OPNsense Forum

Archive => 24.7, 24.10 Legacy Series => Topic started by: sebazz on October 29, 2024, 11:05:54 PM

Title: blackhole routing vs openvpn not working
Post by: sebazz on October 29, 2024, 11:05:54 PM
I am fairly new to opnsense but not to networking, nevertheless this is my first post.

A while ago i've added blackhole routes using this thread: https://forum.opnsense.org/index.php?topic=34190.0
That did work ok, i think...

I discovered recently that my OpenVPN did not forward traffic anymore. I did see DNS queries on the VPN interface but no traffic. In all that time i did upgrade to the latest Opnsense but did not test the VPN.
I've tried rebuilding configs etc but that did not work.

My VPN range consists of the 192.168.99.0/24 subnet.
I discovered today that the VPN traffic started working again by disabling this blackhole route: 192.168.0.0/16

So now i am confused, as far as i know the most specific route will win.
So routing to null for 192.168.0.0/16 would be overruled by the specific subnet 192.168.99.0/24.

But that network will only be "up" when a VPN connection is made.
So maybe the "injection" of the vpn network route when using a blackhole route does not work or the specific subnet does not overrule the larger subnet?

Can anyone comment on this? Do I misinterpret something or is it a bug?

Opnsense version 24.7.7
Openvpn version 2.6.12

cheers,
Sebas


*******************
Update:
*******************
I found some articles
- https://docs.opnsense.org/troubleshooting/openvpn.html
- https://docs.opnsense.org/manual/firewall.html
- https://forum.opnsense.org/index.php?topic=15047.0
- https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/assign.html

But all the config looked corrupt as firewall rules were moved to the OpenVPN rules instead of my instance rules.
So i started to delete ALL OpenVPN config and rebuild it.
Then disabled the created OpenVPN gateway.

Then all started working.

Still however confused it did work without the blackhole route and stopped with the blackhole route :S


Title: Re: blackhole routing vs openvpn not working
Post by: sebazz on May 21, 2025, 12:05:32 PM
Unfortunately the issue is still there.
I am running OPNsense 25.1.7_2-amd64


The openvpn config:
local network: 192.168.1.0/24
remote network: 192.168.99.0/24
redirect gateway: default

route configuration:
- 192.168.0.0/16   Null4 - 127.0.0.1   Blackhole route for RFC6890

When connecting with the openvpn client, no traffic is allow from the client to the pushed local network.
I have to disable the null route and enable it again, then it works.

Help :)