[Solved] OpenVPN bridging problem after upgrade to 2.1.4



  • Hello all,

    I had an OpenVPN bridge setup and working fine on 2.1.3, however after upgrading to 2.1.4 I'm only able to connect to the pfsense box over the vpn connection, the remote machines are unreachable.

    Any idea what might be causing this? I'm not sure what to look for in the logs.

    My setup is based mainly on this: https://forum.pfsense.org/index.php?topic=46984.0

    Also, not sure if it's worth pointing, but OpenVPN Tun connection works just fine.

    Thanks.



  • Not exactly….........but from what I have seen the upgrade has broken most OpenVPN cert's and keys.................

    Most that got it working after an Upgrade had to delete ALL the OpenVPN setup, Keys and Certificate and remake them.
    On your remote machine (if you didn't upgrade it also) you might get by with exporting the New Keys into the other Box.....
    Right now the Upgrade and OpenVPN don't seem to like each other very well.............



  • @saytar:

    Not exactly….........but from what I have seen the upgrade has broken most OpenVPN cert's and keys.................

    Most that got it working after an Upgrade had to delete ALL the OpenVPN setup, Keys and Certificate and remake them.
    On your remote machine (if you didn't upgrade it also) you might get by with exporting the New Keys into the other Box.....
    Right now the Upgrade and OpenVPN don't seem to like each other very well.............

    I've got the same issue as the OP.

    Upgraded from 2.1.3 to 2.1.4 (used the live upgrade feature - I should know better by now… sigh...)

    Can dial in and connect to OpenVPN (TUN) and it auths and the connection is made fine. I'm told i'm connected and given a 10.x ip address.

    All seems fine, HOWEVER I can't ping any host on my network either via DNS or IP... Traceroute's fail too...

    I tried recreating the connection with no luck, is it perhaps the advanced params that it's not pushing?

    e.g. I have:

    push "route 172.24.0.0 255.255.0.0";reneg-sec 7200

    and i'm not sure that that's being applied as I can't reach any machines...



  • @saytar:

    Not exactly….........but from what I have seen the upgrade has broken most OpenVPN cert's and keys.................

    Most that got it working after an Upgrade had to delete ALL the OpenVPN setup, Keys and Certificate and remake them.
    On your remote machine (if you didn't upgrade it also) you might get by with exporting the New Keys into the other Box.....
    Right now the Upgrade and OpenVPN don't seem to like each other very well.............

    Well that's not true, I have quite a number of 2.12 and 2.13 installs that I'm upgrading to 2.14.  All of them have OpenVPN with PKI and none of them have required any changes to the cert's and keys.  One box has 50+ certificates and they definitely did not require any changes after or during the upgrade.  These are all site-site with a smattering of Road Warrior links as well.



  • Finally fixed  :)

    It wasn't pfSense but VMware vSwitch that caused the problem, allowing the vSwitch to accept "Promiscuous Mode" fixed it (thanks to this post: http://serverfault.com/questions/549336/pfsense-2-1-openvpn-cant-reach-servers-on-the-lan)