Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A bug? Adjusting interface configuration partially breaks OpenVPN connectivity

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 568 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DominikHoffmann
      last edited by DominikHoffmann

      I followed the instructions on Setting up an OpenVPN server with pfSense and Viscosity. Everything works. My next step is to try to use the Avahi package to get the OpenVPN client to see the Macs in the .local domain on the LAN.

      Along that track I have been trying to set up an interface for the OpenVPN connection. I was successful with that:

      Screen Shot 2020-05-20 at 4.35.32 PM.png

      However, as soon as I change the name “OPT2” which was assigned by default, I can no longer ping any LAN hosts, including the pfSense box at 192.168.1.1. Just enabling that interface, even without renaming it, causes the VPN connection to break in the same way. Enabling it would be required for having the OpenVPN interface show up in the Avahi configuration.

      For the record, potential sources of trouble with the configuration of my OpenVPN server are these:

      Screen Shot 2020-05-20 at 4.41.01 PM.png
      Screen Shot 2020-05-20 at 4.40.50 PM.png
      Screen Shot 2020-05-20 at 4.40.22 PM.png

      Also, I do have this firewall rule that was put in place by the OpenVPN setup wizard:

      Screen Shot 2020-05-20 at 4.55.47 PM.png

      There is obviously something going on behind the scenes that I don’t understand. Could this possibly be buggy behavior?

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Assigning a OpenVPN Interface will interrupt the traffic for this instance a short time, this is totally normal.

        -Rico

        D 1 Reply Last reply Reply Quote 0
        • D
          DominikHoffmann @Rico
          last edited by

          @Rico: I saw that. However, when I change the name of the active OpenVPN interface, ping output looks like this:

          64 bytes from 192.168.1.127: icmp_seq=92 ttl=63 time=173.793 ms
64 bytes from 192.168.1.127: icmp_seq=93 ttl=63 time=355.555 ms
64 bytes from 192.168.1.127: icmp_seq=94 ttl=63 time=110.442 ms
64 bytes from 192.168.1.127: icmp_seq=95 ttl=63 time=80.326 ms
64 bytes from 192.168.1.127: icmp_seq=96 ttl=63 time=66.868 ms
Request timeout for icmp_seq 98
Request timeout for icmp_seq 99
Request timeout for icmp_seq 100
Request timeout for icmp_seq 101
Request timeout for icmp_seq 102

          192.168.1.127 is one of the Macs on the LAN. Even if I cut the OpenVPN connection and re-establish it, ping from the OpenVPN client to 192.168.1.127 times out. The only way I have been able to get this fixed is by restoring from the most recent backup.

          D 1 Reply Last reply Reply Quote 0
          • D
            DominikHoffmann @DominikHoffmann
            last edited by

            @Rico
            … and this is not temporary.

            1 Reply Last reply Reply Quote 0
            • RicoR
              Rico LAYER 8 Rebel Alliance
              last edited by

              Well a LOT users assign OpenVPN instances as Interface so there can't be any problem in general....the forum would be flooded with threads.
              Must be related to your config somehow...is it possible for you to start over with vanilla pfSense settings, then only add the OpenVPN instance and assign the Interface? Check if this works, then add the other settings step by step.

              -Rico

              D 1 Reply Last reply Reply Quote 0
              • D
                DominikHoffmann @Rico
                last edited by DominikHoffmann

                @Rico
                it is temporary in that the situation does not survive a pfSense reboot. I am working remotely right now, but was able to ssh into the box, in order to reboot it.

                As for rebuilding the configuration from factory settings, that will have to wait.

                Also, it seems that renaming an interface not part of an active OpenVPN connection does not cause a loss of connectivity the the LAN.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.