2.4.0-Beta OpeVPN Wizard issues



  • I have 2.4.0.b.20170629 and I ran the OpenVPN wizard, couldn't connect. So I went messing around and I noticed a bunch of issues. #1 it created the generic rule in the LAN section of the firewall rules instead of wan and with the LAN address instead of the wan address. I redid the wizard like 1/2 dozen times.

    I also try to force all the data through the tunnel and I have the openvpn rule correct, but when I connect I can't get any data anywhere. I can't ping anything internal or external and my DNS server won't respond.

    I had a IPSEC tunnel between my office and my house where the firewall is, so I even disconnected that and still nothing works.

    Any ideas?



  • If your force all the data through the tunnel, you also need to make sure you have the option set in the openvpn config to assign a DNS server to it when it gets an address from the DHCP pool, since it will need a DNS server internal to your network, and reachable from the VPN ip space.



  • That is not my problem. This issue is a bug or non-reproducible quirk where the Wizard was doing the setup backwards and then just not working when corrected.

    I ended up doing a processor swap on that unit from a Core i5-3570 to a i5-3470, using the 3570 in my Debian workstation and I had gotten a water cooler for my main workstation which has an extreme processor and took this loud, ugly blue-led Intel Extreme tower cooler and put that on the firewall which is in the unfinished part of my basement where it can't be heard. I doubt my holiday decorations or my chest freezer will mind that roar. But I have a firewall where the processor idles at 27.0C. Of course on a 3rd gen i5, the CPU is ALWAYS idle.

    So while I was doing that, I reloaded it back to 2.3.4 and whatchdidja know it works perfectly. I highly doubt a slower processor and a larger CPU cooler and a 10C temp drop would make a difference which my OpenVPN. Mainly also because I need to run Openvpn on port 443.

    The IT guy at my church put in this Aruba wireless system and literally blocked every port except 80 and 443 almost but allowed UDP on 80 and 443. My comcrap internet blocks port 80 (only TCP), but doesn't block 443.


  • Rebel Alliance Developer Netgate

    The only way the rule could end up on LAN is if you selected LAN for the interface where the VPN should bind/listen. That's a manual option you would have had to set in the wizard. The code uses the selected interface specifically and does not make any assumptions about the interface name.