Bug in Pfsense x64 version 2.6.0
-
You can't disable OpenVPN interfaces after updating from 2.5.2 to 2.6.0 . It forces you to delete the interface before you can turn them off.
-
@ryu945 Not a bug, by design.
a lot of complaints already. -
@jarhead It is such an annoying design decision that I already wish there was an easy way to go back to 2.5.2 without having to completely reinstall Pfsense.
-
There are so many things that just doesnt play well in 2.6.0 compared to 2.5.2
Its hopeless and slow in a production environment.
-
Because it was broken in 2.5.2. Disabling an assigned interface leaves the firewall in an invalid state. Unpredictable things may happen and that's the last thing you want from a firewall.
-
@stephenw10 But you should be able to disable it and let it stay there.
Not deleting it and then disable something that doesnt exist.
-
The OpenVPN config does still exist and can be disabled after it's been unassigned.
I agree though it might be nice to have it automatically disable the assigned interface when you disable the tunnel config for example. Doing that safely may well be a lot more involved though. Forcing the user to unassign it first is the safest option.
Steve
-
@cool_corona @stephenw10 Problem is that disabling the interface doesn't let you turn off OpenVPN either. Nothing short of deleting the interface allows you to turn off OpenVPN. This can lead to broken NAT rules if you don't fix your rules when you recreate the VPN. Sometimes the rules fix themself when you recreate the interface and sometimes you have to manually fixed all the rules for that interface.
It has been possible to turn off OpenVPN servers since 1.x.x days at least and not having this adds a lot more work in figuring things out.
-
That's only true is you assign the server as an interface and that's usually not required for a server.
For an OpenVPN client where you need to policy route across it that is often the case though.
-
@stephenw10 I mostly use it for clients. I haven't had to change a server OpenVPN client in awhile. There needs to be an easier way to turn on and off OpenVPN clients.
