OpenVPN and vlan routing on 2.1



  • So recently after upgrading from PFsense version 2.0.3 to the latest 2.1 release last night an issue with OpenVPN has arrised and i have no idea how to fix it if im even able to fix it.

    This is the situation:
    We have a Vlan on our network 1.1.1.0/30 (Yes im well aware this subnet is now routed on the internet but doesnt have anything useful to us on it so thats not an issue for us nor as far as i can tell part of the problem) The main box which has a web server running on it has the address of 1.1.1.1 for easy remembering when connecting to the tunnel and accessing data from it. This is the ONLY network which OpenVPN users have access to. The OpenVPN network is 1.1.2.0/23 (Again i know this is now a subnet routed on the internet but still not the issue from what i can tell). All users are properly connecting and do have proper routes to PFsense from the tunnel.

    The issue:
    Here is the issue that started after the upgrade (Remember everything was working perfectly fine before upgrading to 2.1 from 2.0.3) users can no longer contact the 1.1.1.0/30 subnet from the OpenVPN tunnel. When doing a packet capture of the OpenVPN interface i can see that its receiving data from users on the tunnel to the 1.1.1.1 address.

    Sample data from the packet capture:
    21:20:02.078324 IP 1.1.2.6.55771 > 1.1.1.1.80: tcp 0
    21:20:02.279103 IP 1.1.2.6.55770 > 1.1.1.1.80: tcp 0
    21:20:02.784277 IP 1.1.2.6.55771 > 1.1.1.1.80: tcp 0
    21:20:02.785246 IP 1.1.2.6.55770 > 1.1.1.1.80: tcp 0

    However after this data just disappears.. nothing in the firewall logs.. nothing on the 1.1.1.0/30 subnet when doing a capture there nor anything touching the box. From my main network in the 10.x.x.x/23 range i CAN ping a client that is connected to the tunnel for example from the computer im typing this post on i can successfully ping 1.1.2.6 and get proper replies from it. Here is the kicker i found if i reload PF from Status > Filter reload all clients on the OpenVPN side of things can successfully pass traffic to 1.1.1.1 for a short while usually no longer then 5 minutes then it all stops working again until i do a filter reload which still stops after a short time. Please help! Thanks in advance.


Log in to reply