Problem with OpenVPN clients and routing?
-
You're the only person I've seen or heard of having trouble with multiple clients on 2.4 (or 2.3 for that matter).
I run several OpenVPN clients on 2.4 and they all work, 24/7, for weeks/months at a time.
It's something specific to your settings, either what you have configured or what is being pushed to you. It could be a conflicting or overlapping route or tunnel network, for example.
-
You're the only person I've seen or heard of having trouble with multiple clients on 2.4 (or 2.3 for that matter).
I run several OpenVPN clients on 2.4 and they all work, 24/7, for weeks/months at a time.
It's something specific to your settings, either what you have configured or what is being pushed to you. It could be a conflicting or overlapping route or tunnel network, for example.
I tried to show in an earlier post that the routes don't overlap. I don't specify remote networks in the OVPN client config either. I do have OVPN clients set to not pull routes and to not add/remove routes. That was how I was taught to do it and it works in pfsense 2.3. But, maybe that doesn't work with pfsense 2.4 or openvpn 2.4?
I'm not sure how it's logical for anybody to say it's on my end when I change nothing and it stops working after an update.
-
Because nobody else can reproduce it and it affects only you, the logical conclusion is that it is something in your environment, config, etc.
-
Because nobody else can reproduce it and it affects only you, the logical conclusion is that it is something in your environment, config, etc.
What you're implying is that my pfsense config can be magically changed, not by me, so as to cause a problem. That wouldn't be good business for netgate or for any users of pfsense. Nor does it make sense for software developers who usually pride themselves on logic.
I understand it's difficult to see this as a problem if only 1 person is reporting it but let's try to remember the facts of the case.
-
Until the actual cause is located, however, the burden is still on you to diagnose it because nobody else can. I'm not saying your config magically changed, but something about it is causing the unintended behavior.
OpenVPN 2.4 also does a lot more dynamic negotiation, like NCP, where new settings are used in potentially unexpected ways depending on what the other side does.
So it may be that the provider(s) are sending you settings that do nothing in 2.3.x but activate things in 2.4.x which could be part of your issue.
There have not been any changes in OpenVPN code on pfSense in over a month, and the most recent change to OpenVPN itself was nearly two months ago (OpenVPN 2.4.3 on June 21).
-
Little more info.
As I'm using 2.3.4p1 now I see that when an openvpn client is stopped the routes (as seen in diag_routes.php) are removed as they should be. In 2.4 betas they were not removed.
