Messages

As of right now both VPNs automatically ping their respective gateways.

The WAN was pinging 8.8.8.8 or its equivalent in ipv6.

I just changed them to ping the xfinity gateways for the xfinity network (ipv4 and ipv6).

Either way all three "Gateways" (WAN and both VPNs) have an address they are pinging for latency (this is the only way I noticed the issues with DPinger / openvpn with 23.7).

In your opinion is their a benefit to pinging outside of their respective gateways?

From what I can tell there is not much difference as long as the IP I ping is geographically near the respective gateway

I think that may have been when I manually resaved the single gateway / applied changes.

System>Gateways>Single>pick a gateway (I generally do it on the down VPN but it doesn't seem to matter) and edit>make no changes>save>apply changes.

The WAN never goes down and 8.8.8.8 is google's main DNS which I am using to get a latency reading.

This is the only way for me to get the openvpn client gateways to show "up" on the widget / single gateway page after they stop / start. 

Franco,

Please see attached system log:

Code Select Expand

<12>1 2023-08-26T11:00:05-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                          │
│<12>1 2023-08-26T11:00:06-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="2"] AIRVPNONE_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                          │
│<12>1 2023-08-26T11:00:07-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="3"] AIRVPNONE_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                          │
│<12>1 2023-08-26T11:00:08-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="4"] AIRVPNONE_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                          │
│<12>1 2023-08-26T11:00:09-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="5"] AIRVPNONE_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                          │
│<165>1 2023-08-26T11:00:09-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="6"] ALERT: AIRVPNONE_VPNV4 (Addr: ~ Alarm: none -> loss RTT: 44.4 ms RTTd: 3.7 ms Loss: 12.0 %)                                                                                                                           │
│<12>1 2023-08-26T11:00:15-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="7"] AIRVPNONE_VPNV4 10.address.1: Alarm latency 44697us stddev 3798us loss 22%                                                                                                                                              │
│<165>1 2023-08-26T11:00:20-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="8"] ALERT: AIRVPNONE_VPNV4 (Addr: ~ Alarm: loss -> down RTT: 44.5 ms RTTd: 3.3 ms Loss: 29.0 %)                                                                                                                           │
│<12>1 2023-08-26T11:02:01-05:00 opnsense.my_website.org dpinger 93121 - [meta sequenceId="1"] exiting on signal 15                                                                                                                                                                                                   │
│<12>1 2023-08-26T11:02:01-05:00 opnsense.smy_website.org dpinger 81263 - [meta sequenceId="2"] send_interval 1000ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 0  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  alarm_hold 10000ms  dest_addr 10.address.1  bind_addr 10.6.│
│<12>1 2023-08-26T11:02:03-05:00 opnsense.my_website.org dpinger 81263 - [meta sequenceId="3"] AIRVPNONE_VPNV4 10.address.1: Alarm latency 0us stddev 0us loss 100%                                                                                                                                                     │
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 81263 - [meta sequenceId="1"] exiting on signal 15                                                                                                                                                                                                   │
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 56962 - [meta sequenceId="2"] exiting on signal 15                                                                                                                                                                                                   │
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 91647 - [meta sequenceId="3"] exiting on signal 15                                                                                                                                                                                                   │
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 95083 - [meta sequenceId="4"] exiting on signal 15                                                                                                                                                                                                   │
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 78826 - [meta sequenceId="5"] send_interval 1000ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 0  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  alarm_hold 10000ms  dest_addr 8.8.8.8  bind_addr 98.address.21│
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="6"] send_interval 1000ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 0  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  alarm_hold 10000ms  dest_addr 10.address.1  bind_addr 10.23│
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="7"] send_interval 1000ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 0  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  alarm_hold 10000ms  dest_addr 10.address.1  bind_addr 10.6.│
│<12>1 2023-08-26T11:04:18-05:00 opnsense.my_website.org dpinger 82277 - [meta sequenceId="8"] send_interval 1000ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 0  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  alarm_hold 10000ms  dest_addr 2001:address::8888  bind_│
│<165>1 2023-08-26T11:04:20-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="9"] ALERT: AIRVPNONE_VPNV4 (Addr: 10.address.1 Alarm: down -> none RTT: 45.1 ms RTTd: 1.3 ms Loss: 0.0 %)                                                                                                                   │
│<12>1 2023-08-26T11:08:57-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:11:20-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:13:20-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:13:30-05:00 opnsense.smy_website.org dpinger 81298 - [meta sequenceId="2"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:14:43-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:14:51-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="2"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:16:38-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:17:12-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="2"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:17:26-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="3"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T11:19:38-05:00 opnsense.my_website.org dpinger 81298 - [meta sequenceId="1"] AIRVPNONE_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T12:05:38-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="1"] AIRVPNTWO_VPNV4 10.address.1: sendto error: 55                                                                                                                                                                           │
