Having to manually restart openvpn client after each pfsense reboot

johnha · Nov 4, 2020, 7:32 PM

When ever I reboot the pfsense server, the openvpn client establishes a connection with the vpn server just fine but traffic does not route through the vpn connection until I login to pfsense -> status -> OpenVPN -> restart.

what do I need to configure so that a reboot of the server doesn't require manual intervention to route traffic through the vpn ?

johnpoz · Nov 4, 2020, 7:46 PM

If I had to guess - prob has something to do with your dns... How do you have that setup? Possible unbound starts before the vpn comes up.. Or maybe the other way around - but that would be my guess something hanging up with that process.

You prob be better off setting unbound to only use localhost for outbound - this way it shouldn't have any issues binding to interface once vpn is up traffic should flow through your vpn for dns, etc.

On a side note - how often are you rebooting pfsense? Mine has been up for

148 Days 01 Hour 30 Minutes 32 Seconds

Which was when I updated it to to 2.4.5p1 ;)

johnha · Nov 4, 2020, 7:57 PM

currently I have my dns/dhcp offloaded to another system, a raspberry pi running pi-hole. I will probably migrate from the pi to pfsense in the future but I have not just yet.

I just started using surricata on the pfsense so more reboots than I expected, until I get surricata tuned.

the OpenVPN session with the remote server establishes just fine after a reboot so I don't think it is a dns issue.

johnpoz · Nov 4, 2020, 8:39 PM

Ok if your running your dns off pfsense.. Then that shouldn't be related no..

Pippin · Nov 4, 2020, 10:16 PM

See if adding

route-delay 5

to the advanced options box helps...

johnha · Nov 4, 2020, 10:41 PM

@Pippin said in Having to manually restart openvpn client after each pfsense reboot:

route-delay 5

I assumed you meant to add it to the openvpn configuration options box. tried adding "route-delay 5" and rebooting.

Traffic still routes directly out the WAN connection until I manually restart the OpenVPN service/interface.

johnha · Nov 5, 2020, 12:55 AM

not sure why but I disabled all the openvpn client interfaces / suricata interfaces / toggled the network adapter offloads / edited the firewall lan rules and then rebooted.

added everything back in and rebooted. now everything seems to be coming up in the expected state.

ipguy · Sep 19, 2021, 12:20 PM

This post is deleted!