"
Hi all,
I finally made the move to OPNsense from having using a plain Linux system for decades. So while not new in the field, I¨m still learning about the OPNsense (and BSD) way of doing things. Many thanks to all that have contributed to this over the years.
The OPNsense router/firewall has multiple WAN's. All traffic via one of those WANs needs to go via an OpenVPN tunnel, so that OpenVPN's tunnel is taking part in my gateway groups, not the WAN itself. This all works reasonably well, except for the fact that when that WAN goes down, the VPN reroutes via another WAN despite me trying to restrict that to one specific WAN only. This is not a big issue though, just not as tidy was I would like it.
What is of more concern is that when the WAN comes back online, OPNsense doesn´t see that. When the WAN is offline, OPNsense shows RTT=0.0ms, RTTD=0.0ms, loss=100%. This remains so when the WAN comes back onilne (the requested IP address, by DHCP in this case) is shown and the WAN surely is online. A restart of the dpinger process for that particular gateway resolves the issue (ie. signals that the WAN is back online).
In this particular case, the physical ethernet link stays up (as OPNsense is connected to a switch) when the WAN is down.
It looks to me like a bug in/around dpinger. While I put that forward for your consideration, is there a way to restart the dpinger process, preferably only for a specific gateway, via the commandline / cron? I'm looking for ways to have this work fully automatically and reliably, ie. if this particular WAN disappears, the OpenVPN tunnel should go down (not reroute via another WAN). When this particular WAN reappears, the OpenVPN tunnel should be re-established. If that is difficult to implement with OPNsense, then it's fine if the OpenVPN tunnel reroutes via another WAN as long as it goes back to the WAN it is supposed to go through when that reappears.
It very simple for me to reproduce, so will happily test potential fixes.
Any ideas / suggestions are most welcome.
Regards,
Jan
I finally made the move to OPNsense from having using a plain Linux system for decades. So while not new in the field, I¨m still learning about the OPNsense (and BSD) way of doing things. Many thanks to all that have contributed to this over the years.
The OPNsense router/firewall has multiple WAN's. All traffic via one of those WANs needs to go via an OpenVPN tunnel, so that OpenVPN's tunnel is taking part in my gateway groups, not the WAN itself. This all works reasonably well, except for the fact that when that WAN goes down, the VPN reroutes via another WAN despite me trying to restrict that to one specific WAN only. This is not a big issue though, just not as tidy was I would like it.
What is of more concern is that when the WAN comes back online, OPNsense doesn´t see that. When the WAN is offline, OPNsense shows RTT=0.0ms, RTTD=0.0ms, loss=100%. This remains so when the WAN comes back onilne (the requested IP address, by DHCP in this case) is shown and the WAN surely is online. A restart of the dpinger process for that particular gateway resolves the issue (ie. signals that the WAN is back online).
In this particular case, the physical ethernet link stays up (as OPNsense is connected to a switch) when the WAN is down.
It looks to me like a bug in/around dpinger. While I put that forward for your consideration, is there a way to restart the dpinger process, preferably only for a specific gateway, via the commandline / cron? I'm looking for ways to have this work fully automatically and reliably, ie. if this particular WAN disappears, the OpenVPN tunnel should go down (not reroute via another WAN). When this particular WAN reappears, the OpenVPN tunnel should be re-established. If that is difficult to implement with OPNsense, then it's fine if the OpenVPN tunnel reroutes via another WAN as long as it goes back to the WAN it is supposed to go through when that reappears.
It very simple for me to reproduce, so will happily test potential fixes.
Any ideas / suggestions are most welcome.
Regards,
Jan
