Messages

Thanks Franco

Hi,

In the latest change log I found this entry: "openvpn: add unique daemon name to each instance"

I couldn't find anything about this change here, does anyone know what this is for?

Best regards,

Maarten

Is there a solution for this problem yet? I have the same issue, all I can find is are solutions that involve manually changing config files, which are overridden by a firmware update. This is not practical if you have a dozen of routers with regular firmware updates.

Best regards,

Maarten

Thanks for the info!

Hi Franco,

Yes it's a VM, I always disable timesync, but maybe it was activated at some time during a VM move or so.

Hi Fright,

Thanks for your response, this did the job perfectly!

Best regards

Hi, I've got a problem with aliases not being updated. The reason seems to be that the timestamp of it lies within the future.

Code Select Expand


/var/db/aliastables

-rw-r-----  1 root  wheel    32 Jan 14 13:54:39 2022 WebServers.md5.txt
-rw-r-----  1 root  wheel   250 Jan 14 13:54:39 2022 WebServers.self.txt
-rw-r-----  1 root  wheel   250 Jan 14 13:54:39 2022 WebServers.txt


What's the best approach to solve this? I can do a "touch"  to the file to give it the current timestamp, but I don't know if that's the way to go or even which of the 3 files to touch.

Best regards,

Maarten

Hi KH,

Good find, so they changed it from int32 to uint32 and should be "fixed" whenever opnsense upgrades to the freebsd version including this fix.

Maarten

Hi, I'm trying to configure a pipe larger than 2gbit, but anything I configure over 2.1gb causes problems. The Shaper status does not show queues/rules after it encounters the pipe over 2.1gb.

for example "ipfw queue show", doesn't show anything, if there is a pipe over 2.1gb

Best regards,

Maarten

(OPNsense 21.7.1-amd64) (I checked, but this is also the case with OPNsense 20.7)

I did some testing with a vanilla configuration, and measured the time it took opnsense to reconfigure all connections:

1 vpn server configured = 30sec total
2 vpn servers configured = 100sec total
3 vpn servers configured = 25sec total !?!?!?!?

Then I deleted the 3rd and it took 20 seconds, but the boot after that it was 40. Seems like the delay is a bit random.....

This was my "vanilla" test. One instance already gave delays.

Settings: (nothing special)

Server Mode: P2P
Device Mode: Tun
Protocol: Udp
Interface: LocalHost (but tried other options as well)
IPv4 Tunnel Network: 10.0.10.4/30

yeah, I named it x, because I have about 10 vpn server instances. So x stands indeed for 1,2, 3 etc.

Like I mentioned above, I've tested a "vanilla" installation, latest version of opnsense, so clean sheet, no config import whatsoever. Just added a few openvpn servers and created an interface for it. That results in the delay right away for me.

So there are no associated errors or delays in the OpenVPN log...?

I'm not seeing the issue despite having multiple OpenVPN Client (ovpnc) interfaces.

Also, because you are not seeing the issue on all such interfaces, it suggests the problem lies in just those with a delay.

There are no errors in my opnvpn log, the openvpn daemons start without issues. It's just the script "configctl interface newip ovpns..." which causes the delay if you attach an interface to the openvpn instance.

I've commented out that line in the script "10-newwanip", and it was fast right away. Of course this script does not run for nothing, so I restored the setting after testing.

Do you have in "timeouts" in general log without OpenVPN interfaces? Like this one:

configctl[11670]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out

No

I did some testing with a vanilla configuration, and measured the time it took opnsense to reconfigure all connections:

1 vpn server configured = 30sec total
2 vpn servers configured = 100sec total
3 vpn servers configured = 25sec total !?!?!?!?

Then I deleted the 3rd and it took 20 seconds, but the boot after that it was 40. Seems like the delay is a bit random.....

[configctl interface newip ovpns5]

Apparently executing this command is taking a long time:

configctl interface newip ovpns5  (this is executed for every vpn server you've configured)

This command is fired from this script:
/usr/local/etc/rc.syshook.d/start/10-newwanip

I noticed the delay is there as when you assign an interface to the vpn instance. If you remove the interface assignment there is no delay anymore. (but your setup doesn't work of course)