Netgate SG-1000 microFirewall

Author Topic: OpenVPN Issue with 2.4 upgrade  (Read 1650 times)

0 Members and 1 Guest are viewing this topic.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21408
  • Karma: +1437/-26
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #15 on: November 14, 2017, 07:26:46 am »
If setting a monitor IP address on the VPN gateway triggered it, then that makes me wonder if it's related to how the routes are added.

Anyone having the issue, check for:

1. Is the VPN interface assigned/enabled under the Interfaces menu?
2. Does the VPN gateway have an alternate monitoring IP address?
3. Is there a DNS server set to use the VPN gateway?
4. Are there any manually-defined static routes set to the use VPN gateway? (there should never be, but some people add them not realizing they are a problem)
5. Any dynamic routing protocols using the VPN?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jarrad

  • Newbie
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #16 on: November 14, 2017, 09:02:56 am »
1. Is the VPN interface assigned/enabled under the Interfaces menu? - Yes. Removed the interface and no change. Readded interface, no change.
2. Does the VPN gateway have an alternate monitoring IP address? - It did (it was one of the client expected IP addresses). Removed the alternate monitoring IP, no change.
3. Is there a DNS server set to use the VPN gateway? - No
4. Are there any manually-defined static routes set to the use VPN gateway? (there should never be, but some people add them not realizing they are a problem) - No
5. Any dynamic routing protocols using the VPN? - No

I do have an OpenVPN client (to my VPN provider) running alongside and separate to the OpenVPN server.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21408
  • Karma: +1437/-26
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #17 on: November 14, 2017, 09:33:59 am »
Even if I try to intentionally break it that way, it still restarts fine for me. I do see a route hanging around for the gateway monitor IP address but it doesn't prevent anything from working, and when the VPN restarts it goes right back online. No errors.

I am using 2.4.2 to test this, however. Maybe something else changed there along the way that fixed the problem. Either that or I still don't have enough detail to reproduce the original issue.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline amires

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #18 on: November 14, 2017, 01:46:01 pm »
1. Is the VPN interface assigned/enabled under the Interfaces menu? Yes.
2. Does the VPN gateway have an alternate monitoring IP address? I have to check this.
3. Is there a DNS server set to use the VPN gateway? Yes, same as VPN gateway.
4. Are there any manually-defined static routes set to the use VPN gateway? No.
5. Any dynamic routing protocols using the VPN? No.

I am using AirVPN. My VPN gateway, DNS and Monitoring IP are all 10.4.0.1.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21408
  • Karma: +1437/-26
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #19 on: November 14, 2017, 01:50:16 pm »
3. Is there a DNS server set to use the VPN gateway? Yes, same as VPN gateway.
I am using AirVPN. My VPN gateway, DNS and Monitoring IP are all 10.4.0.1.

On System > General Setup, do not set a gateway on the DNS server there. Just leave the entry for 10.4.0.1 and set the gateway to "none". You're making a redundant route by doing that, which could be part of the problem. If 10.4.0.1 is your VPN gateway then you'll already have a route there. Selecting that on the DNS server list is completely unnecessary. We prevent that for static IP interfaces where the network is known, but since those VPN interfaces are dynamic it isn't prevented.

You're lucky that didn't cause a problem in the past.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline amires

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #20 on: November 14, 2017, 02:26:01 pm »
3. Is there a DNS server set to use the VPN gateway? Yes, same as VPN gateway.
I am using AirVPN. My VPN gateway, DNS and Monitoring IP are all 10.4.0.1.

On System > General Setup, do not set a gateway on the DNS server there. Just leave the entry for 10.4.0.1 and set the gateway to "none". You're making a redundant route by doing that, which could be part of the problem. If 10.4.0.1 is your VPN gateway then you'll already have a route there. Selecting that on the DNS server list is completely unnecessary. We prevent that for static IP interfaces where the network is known, but since those VPN interfaces are dynamic it isn't prevented.

You're lucky that didn't cause a problem in the past.

Actually I have tried it both without a gateway and with VPN gateway and none did help. I just removed the gateway just to be safe.
I also removed 10.4.0.1 as monitoring ip and used 8.8.8.8 instead. I am waiting to see if the problem still exist.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21408
  • Karma: +1437/-26
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #21 on: November 14, 2017, 02:32:14 pm »
Actually I have tried it both without a gateway and with VPN gateway and none did help. I just removed the gateway just to be safe.
I also removed 10.4.0.1 as monitoring ip and used 8.8.8.8 instead. I am waiting to see if the problem still exist.

