Hi, I'm experiencing OpenVPN-server-restarts, when clients use one of our WAN-links heavily. This WAN is only used for open-vpnm-clients to tunnel in. However, it also acts as failover wan if our other wans go down. Now if a client for example starts downloading an ISO through the tunnel apinger will trigger an alert which then causes the open-vpn-server to be restarted which of course kicks off all users. After everybody has been kicked and the delay causing traffic is gone apinger puts the link back in service after a few seconds.
This configuration worked for a long time without issues when using pfSense 2.0.3, however when upgrading to 2.1.x it all started. Things I have tried so far without luck: - Playing around with Gatewaymonitoring-Options (raising delay, package loss, disabling gatewaymonitoring) - Tried to give priority to icmp on that wan (but I guess that only works for traffic going through the pfsense and not originating from the pfsense itself) Any recommendations what to try next? Or is this a bug that can be fixed? Some Systemlogs: Gatwaylog: Jun 30 15:20:59 apinger: ALARM: GW_OPT11(x.x.x.x) *** delay *** Jun 30 15:21:21 apinger: alarm canceled: GW_OPT11(x.x.x.x) *** delay *** Systemlog: Jun 30 15:21:09 check_reload_status: updating dyndns GW_OPT11 Jun 30 15:21:09 check_reload_status: Restarting ipsec tunnels Jun 30 15:21:09 check_reload_status: Restarting OpenVPN tunnels/interfaces Jun 30 15:21:09 check_reload_status: Reloading filter Jun 30 15:21:11 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use GW_OPT11. Regards Holger
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
