Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Custom Options ignored after reboot like –> push "route ...... etc"

    OpenVPN
    2
    6
    1307
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gcomm last edited by

      These are my pushed routes and they work great after I click save:

      Then after any reboot they quit working but are STILL in the "Custom Options" box just like I left them.

      The only thing I need to do to get them working again is just click SAVE and then they work again.

      Here's the openvpn.conf file

      [2.3.2-RELEASE][admin@pfSense.localdomain]/var/etc/openvpn: cat server2.conf
      dev ovpns2
      verb 1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun2
      writepid /var/run/openvpn_server2.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      local ************
      tls-server
      server 192.168.100.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc/server2
      username-as-common-name
      auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server2" via-env
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'VPN+Server+Certificate' 1"
      lport *****
      management /var/etc/openvpn/server2.sock unix
      max-clients 10
      client-to-client
      ca /var/etc/openvpn/server2.ca 
      cert /var/etc/openvpn/server2.cert 
      key /var/etc/openvpn/server2.key 
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server2.tls-auth 0
      comp-lzo no
      persist-remote-ip
      float
      topology subnet
      push "route 10.11.0.0 255.255.0.0 192.168.100.1 1"
      push "route 10.12.0.0 255.255.0.0 192.168.100.1 1"
      push "route 10.4.0.0 255.255.0.0 192.168.100.1 1"
      
      

      I haven't been able to check out the .conf file when they are not working to see if they are still there.

      Any suggestions?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • B
        biggsy last edited by

        The hint below where you enter those says:

        "Enter any additional options to add to the OpenVPN server configuration here, separated by semicolon."

        1 Reply Last reply Reply Quote 0
        • G
          Gcomm last edited by

          Works fine entering each push route on individual lines like this then pressing SAVE

          It reformats it and then going back in it looks like this:

          My routing table before connecting to VPN:

          Routing table after separating each route line by line and pressing save:

          Now, if the PfSense reboots the pushed routes do not get pushed even though they appear the same in pic #1 under "Custom Options".
          If I separate each line with a semicolon those semicolons are discarded and they end up looking like pic #1 again…..  ???? I don't get it.

          1 Reply Last reply Reply Quote 0
          • B
            biggsy last edited by

            Hmmm,  doesn't do that on my 2.3.4_RELEASE.  However, I'm using semicolons


            1 Reply Last reply Reply Quote 0
            • G
              Gcomm last edited by

              2.3.2 here.

              Are your pushed routes unaffected by server reboots on 2.3.4 as perceived from the client?

              1 Reply Last reply Reply Quote 0
              • B
                biggsy last edited by

                As it happens, I just had to reboot because the cable ISP was doing planned maintenance.

                Yes, the routes are completely unaffected on the client.  Though I've never experienced the problem you're seeing.

                I noticed that the OpenVPN Client Export package allows separation of push statements by either a linefeed or a semicolon.  Whereas the OpenVPN Server settings only seem to permit the semicolon.  Should probably be consistent.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy