Possible Bug Setting up OpenVPN Client

tagit446 · Oct 12, 2018, 2:48 AM

I have had 2 OpenVPN client instances setup in pfSense for the past year with no issues. The OpenVPN clients are setup to use ExpressVPN and each of the 2 clients are set to use different ExpressVPN servers.

Today for some reason both ExpressVPN servers I was using went down so I decided to setup a new client to one of their other servers.

Because the client needs an interface I have to leave the chosen interface in the config set to WAN until after saving the new client config. After that I create a new interface and assign it to the vpn client I created. Lastly I go back to the OpenVPN client i just created and edit the config to use the new OpenVPN interface then save.

This procedure has always worked in the past but now in pfSense 2.4.4 something has changed and the OpenVPN client config will not save after pointing the client to the new OpenVPN interface.

I think it may be due to the fact that in the past I could set the OpenVPN interface to use DHCP. In 2.4.4 it does not appear to be an option.. "IPv4/IPv6 Configuration - This interface type does not support manual address configuration on this page."

Is this a bug ?

If not is there a work around to get the client config to save?

jimp · Oct 12, 2018, 2:53 PM

In the past, having any setting other than None for IPv4/IPv6 was a configuration error.

It wouldn't have actually worked, and the fact that it let you configure what it did is probably a bug.

Setting it in the way you describe would cause one openvpn client to bind and run inside the other. Why would you want to run OpenVPN inside OpenVPN?

tagit446 · Oct 13, 2018, 12:20 AM

@jimp said in Possible Bug Setting up OpenVPN Client:

In the past, having any setting other than None for IPv4/IPv6 was a configuration error.

It wouldn't have actually worked, and the fact that it let you configure what it did is probably a bug.

Setting it in the way you describe would cause one openvpn client to bind and run inside the other. Why would you want to run OpenVPN inside OpenVPN?

Thanks for this information, I didn't realize the effect of what I was doing due to lack of knowledge and because it just worked. The reason I set it up like that is because I followed the setup guide on ExpressVPN's website and that is how the guide showed to set it up.

I actually questioned them a while back concerning a different part of the guide and there response was that they couldn't help because it was a user submitted guide.

EDIT: I looked at the guide again and I did misunderstand part of it. They do set the client interface to WAN but at the same time they also set the actual VPN interface to DHCP. So it looks like there guide is wrong AND I misunderstood part of it.

Now if I could just figure out how to get a working monitor IP on these VPN Gateways. I'll ask that question later though.