Openvpn stops working but clients can still connect.
I have pfsense (2.0.1) openvpn setup and working correctly but I have now experienced twice that the service will be running, and clients can connect and get an address via dhcp, but it appears that the routes are no longer working.
I see the client getting the routes but I can't ping or access anything on the new network.
In this example my home network is a 192.68 and the work network is 10.64 so it's not an ip space conflict as far as I can tell.
Logging into the pfsense machine and restarting the openvpn service fixes the issue and clients can reconnect and routes work as expected.
Did you get anywhere with this? Seeing similar.
Unfortunatly i am experiencing the same issue…
While all looks ok it somehow still breaks somewhere on the pfsense machine running the openvpn server.
The only thing i know to get it working during my testing is to enable 'Route all traffic through tunnel' as we push certain subnets over the openvpn tunnel, that is not an option... for all other traffic it should still use the client's own internet connection.
The funny thing is that a pfsense router set up as a client can still connect and all of IT's connections get routed correctly ... which adds to the confusion... Android devices using FEAT VPN app can connect but are unable to route through the tunnel regardless of the server's configuration...
The thing we changed to get this situation is create a second server on the same PORT but on another proto.
Port 1194 TCP -> 10.0.16.0/24 Shared key + user auth
Port 1194 UDP -> 10.0.128.0/24 PKI auth + user auth
However if we disable the TCP server nothing changes, even when we disable its interface after shutting the server down.
The TCP server however is working as expected and without problems... the problems are only on the UDP server ... ???
--- UPDATE ---
After i disabled the TCP server and moved the UDP server over to TCP traffic... it all mysteriously started working ... ??? ??? ???
Still an issue for us. This is a UDP connection as well.
I may try swapping to TCP to see if it persists any better.