Port forwarding on OpenVPN interfaces is broken on 2.5.1
-
We can continue the test and discussion here from the thread:
https://forum.netgate.com/topic/162924/to-2-5-1-or-not-that-is-the-question/22I just updated to 2.5.1.
Some issues here. I have a Plex Server running on another computer. I have VPN running on that one with port-forward and policy routing. The port-forward doesn't work anymore. But the computer can still access Internet with the VPN.
But the only thing that doesn't work is the port-forward :(Another issue is the DNS Resolver. After reboot of the firewall, i don't have access to internet. Only the computers that have static IP on the interface. I cant access any device using the dns. I have to restart unbound. After that i can access computers with the dns.
The DNS problems was on version 2.5.0 also but not the port-forward problem.
The DNS problems seems to appear when i have multiple VPN Client running. It could be some bad configuration from my side, but it has always worked on version 2.4.5. It starts on version 2.5.0.So, i'm planing to move back to 2.5.0 or even 2.4.5p1 (not sure when)
To bad i can't run my Plex Server anymore with VPN and port-forward(so my plex server is online and accessible outside my network) -
@ciscox
So I did get to nuke my 2.5.1 install tonight. I was also experiencing stability issues with it so I just stopped troubleshooting. Got fed up with 2.5.1.Anyway, I did a clean install of 2.5, restored my 2.5 config and waited for all the packages to install. I am using pfBlockerNG, Suricata (only on a DMZ interface), OpenVPN client export and Service Watchdog (because Unbound is randomly crashing on 2.5). After that I went to check if port forwarding is working on my OpenVPN interface...and BINGO! Port forward on OpenVPN interfaces is working fine.
I recommend to stay away from 2.5.1. I know I am using the CE edition and maybe I complain too much but if Netgate's own hardware would be more stable and everything working fine, I would gladly spend the money and buy it since this troubleshooting is costing me a lot of time. But seeing how unstable pfSense 2.5 and 2.5.1 is on Netgate's own hardware got me seriously considering other options. For now I need to take a break from this headache and will let it run 2.5 since this is the version which ran fine for days without issues. 2.4.5 p1 ran amazingly fine as well but going back to that older version now means to deal with packages which are "old" as well. Too much of a hassle this :(
-
Probably this: https://redmine.pfsense.org/issues/11805
-
@bob-dig Exactly that yes. I will register for redmine and add my comment there also. Thank you and let's hope this is fixed fast. Till that time I am staying on 2.5. Less drama.
-
I just roll-back to 2.5.0. Port forwarding is working now again on the OpenVPN interface. :)
Only bug i have is the DNS doesn't work after reboot of the firewall. The problem started on version 2.5.0 and is the same on 2.5.1.
Only fix is to restart Unbound after bootup. Sometimes Watchdog restart the unbound service, but not all the time. -
@bob-dig said in Port forwarding on OpenVPN interfaces is broken on 2.5.1:
Probably this: https://redmine.pfsense.org/issues/11805
Yeah that's probably the same bug :)
