Hi,
I am using an OpenVPN to unite all controlled routers in one virtual private network (for management purposes). The problem is:
After upgrade to 19.7, suddenly, when openvpn-client connects to the server, it is setting default route to 10.8.0.1 (openvpn), but the openvpn-server is pushing:
route 10.8.0.0 255.255.255.0
ipv4 default 10.8.0.1 UGS 168 1500 ovpnc1 N**D_VPN
ipv4 8.8.8.8 192.168.0.1 UGHS 53 1500 bge1 WAN
ipv4 127.0.0.1 link#3 UH 1905 16384 lo0
ipv4 192.168.0.0/24 link#2 U 10857 1500 bge1 WAN
ipv4 192.168.0.3 link#2 UHS 0 16384 lo0
ipv4 192.168.1.0/24 link#1 U 27296 1500 bge0 LAN
ipv4 192.168.1.1 link#1 UHS 0 16384 lo0
ipv6 ::1 link#3 UH 0 16384 lo0
ipv6 fe80::%bge0/64 link#1 U 0 1500 bge0 LAN
ipv6 fe80::2e0:b6ff:fe15:fe9a%bge0 link#1 UHS 0 16384 lo0
ipv6 fe80::%bge1/64 link#2 U 0 1500 bge1 WAN
and before the upgrade everything was fine.
Other problem is when I disconnect from the openvpn server, opnsense does not restore the default route automatically, so I have to do it manually by navigating to the System->Routes->Configuration and press apply.
ipv4 8.8.8.8 192.168.0.1 UGHS 29 1500 bge1 WAN
ipv4 127.0.0.1 link#3 UH 1857 16384 lo0
ipv4 192.168.0.0/24 link#2 U 10833 1500 bge1 WAN
ipv4 192.168.0.3 link#2 UHS 0 16384 lo0
ipv4 192.168.1.0/24 link#1 U 26528 1500 bge0 LAN
ipv4 192.168.1.1 link#1 UHS 0 16384 lo0
ipv6 ::1 link#3 UH 0 16384 lo0
ipv6 fe80::%bge0/64 link#1 U 0 1500 bge0 LAN
ipv6 fe80::2e0:b6ff:fe15:fe9a%bge0 link#1 UHS 0 16384 lo0
ipv6 fe80::%bge1/64 link#2 U 0 1500 bge1 WAN
Openvpn-client ignores "route-nopull" and other options...
But, if I clone the openvpn-client configuration and trying to connect using cloned configuration and not assigned ovpncN interface, it works as expected!
ipv4 default 192.168.0.1 UGS 85 1500 bge1 WAN
ipv4 8.8.8.8 192.168.0.1 UGHS 172 1500 bge1 WAN
ipv4 10.8.0.1 link#11 UH 0 1500 ovpnc5 (<------ new unassigned interface)
ipv4 10.8.0.6 link#11 UHS 0 16384 lo0
ipv4 127.0.0.1 link#3 UH 1911 16384 lo0
ipv4 192.168.0.0/24 link#2 U 11413 1500 bge1 WAN
ipv4 192.168.0.3 link#2 UHS 0 16384 lo0
ipv4 192.168.1.0/24 link#1 U 29506 1500 bge0 LAN
ipv4 192.168.1.1 link#1 UHS 0 16384 lo0
ipv6 ::1 link#3 UH 0 16384 lo0
So, if the openvpn interface is not assigned in the Interfaces -> Assignments, then when openvpn-client enabled, it acts as expected. But if I assign the openvpn interface, then when openvpn-client enabled, acts as described at the beginning.
I have already upgraded successfully 20 machines before I found out what is going.
Edit: I finally fixed the problem: I removed all manually created entries in the System:Gateways:Single (there were a lot of unknown and duplicated entries for some reason????) and I set the "Upstream Gateway" option for the default interface (it was set previously). Then, I reassigned all interfaces again.