│<12>1 2023-08-26T12:05:56-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="2"] AIRVPNTWO_VPNV4 10. v.1: sendto error: 55                                                                                                                                                                           │
│<165>1 2023-08-26T12:06:03-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="3"] ALERT: AIRVPNTWO_VPNV4 (Addr: 10.address.1 Alarm: none -> loss RTT: 33.4 ms RTTd: 6.2 ms Loss: 11.0 %)                                                                                                                  │
│<165>1 2023-08-26T12:06:36-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="4"] ALERT: AIRVPNTWO_VPNV4 (Addr: 10.address.1 Alarm: loss -> none RTT: 34.4 ms RTTd: 11.8 ms Loss: 10.0 %)                                                                                                                 │
│<12>1 2023-08-26T13:00:05-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="1"] AIRVPNTWO_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                           │
│<12>1 2023-08-26T13:00:06-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="2"] AIRVPNTWO_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                           │
│<12>1 2023-08-26T13:00:07-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="3"] AIRVPNTWO_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                           │
│<12>1 2023-08-26T13:00:08-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="4"] AIRVPNTWO_VPNV4 10.address.1: sendto error: 65                                                                                                                                                                           │
│<165>1 2023-08-26T13:00:09-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="5"] ALERT: AIRVPNTWO_VPNV4 (Addr: ~ Alarm: none -> loss RTT: 27.6 ms RTTd: 1.9 ms Loss: 12.0 %)                                                                                                                           │
│<12>1 2023-08-26T13:00:15-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="6"] AIRVPNTWO_VPNV4 10.address.1: Alarm latency 27654us stddev 1986us loss 22%                                                                                                                                               │
│<165>1 2023-08-26T13:00:20-05:00 opnsense.my_website.org dpinger 53038 - [meta sequenceId="7"] ALERT: AIRVPNTWO_VPNV4 (Addr: ~ Alarm: loss -> down RTT: 27.8 ms RTTd: 2.1 ms Loss: 31.0 %)                                                                                                                           │
│<12>1 2023-08-26T13:02:01-05:00 opnsense.my_website.org dpinger 80060 - [meta sequenceId="1"] exiting on signal 15                                                                                                                                                                                                   │
│<12>1 2023-08-26T13:02:01-05:00 opnsense.my_website.org dpinger 74707 - [meta sequenceId="2"] send_interval 1000ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 0  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  alarm_hold 10000ms  dest_addr 10.address.1  bind_addr 10.1│
│<12>1 2023-08-26T13:02:03-05:00 opnsense.my_website.org dpinger 74707 - [meta sequenceId="3"] AIRVPNTWO_VPNV4 10.address.1: Alarm latency 0us stddev 0us loss 100%                                                                                                                                                    │
│<165>1 2023-08-26T13:10:52-05:00 opnsense.my_website.org dpinger 52422 - [meta sequenceId="1"] MONITOR: WANXFINITY_DHCP (Addr: 8.8.8.8 Alarm: down -> none RTT: 14.1 ms RTTd: 2.0 ms Loss: 0.0 %)                                                                                                                    │
│<165>1 2023-08-26T13:10:52-05:00 opnsense.my_website.org dpinger 52422 - [meta sequenceId="2"] MONITOR: WANxfinity_GWv6 (Addr: 2001:address::8888 Alarm: down -> none RTT: 13.6 ms RTTd: 1.8 ms Loss: 0.0 %)                                                                                                       │
│<165>1 2023-08-26T13:10:52-05:00 opnsense.my_website.org dpinger 52422 - [meta sequenceId="3"] ALERT: AIRVPNONE_VPNV4 (Addr: 10.address.1 Alarm: down -> none RTT: 44.3 ms RTTd: 2.8 ms Loss: 0.0 %)                                                                                                                   │
│<165>1 2023-08-26T13:11:41-05:00 opnsense.my_website.org dpinger 52422 - [meta sequenceId="4"] ALERT: AIRVPNTWO_VPNV4 (Addr: 10.address.1 Alarm: down -> loss RTT: 16.8 ms RTTd: 2.0 ms Loss: 20.0 %)                                                                                                                 │
│<12>1 2023-08-26T13:11:50-05:00 opnsense.my_website.org dpinger 74707 - [meta sequenceId="5"] AIRVPNTWO_VPNV4 10.address.1: Clear latency 16753us stddev 2006us loss 6%                                                                                                                                               │
│<165>1 2023-08-26T13:11:52-05:00 opnsense.my_website.org dpinger 52422 - [meta sequenceId="6"] ALERT: AIRVPNTWO_VPNV4 (Addr: 10.address.1 Alarm: loss -> none RTT: 16.7 ms RTTd: 2.0 ms Loss: 3.0 %)                                                                                                                  │
│<165>1 2023-08-26T13:17:50-05:00 opnsense.my_website.org dpinger 54441 - [meta sequenceId="1"] MONITOR: WANXFINITY_DHCP (Addr: 8.8.8.8 Alarm: down -> none RTT: 13.1 ms RTTd: 1.0 ms Loss: 0.0 %)                                                                                                                    │
│<165>1 2023-08-26T13:17:50-05:00 opnsense.my_website.org dpinger 54441 - [meta sequenceId="2"] MONITOR: WANxfinity_GWv6 (Addr: 2001:address::8888 Alarm: down -> none RTT: 13.2 ms RTTd: 1.1 ms Loss: 0.0 %)                                                                                                       │
│<165>1 2023-08-26T13:17:50-05:00 opnsense.my_website.org dpinger 54441 - [meta sequenceId="3"] ALERT: AIRVPNONE_VPNV4 (Addr: 10.address.1 Alarm: down -> none RTT: 42.9 ms RTTd: 1.4 ms Loss: 0.0 %)                                                                                                                   │
│<165>1 2023-08-26T13:17:50-05:00 opnsense.my_website.org dpinger 54441 - [meta sequenceId="4"] ALERT: AIRVPNTWO_VPNV4 (Addr: 10.address.1 Alarm: down -> none RTT: 17.8 ms RTTd: 3.3 ms Loss: 0.0 %)