Depending on the steps you took in between attempts that may not have been a relevant test. You can use the gateway for the monitor IP address, that's what it does by default. Leave the monitor IP address field blank. Setting something else may be part of the overall issue (though it works fine here).

This may not be relevant to you, but to others: If you do need to use a DNS server across the VPN, do not set the gateway on the DNS server list, but add the DNS server IP address/32 to the remote network list of your VPN client. That way OpenVPN will manage the route. But to reiterate, that is NOT necessary if the DNS server is directly connected or especially if it is your VPN gateway.
« Last Edit: November 14, 2017, 02:36:12 pm by jimp »
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline amires

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #22 on: November 14, 2017, 02:42:03 pm »
Actually I have tried it both without a gateway and with VPN gateway and none did help. I just removed the gateway just to be safe.
I also removed 10.4.0.1 as monitoring ip and used 8.8.8.8 instead. I am waiting to see if the problem still exist.

Depending on the steps you took in between attempts that may not have been a relevant test. You can use the gateway for the monitor IP address, that's what it does by default. Leave the monitor IP address field blank. Setting something else may be part of the overall issue (though it works fine here).

This may not be relevant to you, but to others: If you do need to use a DNS server across the VPN, do not set the gateway on the DNS server list, but add the DNS server IP address/32 to the remote network list of your VPN client. That way OpenVPN will manage the route. But to reiterate, that is NOT necessary if the DNS server is directly connected or especially if it is your VPN gateway.

Thanks for your help. When I leave the monitoring IP blank then pfsense will use locally assigned VPN IP as the monitoring IP which is not a reliable way to check availability of the link. I need to monitor other side of the link which is 10.4.0.1 therefore I am forced to either manually enter 10.4.0.1 as monitoring IP or use a different pingable public IP but then I wouldn't be able to monitor RTT of the VPN link.

If it helps here are the relevant VPN routes from my routing table when I am using 10.4.0.1 as both DNS and monitoring IP.

Destination        Gateway            Flags     Netif Expire
10.4.0.0/16        10.4.0.1            UGS       ovpnc1
10.4.0.1             10.4.x.y            UGHS     ovpnc1
10.4.x.y              link#9              UHS       lo0
« Last Edit: November 14, 2017, 02:57:34 pm by amires »

Offline cosmoxl

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #23 on: November 14, 2017, 08:49:06 pm »
Well, I tested two concurrent OVPN clients connected, both with alternate IP monitored, and stopping and reconnecting one of them.

This would have caused a problem (ifconfig and/or gateway monitoring saying gateway was down) when I was testing 2.4 a few months ago but didn't cause a problem today.

I'm at a loss, because I know others are still having problems.

Offline amires

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #24 on: November 15, 2017, 02:25:08 am »
This morning the mentioned errors appeared again. OpenVPN wont connect and I had the following errors in the logs :

/sbin/ifconfig ovpnc1 10.4.4.12 10.4.0.1 mtu 1500 netmask 255.255.0.0 up
FreeBSD ifconfig failed: external program exited with error status: 1
Exiting due to fatal error

I checked the routing table and I noticed that I have the following VPN route  :

10.4.0.1           10.4.4.12          UGHS        lo0

I tried manually deleting the route :

route del  10.4.0.1
route: writing to routing socket: Address already in use
del host 10.4.0.1 fib 0: gateway uses the same route


I restarted my pfsense box at this point. After restarting everything was ok again.



« Last Edit: November 15, 2017, 06:04:43 am by amires »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21408
  • Karma: +1437/-26
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #25 on: November 15, 2017, 10:22:44 am »
/sbin/ifconfig ovpnc1 10.4.4.12 10.4.0.1 mtu 1500 netmask 255.255.0.0 up
FreeBSD ifconfig failed: external program exited with error status: 1
Exiting due to fatal error

I tried manually deleting the route :
route del  10.4.0.1
route: writing to routing socket: Address already in use
del host 10.4.0.1 fib 0: gateway uses the same route

If that happens again, post the entire contents of "netstat -rn" and "ifconfig -a" and "ps uxaww | grep openvpn" before attempting to delete the route. Something else must still be running/using that address.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline amires

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #26 on: November 15, 2017, 01:07:44 pm »

If that happens again, post the entire contents of "netstat -rn" and "ifconfig -a" and "ps uxaww | grep openvpn" before attempting to delete the route. Something else must still be running/using that address.

