Custom Options ignored after reboot like –> push "route ...... etc"

Gcomm

These are my pushed routes and they work great after I click save:

Then after any reboot they quit working but are STILL in the "Custom Options" box just like I left them.

The only thing I need to do to get them working again is just click SAVE and then they work again.

Here's the openvpn.conf file

[2.3.2-RELEASE][admin@pfSense.localdomain]/var/etc/openvpn: cat server2.conf
dev ovpns2
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local ************
tls-server
server 192.168.100.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server2" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'VPN+Server+Certificate' 1"
lport *****
management /var/etc/openvpn/server2.sock unix
max-clients 10
client-to-client
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
comp-lzo no
persist-remote-ip
float
topology subnet
push "route 10.11.0.0 255.255.0.0 192.168.100.1 1"
push "route 10.12.0.0 255.255.0.0 192.168.100.1 1"
push "route 10.4.0.0 255.255.0.0 192.168.100.1 1"

I haven't been able to check out the .conf file when they are not working to see if they are still there.

Any suggestions?

Thanks!

biggsy

The hint below where you enter those says:

"Enter any additional options to add to the OpenVPN server configuration here, separated by semicolon."

Gcomm

Works fine entering each push route on individual lines like this then pressing SAVE

It reformats it and then going back in it looks like this:

My routing table before connecting to VPN:

Routing table after separating each route line by line and pressing save:

Now, if the PfSense reboots the pushed routes do not get pushed even though they appear the same in pic #1 under "Custom Options".
If I separate each line with a semicolon those semicolons are discarded and they end up looking like pic #1 again…..  ???? I don't get it.

biggsy

Hmmm,  doesn't do that on my 2.3.4_RELEASE.  However, I'm using semicolons

Gcomm

2.3.2 here.

Are your pushed routes unaffected by server reboots on 2.3.4 as perceived from the client?

biggsy

As it happens, I just had to reboot because the cable ISP was doing planned maintenance.

Yes, the routes are completely unaffected on the client.  Though I've never experienced the problem you're seeing.

I noticed that the OpenVPN Client Export package allows separation of push statements by either a linefeed or a semicolon.  Whereas the OpenVPN Server settings only seem to permit the semicolon.  Should probably be consistent.