Apinger and openvpn connection lose.


  • Hi,

    A few weeks ago i installed a new fiber internet line by one of our customers on one of the free network ports of the pfsense firewall. The internet that is now going through the new wan port is working perfect, so I decided to switch the openvpn lines form the old wan to the new wan. It worked immediately but after a few days the customer called and said that the openvpn connection drops serval times a day. I looked into that and the only thing I found was that in the log from the gateway there a lot of apinger: SIGHUP received, reloading configuration messages. And the time of the message is corresponding with the time the openvpn connection is lost. I check this on a other firewall and there I see this message just ones in 3 or 4 months.

    So I looked around on the internet and this forum but could not find a good answer, can you help me. And what does the apinger do, checking if the connection is still up?

    How can i get a stable openvpn connection?


  • apinger needs work

  • Banned

    @grandrivers:

    apinger needs work

    Step 1:


  • Apinger is nice and fair….

    Some days it lies saying my connection is way better than it is.  Some days it lies saying my connection is way worse than it is.


  • My experience is that after a period of real internet problems (ISP is down but not at the first hop, or real latency is high), when the real problem is fixed, then apinger get too optimistic, reporting latency that is too good to be true. I guess something in its rolling averaging algorithm goes wrong after it has had big values and then gets much smaller ones come in.
    Anyway, for me it usually stabilizes back to a believable value after 5 minutes.
    Yes, the code has got too complicated trying to patch it to handle all sorts of things that can happen on-the-fly as interface events happen and outstanding IOs die and… Maybe it can be fixed by just 1 more patch?!
    Realistically, as others have commented elsewhere, it is time to make some requirements and write a multi-WAN multi-target monitoring program from scratch.