It happended again and it won't connect anymore. I am posting below the information your requested.


netstat -rn
Code: [Select]
Destination        Gateway            Flags     Netif Expire
default            ADSL_GATEWAY       UGS      pppoe0
10.4.0.1           10.4.4.12          UGHS        lo0
8.8.8.8            192.168.1.1        UGHS        em0
127.0.0.1          link#4             UH          lo0
172.16.0.0/30      link#1             U           re0
172.16.0.2         link#1             UHS         lo0
ADSL_GATEWAY       link#8             UH       pppoe0
ADSL_IP            link#8             UHS         lo0
192.168.1.0/24     link#2             U           em0
192.168.1.2        link#2             UHS         lo0
192.168.2.0/24     link#3             U           em1
192.168.2.1        link#3             UHS         lo0
8.8.4.4            pppoe0             UHS      pppoe0


ifconfig -a
Code: [Select]
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        hwaddr xx:xx:xx:xx:xx:xx
        inet6 fe80::6666:b3ff:fe03:5569%re0 prefixlen 64 scopeid 0x1
        inet 172.16.0.2 netmask 0xfffffffc broadcast 172.16.0.3
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO>
        ether xx:xx:xx:xx:xx:xx
        hwaddr xx:xx:xx:xx:xx:xx
        inet6 fe80::7254:d2ff:feab:20a6%em0 prefixlen 64 scopeid 0x2
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO>
        ether xx:xx:xx:xx:xx:xx
        hwaddr xx:xx:xx:xx:xx:xx
        inet6 fe80::7254:d2ff:feab:20a7%em1 prefixlen 64 scopeid 0x3
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
enc0: flags=0<> metric 0 mtu 1536
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: enc
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        groups: pfsync
        syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
ovpnc1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun openvpn
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
        inet ADSL_IP --> ADSL_GATEWAY  netmask 0xffffffff
        inet6 xxxx::xxxx:xxxx:xxxx:xxxx%pppoe0 prefixlen 64 scopeid 0x8
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


ps uxaww | grep openvpn
Code: [Select]
root    31186   0.0  0.0  14728   2432  0  S+   22:21     0:00.00 grep openvpn

Offline jarrad

  • Newbie
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #27 on: November 15, 2017, 04:46:23 pm »
I have the same issue.

I even went into System -> Routing and deleted the disabled gateways from there that were no longer active after removing the OpenVPN Server.

As follows:
Code: [Select]
netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            10.1.1.1           UGS         re0
8.8.8.8            172.21.34.53       UGHS        lo0
10.1.1.0/24        link#1             U           re0
10.1.1.254         link#1             UHS         lo0
10.8.0.2           10.8.0.1           UGHS        lo0
61.9.242.33        10.1.1.1           UGHS        re0
127.0.0.1          link#4             UH          lo0
172.21.34.0/23     172.21.34.1        UGS      ovpnc2
172.21.34.1        link#8             UH       ovpnc2
172.21.34.53       link#8             UHS         lo0
192.168.1.0/24     link#2             U           re1
192.168.1.1        link#2             UHS         lo0
198.18.0.1         172.21.34.53       UGHS        lo0
198.18.0.2         172.21.34.53       UGHS        lo0
208.67.220.220     172.21.34.53       UGHS        lo0
208.67.222.222     172.21.34.53       UGHS        lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::1                               link#4                        UH          lo0
fe80::%re0/64                     link#1                        U           re0
fe80::428d:5cff:fe52:d947%re0     link#1                        UHS         lo0
fe80::%re1/64                     link#2                        U           re1
fe80::1:1%re1                     link#2                        UHS         lo0
fe80::%lo0/64                     link#4                        U           lo0
fe80::1%lo0                       link#4                        UHS         lo0
fe80::428d:5cff:fe52:d947%ovpnc2  link#8                        UHS         lo0

