OpenVPN stopped working after changing 1 of 2 ISPs [solved]


  • Currently clients can connect, the route shows up in windows under "route print" with the gateway of the OpenVPN tunnel, but it cannot pass any data (no response to pings of IP addresses server side).

    tracert selects the openvpn gateway correctly.

    Problem is likely with all client, ive only tried a few and none work so far.

    We did have 2 connections, one PPPoE and one static IP. The change has been the static IP and its ISP, we now have 2x PPPoE modems.

    These are load balanced and working well.

    We have 2 openvpn instances listening on port 1194 and 1195, these are listening on the localhost interface and there is a NAT/Rule on each interface to forward 1194/1195 to 127.0.0.1. This worked previously across both connections. I have tried disabling the one connection, making openvpn listen on one of the main interfaces without any luck. I have also been focusing on the original connection that hasn't changed just in case there is an issue with the ISP/Hardware on the new line.

    Our subnet here is 10.0.0.0/16 and the tunnel networks are 10.0.2.0/24 and 10.0.3.0/24

    I upped the debug log to 9 and can see these errors.

    openvpn[99774]: <username>/80.177.205.172:3082 GET INST BY VIRT: 10.0.2.2 -> <username>/<ipofremotehost>:3082 via 10.0.2.2

    Closest I can get online is here…
    https://openvpn.net/index.php/open-source/faq/79-client/317-qmulti-bad-source-address-from-client--packet-droppedq-or-qget-inst-by-virt-failedq.html
    ...but I am unsure of where to go from there as im not sure why openvpn wouldn't have an internal route suddenly.

    Whilst looking into this I went ahead and upgraded from 2.2 to 2.2.1.</ipofremotehost></username></username>


  • Our subnet here is 10.0.0.0/16 and the tunnel networks are 10.0.2.0/24 and 10.0.3.0/24

    Whatever worked previously must have been by luck. OpenVPN tunnel network should not overlap with any other local networks on your pfSense (or in your intranet).

    Change the tunnel networks to outside of 10.0.0.0/16 - e.g. make them 10.1.2.0/24 and 10.1.3.0/24

    Then if there is still a problem we can think further.


  • Making subnets arbitrarily huge is a mistake.


  • @phil.davis:

    Our subnet here is 10.0.0.0/16 and the tunnel networks are 10.0.2.0/24 and 10.0.3.0/24

    Whatever worked previously must have been by luck. OpenVPN tunnel network should not overlap with any other local networks on your pfSense (or in your intranet).

    Change the tunnel networks to outside of 10.0.0.0/16 - e.g. make them 10.1.2.0/24 and 10.1.3.0/24

    Then if there is still a problem we can think further.

    Well that sorted it, thanks. Must have been something odd in the set up for that static gateway.

    @kejianshi:

    Making subnets arbitrarily huge is a mistake.

    Noted, bit more work needs to be done on this network.