Author Topic: Problem after 17.1.1 Upgrade (Read 1921 times)

AndyX90 · « **on:** February 14, 2017, 08:14:27 pm »

Hi Guys,
i have a serious problem with OpenVPN after the upgrade to 17.1.1.
My OPNSense is acting as a OpenVPN-Client for Site2Site which is working normal after the Upgrade.
But the OpenVPN-Server for my "Road-Warrior-Connections" isn't working as it should.
Both are assigned to separate Interfaces.
I can connect to the Server via UDP, authenticate against OTP+Local Users and establish the connection.
But obviously the rules on the assigned interface are failing... (I have no rules on openvpn tab)

For example: I create one rule on (ovpn-server)interface: Proto TCP, Source Any, Dest. Lan Address, Port HTTPS
and i can't access the webinterface from within the VPN.
Server Settings: tun, UDP, topology, tunnel-network: 192.168.x.x/29, conc. connections: 3, pushed 3 routes to local/other networks.
On client side: everything seems ok. got correct ips on vpn-adapter, got correct routes pushed.
Any suggestions?

Thanks in advance.

AndyX90 · « **Reply #1 on:** February 15, 2017, 06:06:59 pm »

Okay, setting "sysctl net.pf.share_forward=0" solves the problem.
But after every reboot the option reverts to 1. Any solution for that?

fabian · « **Reply #2 on:** February 15, 2017, 06:32:48 pm »

create a tuneable which this setting

franco · « **Reply #3 on:** February 15, 2017, 09:57:37 pm »

We are circling back to using the default pf/ipfw behaviour with 17.1.2, with an additional GUI firewall setting for using the new behaviour.

That should be permanent enough and accommodate for both kinds of users/use cases.

Cheers,
Franco

Author Topic: Problem after 17.1.1 Upgrade (Read 1921 times)

AndyX90

Problem after 17.1.1 Upgrade

AndyX90

Re: Problem after 17.1.1 Upgrade

fabian

Re: Problem after 17.1.1 Upgrade

franco

Re: Problem after 17.1.1 Upgrade