• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN interfaces cannot be set as usable gateways

Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
19 Posts 7 Posters 6.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    Guest
    last edited by Jan 7, 2013, 7:33 PM

    The actual interface does not have an IP set (set to "none"). The OpenVPN instance does negotiate an IP address (See attached). The OpenVPN client is configured as a "Peer to Peer (SSL/TLS)" in tunnel mode, so it is a /30 as well. In the openVPN logs I see the gateway as 10.9.1.1.  ifconfig -a shows
    ovpnc2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
    options=80000 <linkstate>inet6 fe80::4e02:89ff:fe0a:a548%ovpnc2 prefixlen 64 scopeid 0x13
    nd6 options=1 <performnud>Opened by PID 88995

    Something I just noticed, under "Diagnostics: Routing tables", I do not see any entries for the ovpnc2 interface.

    ![pfSense OpenVPN Status.PNG](/public/imported_attachments/1/pfSense OpenVPN Status.PNG)
    ![pfSense OpenVPN Status.PNG_thumb](/public/imported_attachments/1/pfSense OpenVPN Status.PNG_thumb)</performnud></linkstate></up,pointopoint,running,multicast>

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jan 7, 2013, 8:09 PM

      edit/save that VPN and let it reconnect, see if the interface gets an IP then.

      There is no IP in ifconfig, so the function the gateway uses to determine the interface IP doesn't find it.

      If you edit/save/apply the interface (even if it's set to none) it will stomp on the IP settings and the VPN needs a kick.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • X
        xbipin
        last edited by Jan 8, 2013, 6:40 AM

        same issue for me, when i create a fresh rule, i see the openvpn gateway in list, when i try to edit it doesnt show, this is since long, i also mentioned my findings in redmine but its still same

        CropperCapture[1].jpg
        CropperCapture[1].jpg_thumb
        CropperCapture[3].jpg
        CropperCapture[3].jpg_thumb

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by Jan 8, 2013, 10:56 AM

          I just put a fix in: https://github.com/bsdperimeter/pfsense/commit/d9ce908f28c849b5cfffea5f1512bdd486c27d79
          It makes the OpenVPN interface gateways that match the IP protocol of the rule, appear in the dropdown when the rule is being edited.
          In the next snapshot (or do GitSync or whatever to get this little change), please try it out.
          It is only a GUI code change, doesn't effect whether the subsequent routing actually gets implemented correctly. If there are other issues with the policy-based routing rule actually being actioned correctly under-the-hood, then let us know about that also. The OP had mentioned:

          and nothing is actually routed out that gateway

          Which makes me think there might also be an issue with the under-the-hood implementation of the rule?

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • X
            xbipin
            last edited by Jan 8, 2013, 11:39 AM

            for me, when i create the rule and add the openvpn gateway and save, packets do route through it, no issues there, only thing was while editing the gateway disappeared

            1 Reply Last reply Reply Quote 0
            • X
              xbipin
              last edited by Jan 8, 2013, 11:44 AM

              @phil.davis:

              I just put a fix in: https://github.com/bsdperimeter/pfsense/commit/d9ce908f28c849b5cfffea5f1512bdd486c27d79
              It makes the OpenVPN interface gateways that match the IP protocol of the rule, appear in the dropdown when the rule is being edited.
              In the next snapshot (or do GitSync or whatever to get this little change), please try it out.
              It is only a GUI code change, doesn't effect whether the subsequent routing actually gets implemented correctly. If there are other issues with the policy-based routing rule actually being actioned correctly under-the-hood, then let us know about that also. The OP had mentioned:

              and nothing is actually routed out that gateway

              Which makes me think there might also be an issue with the under-the-hood implementation of the rule?

              i tried the patch manually and it does now show the openvpn gateway in list while editing and routes also fine

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by Jan 8, 2013, 11:21 PM

                @phil.davis:

                The OP had mentioned:

                and nothing is actually routed out that gateway

                Which makes me think there might also be an issue with the under-the-hood implementation of the rule?

                What I meant was the OpenVPN server instance only serves client PCs, and doesn't connect to any networks. It works as it is supposed to. The OpenVPN client instance is the one that doesn't show up in the firewall rules. I don't know if there are any routing issues since I haven't been able to use it as a gateway yet  :) . I will try the latest snapshot tomorrow and report if it works or not.

                1 Reply Last reply Reply Quote 0
                • ?
                  Guest
                  last edited by Jan 9, 2013, 7:19 PM

                  I upgraded to the snapshot Built On: Wed Jan  9 07:10:11 EST 2013. The gateway now shows up in the firewall rules, though it still shows up as "Dynamic".

                  The interface does show up in the routing table, and ifconfig -a shows
                  ovpnc2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
                  options=80000 <linkstate>inet6 fe80::4e02:89ff:fe0a:a548%ovpnc2 prefixlen 64 scopeid 0x13
                  inet 10.9.1.90 –> 10.9.1.89 netmask 0xffffffff
                  nd6 options=3 <performnud,accept_rtadv>Opened by PID 9794</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

                  However, I cannot route anything through that gateway. I can ping through it just fine using the pfsense ping tool, but none of the PCs using it as a gateway can ping outside the network. I am not seeing anything unusual in the logs.

                  1 Reply Last reply Reply Quote 0
                  • F
                    fragged
                    last edited by Jan 9, 2013, 7:27 PM

                    Outbound NAT rule missing?

                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest
                      last edited by Jan 9, 2013, 8:23 PM

                      Yep, that was it. Its all working now. Thank-you all for for your help, this had been a big issue for me for a long time!

                      1 Reply Last reply Reply Quote 0
                      19 out of 19
                      • First post
                        19/19
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received