We also get that message logged at the daily rule update for Suricata. I think
it just happens when pfSense senses certain types of updates... :-/
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eugenio Modesti
Sent: Thursday, October 19, 2017 6:21 AM
To: list@lists.pfsense.org
Subject: [pfSense] openvpn restarts when running on secondary node and sync
updates comes from primary
Hi,
i've got two pfsense box with HA. openvpn server is listening on a CARP ip. I
assigned the vpn to an interface to set up specific rules and add it to an
existing interface group.
Everything works when running on the primary node.
When i put the master in maintenance the secondary takes over correctly and
openvpn clients reconnect to that node. Everything continue to works as
expected.
The problem is that every time i modify something on the primary the secondary
restarts all the packages, dropping the vpn connections.
The first time i noticed while assigning interfaces, but it triggers on every
update (alias, rules).
In the log i see something like:
/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN
reconnection - 192.168.11.129 -> 192.168.11.129 - Restarting packages.
Why is it restarting even if there was no ip change?
Is there a reason to not check if $oldip != $curwanip?
// rc.newwanip
function restart_packages() {
global $oldip, $curwanip, $g;
/* restart packages */
log_error("{$g['product_name']} package system has detected an IP
change or dynamic WAN reconnection - $oldip -> $curwanip - Restarting
packages.");
send_event("service reload packages");
}
thanks,
Eugenio
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold