OpenVPN default route partialy broken in 2.3



  • Hello,

    I use an OpenVPN client as default route in my firewall.

    My LAN interface is a bridge of LAN1 LAN2 and WLAN.

    With pfSense version 2.2 this is working but after upgrading 2.3 the WLAN interface is not routed trough OpenVPN anymore.

    If I connect a computer on LAN1 my VPN is working as expected.
    If I connect it to the WLAN I can access the firewall but external not the network

    If I remove the bridge interface and use only the WLAN everything is working as expected.

    Is this a known problem ? Any idea on how to solve it ?

    Thanks for hour help

    Cédric



  • No issues along those lines that I'm aware of. What does the output of 'ifconfig bridge0' show?



  • bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 02:7a:26:1b:54:00
            inet 10.20.4.1 netmask 0xffffff00 broadcast 10.20.4.255
            nd6 options=1 <performnud>id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
            root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
            member: re1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 55
            member: ath0_wlan0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 33333
            member: re2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 3 priority 128 path cost 55

    re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:0d:b9:3a:17:58
            inet6 fe80::20d:b9ff:fe3a:1758%re0 prefixlen 64 scopeid 0x1
            inet 10.200.0.99 netmask 0xffffff00 broadcast 10.200.0.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active

    re1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:0d:b9:3a:17:59
            inet6 fe80::20d:b9ff:fe3a:1759%re1 prefixlen 64 scopeid 0x2
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active

    re2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            options=82099 <rxcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:0d:b9:3a:17:5a
            inet6 fe80::20d:b9ff:fe3a:175a%re2 prefixlen 64 scopeid 0x3
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (none)
            status: no carrier

    ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
            ether 04:f0:21:14:c8:5b
            nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11na <hostap>status: running</hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></performnud></up,broadcast,running,simplex,multicast>



  • If you remove the NIC with no carrier from the bridge, or plug it into something so it's live, does that change things?



  • Thanks for your help.

    In my real test condition LAN1 and LAN2 are disconnected. As soon as LAN1 and/or LAN2 are connected the tunnel is working.

    The same config is working properly with version 2.2.

    Any workaround or chance to have it fixed soon ?



  • is this a known problem or do I have to fill a bug report ?



  • Opened bug ticket here.
    https://redmine.pfsense.org/issues/6580


Log in to reply