Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.1 to 2.15 - OpenVPN Tunnel up - but cannot pass traffic since upgrade

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greycloud
      last edited by

      Background, I have had a pfSense 2.1 router running for a while now in a VM - with traffic routed over OpenVPN to a popular provider.

      Wanting to upgrade to the latest version 2.1.5 in readiness for a server upgrade.  Rather than risk my existing setup, I created a clone of my existing VM - did a fresh install of 2.1.5 and restored my config.  I found my lan routing worked fine, but was not routing traffic over the VPN as it was before.

      After many, many hours trying to trouble shoot the issue I simply could not pass any traffic over the established OpenVPN tunnel.  Getting no where - I did another fresh install and started from scratch step by step, proving I had routing out to the WAN then setting up the OpenVPN client, and then once that was confirmed and up then attempting to route traffic over it.  Used this great tutorial https://forum.pfsense.org/index.php?topic=76015.0

      But still nothing, a real puzzle - and its affecting my sleep now !! LOL

      Logs show vpn is up - getting no errors - and getting the "Initialization Sequence Completed" - get an ip etc.  If I amend my lan rule to route through to my WAN all working fine, but simply route to the VPN and all fails.

      From the pfsense box I can ping the assigned gateway the other side of the tunnel, yet I cannot ping any other address.

      My old setup works fine still - so cannot blame my vpn provider.

      I need some help in diagnosing this further - as far as I can tell the only change is the move from pfsense 2.1 to 2.15

      Please help my sanity! :-)

      GC

      1 Reply Last reply Reply Quote 0
      • G
        greycloud
        last edited by

        Update  I have now got the OpenVPN working to pass traffic but still left with my original issue.

        In pfsense 2.1 I used a URL  alias and LAN rules for example to point traffic to openVPN - this has been working fine for over a year.

        Restoring the same config onto 2.1.5 and this is not working - seems to pass to the wrong gateway not OpenVPN as specified.  I can see this by watching spikes on the traffic graphs.  Changing the rule to a block rule blocks those sites, suggesting the rule is working on the alias correctly - but as a pass rule does not send to the correct interface.

        Does anyone know of any issues restoring a config from an earlier version?

        Many thanks

        GC

        1 Reply Last reply Reply Quote 0
        • G
          greycloud
          last edited by

          Update 2

          Some further progress - purely by chance I unchecked "Skip rules when gateway is down" and I have now got back the behavior expected with LAN policy rules being followed.

          I set this rule so that traffic was NOT sent to the default gateway when the openvpn link is down - this worked fine in 2.1 but the behavior here has changed.

          Also, I have a dual openvpn setup, that was nicely load balanced - in this latest version only one of the VPN links is ever used with all the connections going out on the one link.

          I am struggling to take this further without some help.  Will revert to previous VM for now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.