I have my VPN set to stop restart (I have a cron job that uses the pluginctl -s command to stop then start the vpn after 2minutes) every 8 hours, these logs show the stop/start at 11am and 1pm respectively.

I run 2 openvpn clients in failover, and I am not using the new "instance" yet because I have not been able to get the gateway to work (I believe something that was done automatically before is no longer automatic).

I believe the log also shows where I manually went to single>gateway>the VPN gateway and hit apply to restart the monitor.

This is on 23.7.2.  Please let me know if there is another log that you would like to see.

Thanks,

Good afternoon,

Does anyone have any experience using the command:

Code Select Expand

bectl export

I am running ZFS on one disk (limitation of the hardware I run OPNsense on) and I was thinking of backing up snapshots to my NAS, so in the off chance something failed, I could have a decent starting point to restore everything.

The definitive post on ZFS and bectl, https://forum.opnsense.org/index.php?topic=25540.msg122731#msg122731, does not mention the export command so I am hoping someone has some experience to share.

Thanks in advance,

Samplex,

I am having the same issue with OpenVPN ... https://forum.opnsense.org/index.php?topic=35124.0.

So far nothing has changed (with patches / updates).

The way to get it to work for me is to resave the gateway (making no changes) and hit apply changes.

Dpinger will then work until my OpenVPN instances restarts and I have to do it again.

My setup previously worked since early 2020, with no intervention so I am not sure what happened.

I cannot get my old OpenVPN client to work when I migrate them over either... I suspect their are issues which will be hammered out sooner or later.

We are probably edge cases because no one seems to be helping / having similar issues.... and I am not sure how to even start describing this to file a proper bug report.

Cheers,

I am pulling my hair out on this one.

I have completely copied current working (pre-MVC/API) configuration to the new OpenVPN Instances.

It connects, I can get the Dpinger to work if I specify a ping address, however the pre-MVC/API config automatically pings X.X.X.1 (the gateway) if its address is X.X.X.26.

The new OpenVPN instances config does not automatically get a gateway and that is why dpinger is not working.

Error I get is:

Code Select Expand

/usr/local/opnsense/scripts/routes/gateway_status.php: Gateway currently empty for 1.1.1.1 on opt6

I was using 1.1.1.1 as the monitor IP.  I have also confirmed that I it works on the VPN gateway even though it is not automatically set.

I have played with the gateway tick boxes as well as specifying my wan IP in the routes boxes in instances to no avail.

On the old client config I would set my wan interface (but there is no option for that in the new system), so I am not sure if there is another way to set that within OpenVPN instances config and this will set the gateway.

I am by no means an expert with OpenVPN / routing in general (I muddle along until stuff works / RTFM).

In this case there doesn't seem to be a manual and I have muddled as far as I can.

Am I overlooking looking something simple?  I am unable to determine what needs to be setup to make OpenVPN set / use gateway properly.

Cheers,

I believe you are going to have to use templates to achieve this.

https://docs.opnsense.org/development/backend/templates.html

The only time I have done this was with unbound ....when they took away the custom box.

https://docs.opnsense.org/manual/unbound.html ... Scroll down to advanced configurations.

I think this is how you set it up so your custom additions (outside the UI) survive reboots.

