We also get that message logged at the daily rule update for Suricata. I think it just happens when pfSense senses certain types of updates... :-/
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Eugenio Modesti Sent: Thursday, October 19, 2017 6:21 AM To: [email protected] Subject: [pfSense] openvpn restarts when running on secondary node and sync updates comes from primary Hi, i've got two pfsense box with HA. openvpn server is listening on a CARP ip. I assigned the vpn to an interface to set up specific rules and add it to an existing interface group. Everything works when running on the primary node. When i put the master in maintenance the secondary takes over correctly and openvpn clients reconnect to that node. Everything continue to works as expected. The problem is that every time i modify something on the primary the secondary restarts all the packages, dropping the vpn connections. The first time i noticed while assigning interfaces, but it triggers on every update (alias, rules). In the log i see something like: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 192.168.11.129 -> 192.168.11.129 - Restarting packages. Why is it restarting even if there was no ip change? Is there a reason to not check if $oldip != $curwanip? // rc.newwanip function restart_packages() { global $oldip, $curwanip, $g; /* restart packages */ log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip -> $curwanip - Restarting packages."); send_event("service reload packages"); } thanks, Eugenio _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
