T
                                tpf
                                last edited by

                                Servus,
                                ich habe vermutlich die Lösung gefunden, zumindest ist jetzt Ruhe: Gateway-Monitoring deaktivert. Seither ist der Tunnel stabil  ::)

                                Vielen Dank, meine Herren!

                                10 years pfSense! 2006 - 2016

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.