Pfsense 1.2.3 to 2.0 RC3 upgrade "breaks" OpenVPN



  • I've been running pfsense 1.2.3 stable for several weeks now without issue.  Have had OpenVPN up and running between pfsense and my laptop + iPad while traveling.  Loved it.  However I've encountered issues when attempting to second Intel NIC for OPT1 which prompted me to upgrade (not clean install) to 2.0 RC3.  While I absolutely love 2.0 RC3, I immediately realized that OpenVPN no longer worked.  It did attempt to preserve my 1.2.3 settings though clearly something was incorrectly configured.  I then followed a URL on road warrior setup on 2.0 RC1 (close enough), generating new keys via the 2.0 RC3 webui, etc.  The process was smooth and straight-forward, but ultimately, no client is able to connect to the pfsense 2.0 RC3 openVPN.  it behaves as if NAT/rules do not exist or appears to ignore them altogether.  If I downgrade back to 1.2.3, everything works fine.

    Has anyone else experienced this?  Is there a way (or need) to purge the OpenVPN config altogether?  Even deleting OpenVPN settings from within 2.0 RC3 doesn't seem to truly delete them.  When I attempt to re-try, my existing settings are visible within the wizard.

    Am trying to avoid doing a clean install of 2.0 RC3 if it can be avoided so that I don't lose 90% of my working settings creating more work.

    Thanks everyone for your support.


  • Rebel Alliance Developer Netgate

    OpenVPN should upgrade cleanly. It has every time I have run an upgrade, for road warriors or otherwise.

    We'd need a lot more information to help in any meaningful way.

    • Anything in the firewall log that showed it being blocked?
    • OpenVPN log from the server
    • OpenVPN log from the client
    • Screenshots/details of the config in 2.0 (and 1.2.3 to compare would be helpful)
    • [anything else you can think of…]


  • Hi Jimp, thanks for your response.  To be safe, I opted to do a clean install of 2.0 RC3 yesterday as 1.2.3 STABLE wasn't supporting my 2nd network card either (which 2.0 RC3 does).  Upon performing a clean install of 2.0 RC3 and creating the appropriate CA, server and user certificates (within the webUI), everything appears to be working as hoped.  Even the auto-creation of Firewall/NAT rules within the wizard were 100% painless and operational.  Somehow the 1.2.3 to 2.0 RC3 upgrade process was causing issues.  In the end, however I love 2.0 RC3, the feature set, hardware compatibility, web UI, dashboard, etc. so I was determined to update to 2.0 RC3 no matter what it took.

    Do you recommend upgrading 2.0 RC3 to each subsequent build as they're released daily?  I've noticed my 2.0 RC3 dashboard updating to notify me when updates are available even within the same day.

    Thanks again.


  • Rebel Alliance Developer Netgate

    I recommend only upgrading periodically, not every day. The usual mantra is "if it isn't broke, don't fix it" but keeping somewhat current (within a week or so, or a few days) is good to make sure that things are still working for you properly.



  • I'm having the same problem.  On the OpenVPN Status page, I get this…

    When I removed management from the advanced configuration at the bottom of the vpn configuration, it breaks the VPN altogether.  HELP!


  • Rebel Alliance Developer Netgate

    That suggests that either your VPN is not running at all or your management declaration is still there.

    Removing the management bits from advanced is not likely to be the reason it's breaking - they must be removed or the status will not be properly reported. What else is in your advanced options?



  • The VPN is running because I can connect and so can everyone else who uses it.  Here's a little bit of my advanced config….

    management 127.0.0.1 8080; push "route xxx.xx.8.0 255.255.248.0"; push "route xxx.xx.0 255.254.0.0"; push "route xxx.xx.14.0 255.255.255.0";

    When I took "management" out, I was unable to connect to the VPN and so were others in the office.  I'm running pfSense 2.0 Release.


  • Rebel Alliance Developer Netgate

    Did you take out the whole command?

    Remove this part:

    management 127.0.0.1 8080;
    

    So it's just:

    push "route xxx.xx.8.0 255.255.248.0"; push "route xxx.xx.0 255.254.0.0"; push "route xxx.xx.14.0 255.255.255.0";
    


  • That was it!  WOOT!  You are the MAN or WOMAN! LOL  Thanks a lot!


Log in to reply