Cheers,

After migrating to 23.7 everything is working as well as previously in 23.1.10/11 excepting Dpinger with OpenVPN.

When I switch servers the dpinger instance shows down (red) until I go to System > Gateways > Single > edit the gateway of the client in question (I use two OpenVPN clients configured to failover ... https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066), save then reapply.

This makes the gateway come back up as green with a ping etc.

I rebuilt my OpenVPN clients using the new instance system as well.

Everything seems to work (OpenVPN shows I have an IP and up) but my instance does not seem to work with System>Gateways>Single or Group.

Has anyone else experienced anything similar / have any insight?

Saltyzip,

Are you using IPv6?

I noticed that this issue stopped when I turned off IPv6.

I have a similar setup as yours, I have 2 VPNs set up with lists of different servers that fail over (part of a gateway group).

In my case when I boot my internet gateway (Xfinity) goes up and down multiple times due to something with IPv6 and every time this happens OpenVPN does what you have described (launches a new instance) until I run out of the 5 server slots my VPN (AirVPN) provides and it gives me the failure lines in the log. 

At that point it looks like I am logged in on all 5 at once, but I remain logged into the last 2 and everything that depends on the VPNs works but you cannot use the UI to stop them or restart them and the UI shows them being down but with IP addresses

After restarting OPNsense I just manually kill both connections with from the terminal with ps aux, restart them and everything is rock solid.

If you do not use Ipv6 and this is happening my theory goes out the window, when I turned it off a month or 2 ago it fixed the problem, but I am using it again.

This started happening for me sometime after 23.1, and I believe it has to due with the dynamic config pages.

I assume it will be fixed eventually and we are probably edge cases because no one discusses it on the forum.

Cheers,

That did the trick.

Thanks for the help Franco.

I am still getting the same error for some reason:

Code Select Expand

sudo opnsense-code -f tools                                                                                                                                                                          ─╯
hint: You have divergent branches and need to specify how to reconcile them.
hint: You can do so by running one of the following commands sometime before
hint: your next pull:
hint:
hint:   git config pull.rebase false  # merge
hint:   git config pull.rebase true   # rebase
hint:   git config pull.ff only       # fast-forward only
hint:
hint: You can replace "git config" with "git config --global" to set a default
hint: preference for all repositories. You can also pass --rebase, --no-rebase,
hint: or --ff-only on the command line to override the configured default per
hint: invocation.
fatal: Need to specify how to reconcile divergent branches.

Do you think there is something else going on?

I have not done anything really custom to the install and am using standard the community release type.

Thanks again,

I have a similar problem.

It started 2 weeks or so ago and I had planned to wait until after 23.7 to see if it fixed itself, but since this thread was started I will ask now.

Code Select Expand

sudo pkg update &&  sudo opnsense-code ports tools src                                                                                                                 ─╯
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
hint: You have divergent branches and need to specify how to reconcile them.
hint: You can do so by running one of the following commands sometime before
hint: your next pull:
hint:
hint:   git config pull.rebase false  # merge
hint:   git config pull.rebase true   # rebase
hint:   git config pull.ff only       # fast-forward only
hint:
hint: You can replace "git config" with "git config --global" to set a default
hint: preference for all repositories. You can also pass --rebase, --no-rebase,
hint: or --ff-only on the command line to override the configured default per
hint: invocation.
fatal: Need to specify how to reconcile divergent branches.

When I try the fix Franco suggests:

Code Select Expand

sudo opnsense-update -f tools                                                                                                                                          ─╯
Usage: man opnsense-update

Is the root cause for my error different then stw, and that is why the opnsense-update command is saying check the man page?

Thanks in advance,

I followed this guide.

https://labzilla.io/blog/force-dns-pihole

Scroll down to Create IP list part of the guide

It is written for PFsense but works with OPNSense.

Cheers,

It built without any changes to the default makefile in the ports tree, but it did take a few hours.

The dependencies weren't that big an issue for me, because I have built other programs.

Obviously, this may not be the case for everyone.

What I like about the OPNSense community is that you are encouraged to figure out how to do things with the tools provided.

"Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime"

Lao Tzu

Cheers,

You could compile it yourself.

This post explains setting up the ports tree:

https://forum.opnsense.org/index.php?topic=15011.0

I keep everything updated with the following command:

Code Select Expand

sudo pkg update &&  sudo opnsense-code ports tools src

I got errors for not having gmake and mpfr, they need to be installed:

Code Select Expand


sudo pkg install gmake
sudo pkg install mpfr


To make btop:

Code Select Expand

cd /usr/ports/sysutils/btop
sudo make install

This is taking a bit to compile, but so far I have experienced no other errors.

Cheers,