OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Problem after 17.1.1 Upgrade
« previous next »
  • Print
Pages: [1]

Author Topic: Problem after 17.1.1 Upgrade  (Read 2929 times)

AndyX90

  • Jr. Member
  • **
  • Posts: 55
  • Karma: 2
    • View Profile
Problem after 17.1.1 Upgrade
« on: February 14, 2017, 08:14:27 pm »
Hi Guys,
i have a serious problem with OpenVPN after the upgrade to 17.1.1.
My OPNSense is acting as a OpenVPN-Client for Site2Site which is working normal after the Upgrade.
But the OpenVPN-Server for my "Road-Warrior-Connections" isn't working as it should.
Both are assigned to separate Interfaces.
I can connect to the Server via UDP, authenticate against OTP+Local Users and establish the connection.
But obviously the rules on the assigned interface are failing... (I have no rules on openvpn tab)

For example: I create one rule on (ovpn-server)interface: Proto TCP, Source Any, Dest. Lan Address, Port HTTPS
and i can't access the webinterface from within the VPN.
Server Settings: tun, UDP, topology, tunnel-network: 192.168.x.x/29, conc. connections: 3, pushed 3 routes to local/other networks.
On client side: everything seems ok. got correct ips on vpn-adapter, got correct routes pushed.
Any suggestions?

Thanks in advance.
« Last Edit: February 15, 2017, 06:57:04 am by AndyX90 »
Logged

AndyX90

  • Jr. Member
  • **
  • Posts: 55
  • Karma: 2
    • View Profile
Re: Problem after 17.1.1 Upgrade
« Reply #1 on: February 15, 2017, 06:06:59 pm »
Okay, setting "sysctl net.pf.share_forward=0" solves the problem.
But after every reboot the option reverts to 1. Any solution for that?
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Problem after 17.1.1 Upgrade
« Reply #2 on: February 15, 2017, 06:32:48 pm »
create a tuneable which this setting
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13695
  • Karma: 1177
    • View Profile
Re: Problem after 17.1.1 Upgrade
« Reply #3 on: February 15, 2017, 09:57:37 pm »
We are circling back to using the default pf/ipfw behaviour with 17.1.2, with an additional GUI firewall setting for using the new behaviour.

That should be permanent enough and accommodate for both kinds of users/use cases. :)


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Problem after 17.1.1 Upgrade
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2