Openvpn client and device routing

avi68

Re: Upgrade pfsense CE 2.7.0 to 2.7.1

I updated from 2.7.0 to 2.7.1 and noticed some weird issues relating to openvpn.

So I have a few openvpn clients with PIA VPN and after the update they all connected fine. I have certain devices that route through certain openvpn clients and I noticed that devices routed through one of my vpn clients were not getting any internet connection. I tried to resolve websites but nothing would resolve, I tried to ping google dns but no response. I can ping the pfsense box but getting out to the internet was not working. If I moved the device to one of my main openvpn clients (again a PIA vpn client) the internet would work on it. So certain openvpn clients were not allowing devices to connect to the internet.

After a lot of messing around I found that when running the diagnostic tools through pfsense the openvpn client was actually working fine as it was pinging out and resolving dns addresses. So there was an issue somewhere between pfsense and the client.

I have a few openvpn clients and I have disabled some of them as I don’t need them, when I do this I also disable the interface. Looks like 2.7.1 has an issue with disabled interfaces. If the disabled interface is above in the Nat rules, the enabled openvpn interfaces below don’t route to devices. (I hope this makes sense) I’ve never had this issue with 2.7.0. I’m not sure if this a is a bug? I’ve had to move the Nat rules around to get the devices connected to the vpn to work.

avi68

Just realised I made a mistake. I wanted to reply to a thread and I’ve ended up creating a new one. Seems like I can’t delete this either.