~~pfSense 2.4.3 OpenVPN Wizard BUG?~~
So, yesterday I was at a clients office and wanted to setup OpenVPN remote access.
pfSense was on the latest version, being 2.4.3 running on VMWare Esxi.
I used the OpenVPN Wizard, as I've done before (on pfSense 2.4.2)
At the end of the wizard I checked the add firewall rules, as I've done before.
But now, as soon as I finished the wizard, I start getting notices in pfSense. (see screenshot).
About 15 to 30 minutes later (can't recall the exact time) there was no internet in the building!
LAN was working, VLANS working, but internet was gone. The Notices got more and more over time.
There was enough HDD space, there was enough memory, everything looked normal except for the notices and no internet.
The default gateway was set and up, DNS was configured and running but all to no avail.
I did see that the wizard added the OpenVPN rules to the interfaces, but the notices kept coming.
I checked the firewall rules, but they looked ok to me.
So I rebooted pfSense, but that didn't help either.
I then decided to call the internet provider to check if there was a problem on their side, but no problem there either. :-(
The only thing I could do, was ping from within pfSense to the internet with source address set to WAN. That worked.
But when I pinged from source address LAN, no luck.
So I couldn't resolve the problem in a decent amount of time, then I decided to restore the VMWare snapshot I made before the OpenVPN configuration!
Everything worked fine after that.
Now I must say that it was a rather simple pfSense setup, with WAN, LAN, 2 extra VLANS, pfBlockerNG. Nothing to complex.
But it didn't feel right, so this morning I installed pfSense 2.4.3 on my own VMWare machine and used the OpenVPN wizard to see if I could replicate the issue. And indeed. As soon as I finished the OpenVPN wizard, the notices start coming in.
I cannot however replicate the exact described problem, as I do get notices (screenshot) but I still am able to ping to the internet from both WAN and LAN. But the fresh installed pfSense is not as configured as the client one yesterday.
I just wanted to share this with you all, and maybe there is an bug in the OpenVPN wizard in pfSense 2.4.3
Yes, it's a BUG. It has already been fixed for 2.4.4.
Edit the OpenVPN firewall rule on WAN, change the protocol from ANY to UDP or TCP as needed and save the rule.
I should have checked the bugtracker:-)
But thanks for your response.