Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOMETHING IS BROKEN AFTER 2.3.3-RELEASE-p1 UPGRADE

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jompigrande
      last edited by

      Hello, im using a site to site (remote server) configuration in the following way:

      on IPv4 Remote network(s) im putting public ip adress of the server, so i can bypass firewall rules and encrypt all the comunication between site(LAN) to site (remote server). It was working without any issues until i update to 2.3.3-RELEASE-p1 last time. If i check routes, and configurations between different firewall releases i see them matching, but with the latest release this escenario isnt working.

      I have the following diagnose:

      pinging from server to site LAN its working, but pinging from LAN to server isnt.

      Traceroute from server to LAN works well one leg of the vpn to the other leg and then the ip on the LAN, tracing from lan to server or even from firewall to server doesnt gives any result

      Trying to add an interface associated with the vpn tunnel, and manually adding the route on routing, doesnt help neither
      (with all the need firewall rules also)

      Server its running openvpn-2.3.14

      Any clue on this? anyway to do an small rollback without reinstalling

      Regards, Jose

      1 Reply Last reply Reply Quote 0
      • J Offline
        jompigrande
        last edited by

        VERSION WORKING: 2.2.5-RELEASE
        VERSION NOT WORKING: 2.3.3-RELEASE

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          Put this into the advanced options on the client:

          allow-recursive-routing;
          

          OpenVPN changed their code to stop allowing the use of the VPN endpoint address inside the VPN, since in most cases it is not a valid configuration and can lead to a loop.

          –allow-recursive-routing
                        When this option is set, OpenVPN will not drop incoming tun
                        packets with same destination as host.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • J Offline
            jompigrande
            last edited by

            That completly solve the problem, hope openvpn configuration can have a checkbox to enable this option in the future, and hope information in this topic can help anyone else in the same situation after the upgrade.

            Thanks Jimp!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.