Code: [Select]
ps uxaww | grep openvpn
root    71827   0.0  0.2  20332  6320  -  Ss   Tue18     18:03.62 /usr/local/sbin/openvpn --config /var/etc/openv
pn/client2.conf
root    89326   0.0  0.1  14728  2312  0  S+   06:43      0:00.00 grep openvpn

Code: [Select]
ifconfig -a
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 40:8d:5c:52:d9:47
        hwaddr 40:8d:5c:52:d9:47
        inet6 fe80::428d:5cff:fe52:d947%re0 prefixlen 64 scopeid 0x1
        inet 10.1.1.254 netmask 0xffffff00 broadcast 10.1.1.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 40:8d:5c:52:d9:45
        hwaddr 40:8d:5c:52:d9:45
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
enc0: flags=0<> metric 0 mtu 1536
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: enc
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        groups: pfsync
        syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
ovpnc2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::428d:5cff:fe52:d947%ovpnc2 prefixlen 64 scopeid 0x8
        inet 172.21.34.53 --> 172.21.34.1  netmask 0xfffffe00
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun openvpn
        Opened by PID 71827

I currently have no OpenVPN server configured as Ive done these commands.

Offline unclebacon

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #28 on: November 17, 2017, 08:44:00 pm »
I am also having the same issue.

netstat -rn
Code: [Select]
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            WAN1_GW            UGS        bge1
8.8.4.4            WAN2_GW            UGHS       bge2
8.8.8.8            WAN1_GW            UGHS       bge1
9.9.9.9            WAN2_GW            UGHS       bge2
10.4.0.1           10.4.28.44         UGHS        lo0
127.0.0.1          link#4             UH          lo0
WAN1_RANGE/24      link#2             U          bge1
192.168.0.0/22     link#1             U          bge0
WAN1_IP            link#2             UHS         lo0
192.168.1.1        link#1             UHS         lo0
WAN2_RANGE/27      link#3             U          bge2
WAN2_IP            link#3             UHS         lo0
208.67.220.220     WAN1_GW            UGHS       bge1
208.67.222.222     WAN2_GW            UGHS       bge2

ifconfig -a
Code: [Select]
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        hwaddr xx:xx:xx:xx:xx:xx
        inet6 xxxx::xxx:xxxx:xxxx:xxxx%bge0 prefixlen 64 scopeid 0x1
        inet 192.168.1.1 netmask 0xfffffc00 broadcast 192.168.3.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        hwaddr xx:xx:xx:xx:xx:xx
        inet6 xxxx::xxx:xxxx:xxxx:xxxx%bge1 prefixlen 64 scopeid 0x2
        inet WAN1_IP netmask 0xffffffe0 broadcast 255.255.255.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active
bge2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        hwaddr xx:xx:xx:xx:xx:xx
        inet6 xxxx::xxx:xxxx:xxxx:xxxx%bge2 prefixlen 64 scopeid 0x3
        inet WAN2_IP netmask 0xffffffe0 broadcast 255.255.255.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
enc0: flags=0<> metric 0 mtu 1536
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: enc
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        groups: pfsync
        syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
ovpnc1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun openvpn

ps uxaww | grep openvpn
Code: [Select]
root 24877   0.0  0.0  14728  2432  0  S+   21:21      0:00.00 grep openvpn
1. Is the VPN interface assigned/enabled under the Interfaces menu? Yes.
2. Does the VPN gateway have an alternate monitoring IP address? No.
3. Is there a DNS server set to use the VPN gateway? No.
4. Are there any manually-defined static routes set to the use VPN gateway? No.
5. Any dynamic routing protocols using the VPN? No.

I currently have 1 AirVPN client configured and no OpenVPN servers configured. Hope this helps.

Offline jarrad

  • Newbie
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: OpenVPN Issue with 2.4 upgrade
« Reply #29 on: November 17, 2017, 09:24:41 pm »
An update from me.

I would say that the fault lays here:

Any OpenVPN gateways under System -> Routing that were present with an alternate monitoring IP prior to 2.4.1 are the cause of the issue.

I went through and deleted the following:
OpenVPN Server, Interface, CA, Certs, Gateways

I am now able to
1) Stop and start the OpenVPN server correctly without having to reboot
2) Have alternate IP monitoring respond correctly via dpinger.