I was able to upgrade to 2.1.4. Unfortunately it didn't fix the problem. I think it even got worse. We have 8 WANs on that box. some PPPoE with static IP (provider assigns IP which is always the same). Today I even got an OpenVPN-Restart due to Gatewaymonitoring on one of the WANs wher not a single OpenVPN-Instance is running on.
It helped a bit to switch the tunnels from UDP to TCP (at least now heavy traffic of an OpenVPN tunnel can't kill the gatewaymonitoring pings anymore). Some logs regarding the disconnect today (SDSL_O2GW is not the Interface where out OpenVPN-Server runs on, but it killed all OpenVPN-Sessions on the other WAN - there was no openvpn-server restart but all users had to reauthenticate and lost of errors in the openvpn-log; Btw, SDSL_O2 is even an Interface with static IP): Gatway-log: Jul 7 13:04:56 apinger: ALARM: SDSL_O2GW(x.x.x.x) *** down *** Jul 7 13:05:11 apinger: alarm canceled: SDSL_O2GW(x.x.x.x) *** down *** System-log: Jul 7 13:05:06 check_reload_status: updating dyndns SDSL_O2GW Jul 7 13:05:06 check_reload_status: Restarting ipsec tunnels Jul 7 13:05:06 check_reload_status: Restarting OpenVPN tunnels/interfaces Jul 7 13:05:06 check_reload_status: Reloading filter Jul 7 13:05:08 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use SDSL_O2GW. OpenVPN-Logs: Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted (code=1) Anything to try next? Regards Holger 2014-07-02 11:10 GMT+02:00 Holger Bauer <[email protected]>: > Thank you for the suggestion Chris. This installation is indeed running > 2.1.3. Going to try that soon and will report back. > > Holger > > > 2014-07-01 22:10 GMT+02:00 Chris Buechler <[email protected]>: > > >> >> >> On Tue, Jul 1, 2014 at 1:37 AM, Holger Bauer <[email protected]> >> wrote: >> >>> Hi, >>> >>> I'm experiencing OpenVPN-server-restarts, when clients use one of our >>> WAN-links heavily. This WAN is only used for open-vpnm-clients to tunnel >>> in. However, it also acts as failover wan if our other wans go down. Now if >>> a client for example starts downloading an ISO through the tunnel apinger >>> will trigger an alert which then causes the open-vpn-server to be restarted >>> which of course kicks off all users. After everybody has been kicked and >>> the delay causing traffic is gone apinger puts the link back in service >>> after a few seconds. >>> >>> This configuration worked for a long time without issues when using >>> pfSense 2.0.3, however when upgrading to 2.1.x it all started. >>> >> >> Guessing you must be on a pre-2.1.4 version, looks like it's detecting an >> IP change when none really occurred. Upgrade to 2.1.4 and that should fix >> it. >> >> >> >> >>> Things I have tried so far without luck: >>> - Playing around with Gatewaymonitoring-Options (raising delay, package >>> loss, disabling gatewaymonitoring) >>> - Tried to give priority to icmp on that wan (but I guess that only >>> works for traffic going through the pfsense and not originating from the >>> pfsense itself) >>> >>> Any recommendations what to try next? Or is this a bug that can be fixed? >>> >>> >>> Some Systemlogs: >>> >>> Gatwaylog: >>> Jun 30 15:20:59 apinger: ALARM: GW_OPT11(x.x.x.x) *** delay *** Jun 30 >>> 15:21:21 apinger: alarm canceled: GW_OPT11(x.x.x.x) *** delay *** >>> Systemlog: >>> Jun 30 15:21:09 check_reload_status: updating dyndns GW_OPT11 Jun 30 >>> 15:21:09 check_reload_status: Restarting ipsec tunnels Jun 30 15:21:09 >>> check_reload_status: >>> Restarting OpenVPN tunnels/interfaces Jun 30 15:21:09 check_reload_status: >>> Reloading filter Jun 30 15:21:11 php: rc.openvpn: OpenVPN: One or more >>> OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that >>> may use GW_OPT11. >>> >>> >>> >>> >>> >>> >>> >>> >>> Regards >>> Holger >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
