Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] OpenVPN bridging problem after upgrade to 2.1.4

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dev667
      last edited by

      Hello all,

      I had an OpenVPN bridge setup and working fine on 2.1.3, however after upgrading to 2.1.4 I'm only able to connect to the pfsense box over the vpn connection, the remote machines are unreachable.

      Any idea what might be causing this? I'm not sure what to look for in the logs.

      My setup is based mainly on this: https://forum.pfsense.org/index.php?topic=46984.0

      Also, not sure if it's worth pointing, but OpenVPN Tun connection works just fine.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • S
        saytar
        last edited by

        Not exactly….........but from what I have seen the upgrade has broken most OpenVPN cert's and keys.................

        Most that got it working after an Upgrade had to delete ALL the OpenVPN setup, Keys and Certificate and remake them.
        On your remote machine (if you didn't upgrade it also) you might get by with exporting the New Keys into the other Box.....
        Right now the Upgrade and OpenVPN don't seem to like each other very well.............

        “An armed society is a polite society. Manners are good when one may have to back up his acts with his life.”

        “Ignorance is curable, stupid is forever.”
        ― Robert A. Heinlein, Beyond This Horizon

        1 Reply Last reply Reply Quote 0
        • J
          jsheed_sa
          last edited by

          @saytar:

          Not exactly….........but from what I have seen the upgrade has broken most OpenVPN cert's and keys.................

          Most that got it working after an Upgrade had to delete ALL the OpenVPN setup, Keys and Certificate and remake them.
          On your remote machine (if you didn't upgrade it also) you might get by with exporting the New Keys into the other Box.....
          Right now the Upgrade and OpenVPN don't seem to like each other very well.............

          I've got the same issue as the OP.

          Upgraded from 2.1.3 to 2.1.4 (used the live upgrade feature - I should know better by now… sigh...)

          Can dial in and connect to OpenVPN (TUN) and it auths and the connection is made fine. I'm told i'm connected and given a 10.x ip address.

          All seems fine, HOWEVER I can't ping any host on my network either via DNS or IP... Traceroute's fail too...

          I tried recreating the connection with no luck, is it perhaps the advanced params that it's not pushing?

          e.g. I have:

          push "route 172.24.0.0 255.255.0.0";reneg-sec 7200

          and i'm not sure that that's being applied as I can't reach any machines...

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            @saytar:

            Not exactly….........but from what I have seen the upgrade has broken most OpenVPN cert's and keys.................

            Most that got it working after an Upgrade had to delete ALL the OpenVPN setup, Keys and Certificate and remake them.
            On your remote machine (if you didn't upgrade it also) you might get by with exporting the New Keys into the other Box.....
            Right now the Upgrade and OpenVPN don't seem to like each other very well.............

            Well that's not true, I have quite a number of 2.12 and 2.13 installs that I'm upgrading to 2.14.  All of them have OpenVPN with PKI and none of them have required any changes to the cert's and keys.  One box has 50+ certificates and they definitely did not require any changes after or during the upgrade.  These are all site-site with a smattering of Road Warrior links as well.

            -jfp

            1 Reply Last reply Reply Quote 0
            • D
              dev667
              last edited by

              Finally fixed  :)

              It wasn't pfSense but VMware vSwitch that caused the problem, allowing the vSwitch to accept "Promiscuous Mode" fixed it (thanks to this post: http://serverfault.com/questions/549336/pfsense-2-1-openvpn-cant-reach-servers-on-the-lan)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.