Does OpenVPN survive the upgrade?
-
There's nothing to uninstall/reinstall with OpenVPN. It survives the upgrade with no changes.
The upgrade broke my OpenVPN setup. The TLS key negotiation does not work, and remote clients cannot authenticate and connect.
This is extraordinarily unlikely given minimal changes in OpenVPN and no other reports of it not working after upgrade. Please start a new thread with specifics of what you're seeing. Filtering firewall states for the OpenVPN connection(s) and showing their status would help too. Sounds like a general lack of connectivity possibly, like what would happen if a firewall rule were missing, or a NAT rule overlapping and sending the traffic elsewhere.
-
It survives updates unless something else got screwed up?
What packages were you running before the update?
List of everything installed please before the update.
I like a clean install of pfsense and restore config if you encounter an unexplained glitch.
EDIT - Ohhh - This is KOM asking. I'm assuming now that its not broken and that you are just asking if it will survive and that you haven't updated.
Its cool - You will have no issues. I'm on openvpn 24/7 and updated over openvpn. Its working great.
-
I am still trying to diagnose the behavior. The log files indicate that the TLS auth key exchange is not being completed. The port that needs to be open is definitely open. I will post again as I learn more, but this upgrade has bitten me badly in several key areas.
-
This is very strange. I cannot connect if the client is behind a pfSense 2.2 firewall. I have outbound NAT set up for Static Port.
I have tried connecting to one of my remote pfSense 2.2 boxes, and a friend's 2.1.5 box via OpenVPN, and both connections fail from behind pfSense 2.2, if I use a different connection that does not come from behind pfSense 2.2 everything works as expected.
EDIT
Please disregard my earlier comments. A reboot of my DSL bridge seems to have fixed things. -
My openvpn config didn't survive the upgrade either 2.1.5 to 2.2. After removing and re-adding all certificate, removing and re-adding the 2 openvpn servers and trying different settings on the remote clients and the pfsense server, I can get a connection but routes are not pushing. I am not too worried about debugging this as I am plan to start fresh tomorrow with a clean install, but figured I should mention it as someone else has apparently had a similar issue.
-
Its cool - You will have no issues. I'm on openvpn 24/7 and updated over openvpn.
Good to know, thanks.
I'm currently running i386 so this is my chance to switch to x64. I'm a bonehead for not initially mentioning that my upgrade path is to restore from backup config XML. I don't know if all of the OpenVPN config can be contained & fully restored in the XML file, or if I'm going to have to config it from the ground up and redistribute new OpenVPN clients to all my remote staff…
-
If it were not going to work, mine would be dead.
P.S. Dump the rrd data. I dont think it will restore well between 32 and 64 bit architectures.
-
Please disregard my earlier comments. A reboot of my DSL bridge seems to have fixed things.
-
Nooooo!!!!! Its GOT to be pfsense. (kidding)
-
@KOM:
While I have no problems removing an then reinstalling most of the packages I use, I'd really rather not have to do that with OpenVPN. Does anyone know if going from 2.1.5 with OpenVPN to 2.2 result in working VPN access from remote clients?
Just to clarify for other readers. OpenVPN is not a pfSense package, is is built-in and any config upgrade changes needed are done automatically by the upgrade process, like with any other built-in pfSense features. As it happens in the case of 2.1.5 to 2.2 upgrade, I don't think there are any OpenVPN config file format changes.
OpenVPN Client Export is a package - that is just an add-on to allow OpenVPN client configs to be generated for various "road-warrior" style client devices. It only reads the built-in OpenVPN config to generate the necessary client config file, certs, keys… That package will auto-reinstall after the 2.2 upgrade.Really there is nothing to do here - just upgrade and it flies. I have upgraded 10 offices remotely over their existing site-to-site OpenVPN links. The upgraded box reboots into pfSense 2.2, the OpenVPN links re-connect, myself and the users get back to work.
-
Upgraded and my simple Client to Server VPN tunnel works fine.
-
I have some issues with OpenVPN after the upgrade from 2.1.5 to 2.2
I have three OpenVPN server configurations all running on different UDP ports
When I reboot Pfsense in the webinterface only one OpenVPN server configuration seems started, the other two have a red cross (and are unable to start manualy)
When I look on the console\shell with "ps -aux | grep openvpn" all tree OpenVPN configurations are running, and I can also succesfully connect to all three configurations
But in the webinterface only one configuration has the status started (green)
When I kill all three OpenVPN processes on the console\shell, and I manualy start all three OpenVPN configuration by using the webconsole, all the three services get the green running button and everything is fine. So it seems something is wrong in the webinterface or all three OpenVPN configuration are started as one service or something like that -
There have been problems that somehow the PID file for an OpenVPN instance can get updated with a new PID but the new process dies because the old process is still there, or some similar timing interaction. In that case the dashboard code is trying to query the OpenVPN status of a PID that does not exist - so it shows down. But actually the OpenVPN instance is happily running with some other PID and users are happy.
As you report, if you kill all the processes then start them 1-by-1 it all goes green. That is because the PIDs in the PID files now match the PIDs of the running processes.
Actually you will probably find that from a user point of view all OpenVPN instances were working fine.If someone can pin down the sequence of events that causes this, then it can be fixed some day :)
