OPNsense Forum
Archive => 23.1 Legacy Series => Topic started by: JohnDoe17 on May 18, 2023, 09:31:01 pm
-
I've got the firewall configured as an OpenVPN *client* to connect to an OpenVPN server that I can then selectively route traffic outbound through the firewall to.
This is working great on my 22.7.11_1 firewall.
But on the firewall that I upgraded to 23.1.7_3, the OpenVPN client doesn't seem to be getting a gateway address from the OpenVPN server like it should (and like my other one does).
I didn't see anything obviously related in the OpenVPN log files...
Any ideas?
-
I'm not seeing it on mine, but there have been reports of some gateway issues. OpenVPN gateway behaviour has changed, but if anything, it is arguable that it is now working as intended. I think the root cause is still perhaps somewhat ambiguous, and might not be caused by OpenVPN but by some other OPNsense component.
In your client configuration are you using --redirect-gateway def1 or similar?
Are you being PUSHed redirect-gateway def1 or similar by the server (check the log with client verbosity level set to 4+)?
Under Tunnel Settings, do you have the options Don't pull routes or Don't add/remove routes checked?
If you are being PUSHed redirect-gateway def1 or similar, you might want to check Don't add/remove routes and retest...
-
Hi, benyamin.
Thank you for your response.
No, the configuration doesn't use --redirect-gateway def1 or similar.
I'm not being pushed anything like that either. (I control both ends of the OpenVPN tunnel, and nothing has changed on the server side.)
Don't pull routes and Don't add/remove routes are both unchecked.
Can you tell me more about OpenVPN gateway behaviour has changed, but if anything, it is arguable that it is now working as intended.
?
-
I described some changes I observed in client behaviour here (https://forum.opnsense.org/index.php?topic=33890.msg164439#msg164439). Given @Sakata_T's contribution to that thread, I am minded to consider root causes not related to OpenVPN.
Although this noteworthy recent topic (https://forum.opnsense.org/index.php?topic=33831.0) is perhaps unrelated, @Franco's contribution (beginning page 2) re troubleshooting might be beneficial to you.
That being said, if your server is not OPNsense too, perhaps it could be an incompatibility issue between your client and server now that OPNsense has moved to OpenVPN v2.6. What are you running on the server?
-
Does your server set gateway options via --server or --server-bridge..? I would expect it does. Are you using --topology subnet too...? These usually PUSH a --route-gateway option.
If using --server-bridge (without arguments), there could be a problem with DHCP. If using --server-bridge nogw, the gateway will not be pushed at all.
You could try a --route-gateway <gateway> with your client or push "route-gateway <gateway>" from your server, and see if that resolves your issue. If so, you could troubleshoot your server configuration to see if one of the issues above apply. It's possible that your server has been making use of a client bug, but without further troubleshooting it is not possible to determine where such a bug might be hiding...