Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense upgrade from 2.6.0 to 2.7.0

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 637 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jllerk
      last edited by

      Subject:
      After upgrading Pfsense from 2.6.0 to 2.7.0 via the update arrows on the home page, the correct ip and subnet mask are not properly pushed to the routing table.

      Description:

      photo_2023-11-17_11-31-42.jpg

      During the initialization sequence a warning pops up stating (You are using something (255.255.255.248) that looks more like a netmask.

      photo_2023-11-17_11-51-46.jpg

      When we look in the routing table you can see the ip 10.10.10.42 has been overwritten with 255.255.255.248
      On restart of the Openvpn tunnel this ip will be overwritten and the tunnel will be unusable.
      Current mitigation is to manually overwrite the netmask at the ip location with the ip and netmask at the netmaskt location in the CLI, because the webinterface overwrites it.

      This is a workaround and if the tunnel is reinstated in the webbrowser it will result in the same issue.

      Please be advised that I try to post this in the OpenVPN section, but I do not have enough reputation and my post is thereafter blocked by Akismet.com. The level of not being able to post is very high.

      Kind regards,
      Jeffrey E

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Is that an SSL client where the IP and netmask is passed by the server?

        It looks like it's trying to apply an IP+netmask as just the IP as though the field data is wrong. Do you have access to the server side?

        1 Reply Last reply Reply Quote 0
        • J
          jllerk
          last edited by

          stephenw10 thanks for your reply.

          Both printscreens are serversided, the first picture is the openvpn log:
          Status -> System Logs -> openvpn
          The second picture is the ipv4 route table of the interfaces
          Diagnostics -> Routes

          Marked in yellow you can see that the destination address (ip on the left) has become the netmask ip.
          When the tunnel is started the starting sequence in the webinterface overwrites the correct destination ip with the netmask for some reason.

          I hope this clarifies the issue a bit.

          Kind regards,
          Jeffrey

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The error show is on ovpnc3, an OpenVPN client. So not the server instance there.

            J 1 Reply Last reply Reply Quote 0
            • J
              jllerk @stephenw10
              last edited by

              @stephenw10 The client is another pfsense that acts as client connecting to this server. When this connection is set up. The route isn't set properly on the server side at the 2.7.0 server side.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                ovpnc3 is a client interface. It would be named ovpns3 if it were a server.

                However the issue here is probably because one side is set as net30 topology and the other side is set as subnet. Both should be subnet in recent versions of OpenVPN really. Net30 is the older default.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.