Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP.

    2.2 Snapshot Feedback and Problems - RETIRED
    2
    6
    1820
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      binaryjay last edited by

      I keep getting this message in my logs, however, I have no OpenVPN clients even enabled nor any assigned to any interface.  I have no logs from OpenVPN itself generated since I disabled the last OpenVPN client nearly a month ago.

      What is going on here?  Any ideas?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        The message was being logged if the openvpn-server or openvpn-client array even exists in the config - which it does for you, since you used to have OpenVPN instances - but of course now it is an empty array. The will be needlessly iterating zero times over the empty arrays!
        I made the check tighter in rc.openvpn so that log message will only happen if the system actually has at least 1 real OpenVPN instance defined.
        https://github.com/pfsense/pfsense/pull/1376

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • B
          binaryjay last edited by

          @phil.davis:

          The message was being logged if the openvpn-server or openvpn-client array even exists in the config - which it does for you, since you used to have OpenVPN instances - but of course now it is an empty array. The will be needlessly iterating zero times over the empty arrays!
          I made the check tighter in rc.openvpn so that log message will only happen if the system actually has at least 1 real OpenVPN instance defined.
          https://github.com/pfsense/pfsense/pull/1376

          Thank you for both the explanation and the fix, I'm sure anybody else would have found it slightly confusing as well if they found themselves in the same situation.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            For the record, the final version of the enhanced check for this is:
            Master: https://github.com/pfsense/pfsense/commit/04c0724ed8a173e02e3d2501576b4c49f8719590
            RELENG_2_2: https://github.com/pfsense/pfsense/commit/07ab838e3fd536f68d1970ef76f286a3937673e3

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • B
              binaryjay last edited by

              I am on the latest snapshot and noticed this in my logs again FYI, I still don't have any OpenVPN clients enabled:

              OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis last edited by

                At that point the code has not checked for enabled/disabled status of each OpenVPN instance. The message is emitted if there are any OpenVPN instances defined. If they happen to be all disabled, then as the code loops through each it will ignore all the disabled instances.
                So in your case with all disabled, no action will be needed/taken.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post