On Tue, Jul 1, 2014 at 1:37 AM, Holger Bauer <[email protected]> wrote:
> Hi, > > I'm experiencing OpenVPN-server-restarts, when clients use one of our > WAN-links heavily. This WAN is only used for open-vpnm-clients to tunnel > in. However, it also acts as failover wan if our other wans go down. Now if > a client for example starts downloading an ISO through the tunnel apinger > will trigger an alert which then causes the open-vpn-server to be restarted > which of course kicks off all users. After everybody has been kicked and > the delay causing traffic is gone apinger puts the link back in service > after a few seconds. > > This configuration worked for a long time without issues when using > pfSense 2.0.3, however when upgrading to 2.1.x it all started. > Guessing you must be on a pre-2.1.4 version, looks like it's detecting an IP change when none really occurred. Upgrade to 2.1.4 and that should fix it. > Things I have tried so far without luck: > - Playing around with Gatewaymonitoring-Options (raising delay, package > loss, disabling gatewaymonitoring) > - Tried to give priority to icmp on that wan (but I guess that only works > for traffic going through the pfsense and not originating from the pfsense > itself) > > Any recommendations what to try next? Or is this a bug that can be fixed? > > > Some Systemlogs: > > Gatwaylog: > Jun 30 15:20:59 apinger: ALARM: GW_OPT11(x.x.x.x) *** delay *** Jun 30 > 15:21:21 apinger: alarm canceled: GW_OPT11(x.x.x.x) *** delay *** > Systemlog: > Jun 30 15:21:09 check_reload_status: updating dyndns GW_OPT11 Jun 30 > 15:21:09 check_reload_status: Restarting ipsec tunnels Jun 30 15:21:09 > check_reload_status: > Restarting OpenVPN tunnels/interfaces Jun 30 15:21:09 check_reload_status: > Reloading filter Jun 30 15:21:11 php: rc.openvpn: OpenVPN: One or more > OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that > may use GW_OPT11. > > > > > > > > > Regards > Holger > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
