Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenVPN server interface in bridge not connected at boot #980

Closed
m4rcu5 opened this issue Jun 1, 2016 · 4 comments
Closed

OpenVPN server interface in bridge not connected at boot #980

m4rcu5 opened this issue Jun 1, 2016 · 4 comments
Assignees
@fichtner
Labels
bug Production bug
Milestone
16.7

Comments

@m4rcu5
Copy link

m4rcu5 commented Jun 1, 2016

It seems, that after boot, the OpenVPN server interface (ovpns1) is down and not bound in the bridge it was assigned to.

Setup:

  • The system as a LAN interface (vmx1).
  • There is an OpenVPN server set up, and has an interface assigned (ovpns1).
  • LAN and the OpenVPN server are added to a bridge.
  • Filtering is done on the bridge members.

To get the system to work correctly, one needs to restart the OpenVPN service.

ifconfig after boot:

vmx1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600398<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6>
    ether 00:0c:29:94:f9:5b
    inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255 
    inet6 fe80::20c:29ff:fe94:f95b%vmx1 prefixlen 64 scopeid 0x2 
    inet6 xxxx:xxxx:xxxx:xxxx:xxxxx prefixlen 96 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:58:d0:b2:b7:00
    nd6 options=1<PERFORMNUD>
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 2 priority 128 path cost 2000
ovpns1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 00:bd:ad:21:00:01
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: active
    Opened by PID 61406

ifconfig after OpenVPN restart:

vmx1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether 00:0c:29:94:f9:5b
    inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255 
    inet6 fe80::20c:29ff:fe94:f95b%vmx1 prefixlen 64 scopeid 0x2 
    inet6 xxxx:xxxx:xxxx:xxxx:xxxxx prefixlen 96 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:58:d0:b2:b7:00
    nd6 options=1<PERFORMNUD>
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: ovpns1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 10 priority 128 path cost 2000000
    member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 2 priority 128 path cost 2000
ovpns1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 00:bd:ad:21:00:01
    inet6 fe80::2bd:adff:fe21:1%ovpns1 prefixlen 64 scopeid 0xa 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: active
    Opened by PID 89969
@fichtner fichtner added the bug Production bug label Jun 7, 2016
@fichtner fichtner added this to the 16.7 milestone Jun 7, 2016
@fichtner fichtner self-assigned this Jun 7, 2016
@fichtner
Copy link
Member

fichtner commented Jun 7, 2016

can reproduce, test patch hopefully tomorrow :)

@fichtner
Copy link
Member

fichtner commented Jun 8, 2016

@m4rcu5 can't add interface to bridge when they don't exist... :)

Worked just then, testing now doesn't.

@fichtner fichtner reopened this Jun 8, 2016
@fichtner
Copy link
Member

fichtner commented Jun 8, 2016

sorry, tun vs. tap mixup again

@m4rcu5 You can test the patch on 16.1.16 with:

# opnsense-patch 44cd7ae

@fichtner fichtner closed this as completed Jun 8, 2016
@m4rcu5
Copy link
Author

m4rcu5 commented Jun 8, 2016

Seems to work like a charm!

bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:58:d0:b2:b7:00
    nd6 options=1<PERFORMNUD>
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: ovpns1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 8 priority 128 path cost 2000000
    member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 2 priority 128 path cost 2000

Thanks @fichtner for the fix :-)

@fichtner fichtner mentioned this issue Jun 11, 2016
Closed
fichtner added a commit that referenced this issue Jun 13, 2016
@fichtner
openvpn: create devices before running initial configure; closes #980
768eb2e 
(cherry picked from commit 44cd7ae)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fichtner fichtner

Labels
bug Production bug
Milestone
16.7
Development

No branches or pull requests
2 participants
@m4rcu5 @fichtner