OpenVPN and vlan routing on 2.1
leonfox last edited by
So recently after upgrading from PFsense version 2.0.3 to the latest 2.1 release last night an issue with OpenVPN has arrised and i have no idea how to fix it if im even able to fix it.
This is the situation:
We have a Vlan on our network 188.8.131.52/30 (Yes im well aware this subnet is now routed on the internet but doesnt have anything useful to us on it so thats not an issue for us nor as far as i can tell part of the problem) The main box which has a web server running on it has the address of 184.108.40.206 for easy remembering when connecting to the tunnel and accessing data from it. This is the ONLY network which OpenVPN users have access to. The OpenVPN network is 220.127.116.11/23 (Again i know this is now a subnet routed on the internet but still not the issue from what i can tell). All users are properly connecting and do have proper routes to PFsense from the tunnel.
Here is the issue that started after the upgrade (Remember everything was working perfectly fine before upgrading to 2.1 from 2.0.3) users can no longer contact the 18.104.22.168/30 subnet from the OpenVPN tunnel. When doing a packet capture of the OpenVPN interface i can see that its receiving data from users on the tunnel to the 22.214.171.124 address.
Sample data from the packet capture:
21:20:02.078324 IP 126.96.36.199.55771 > 188.8.131.52.80: tcp 0
21:20:02.279103 IP 184.108.40.206.55770 > 220.127.116.11.80: tcp 0
21:20:02.784277 IP 18.104.22.168.55771 > 22.214.171.124.80: tcp 0
21:20:02.785246 IP 126.96.36.199.55770 > 188.8.131.52.80: tcp 0
However after this data just disappears.. nothing in the firewall logs.. nothing on the 184.108.40.206/30 subnet when doing a capture there nor anything touching the box. From my main network in the 10.x.x.x/23 range i CAN ping a client that is connected to the tunnel for example from the computer im typing this post on i can successfully ping 220.127.116.11 and get proper replies from it. Here is the kicker i found if i reload PF from Status > Filter reload all clients on the OpenVPN side of things can successfully pass traffic to 18.104.22.168 for a short while usually no longer then 5 minutes then it all stops working again until i do a filter reload which still stops after a short time. Please help! Thanks in advance.