Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    v2.5 broke ExpressVPN Interface to Gateway Monitoring

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 644 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      thaddeusf
      last edited by

      Hello,
      After upgrading to PFSense 2.5 on both a SG-3100 and an ProtectLI x86 system, the interface to gateway functionality broke. I’ve taken several screen shots to help explain observations.

      The OpenVPN connection has been established by using the ExpressVPN guidelines.

      OpenVPN client is defined with correct values.
      c966dfea-c19d-4f9e-b762-c50016146597-image.png

      Connection is successful.
      7c25981d-70ac-43cf-a863-5426c67304db-image.png

      However, the monitor IP does not seem to respond and therefore the gateway is marked offline.
      b3c50df5-23a1-4b54-a8cc-44a34dec558f-image.png

      Reviewing the Gateway details.
      e7cae73b-7dfd-48b2-b09b-c3e39da519c1-image.png

      Disabling Gateway Monitoring destabilizes all traffic flow (not just VPN traffic).

      Currently I’m not able to route any traffic through the OpenVPN Gateway. The problem is specifically tied to 2.5 and did not exist in 2.4.5.

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD Offline
        DaddyGo @thaddeusf
        last edited by DaddyGo

        @thaddeusf said in v2.5 broke ExpressVPN Interface to Gateway Monitoring:

        After upgrading to PFSense 2.5 on both a SG-3100 and an ProtectLI x86 system,

        Hi,

        A lot of things have changed (2.5.0) that I can suggest about these:

        https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html

        this is always a problem, f.e.:

        f237323e-b0d7-4419-a721-c08bed452bc3-image.png

        BTW:
        TLS keys + new export client (pfSense) yes these are problems...... :)

        +++edit:

        While SS VPNEVPN allows GW PING, z EVPN does not...

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • T Offline
          thaddeusf
          last edited by

          A little more information.

          I can change the monitoring IP address in the routing>gateways>monitoring to the WAN IP address and the gateway reports good (because it is ping status from the WAN interface).

          However, the firewall LAN still report Blue Gateway status and no traffic is routing via the LAN rule.

          ...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.