[Solved] Upgrade to pfSense 2.6.0 broke OpenVPN
-
So I have 2 pfSense boxes with different external IP addresses, and different internal IP addresses (subnets) on the same internal network. They were both at pfSense 2.4.5-RELEASE-p1 (OpenVPN 2.4.9) until I just updated one of them to pfSense 2.6.0 (OpenVPN 2.5.4). Both were working flawlessly prior to the upgrade, and I can still connect to OpenVPN on both boxes. However, when I connect to the newly upgraded box, I can not route past the pfSense box itself. I can browse to the UI or SSH to it, and in either case, I can then confirm that it can reach other destinations on the network. If I connect to OpenVPN on the pfSense 2.4.5-RELEASE-p1 box, everything continues to work correctly as it had before.
I've checked through the server and client export settings, and there are no significant changes with the new version. I was even able to go through and change the settings on the upgraded server to match how the settings were previously with no change in outcome. Has anyone come across this? Or can anyone point me in the best direction to troubleshoot at this point?
Thanks in advance!
asummerell -
Ok, so apparently it just wanted me to create this topic in order to start working.
I had previously come across this link: https://forums.openvpn.net/viewtopic.php?t=33561 where the person had to go to http(s)://pfsense.router.ip.address/status_filter_reload.php to get things working again. Well I had tried that at the very beginning, but not again since reconfiguring the server settings on the one upgraded to pfSense 2.6.0. After writing the opening for the thread, I went back over my steps, and figured it couldn't hurt to run the filter reload again, even though I had been applying changes to the firewall filters during troubleshooting. As soon as I reloaded the filter, I began receiving pings from a LAN address on the internal network through OpenVPN that was a separate address from the pfSense box. The only other thing I additionally did was to add outbound NAT rules, specifically for my OpenVPN ranges to LAN, although automatic created the same rule plus more. I suspect this was the answer as typically you need some sort of a NAT to route through a firewall. However, there wasn't one setup in the previous config (pfSense 2.4.5-RELEASE-p1), so... Hopefully writing up this response will help someone (possibly even myself in the future) if they experience the same problem.