OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: peppersass on November 21, 2018, 05:05:07 am
-
Before I get into my strange problems with OpnVPN in 18.7.x, the urgent thing I need to know is how to back up to 18.1.13. The download mirrors only have the latest 18.7 version. Where are the legacy versions?
Unfortunately, I’m not sure in which 18.7.x release my problems with OpnVPN started, and I’m not sure exactly which release I popped into when I updated from 18.1. I’m not even sure which 18.1 release I updated from. I hadn’t checked the update status for a few months because all was working we’ll, and when I updated I didn’t note the current and new versions. I probably came from something like 18.1.11 and went to 18.7.6, then updated to 18.7.7 not long after.
Anyway, here are the strange things I’ve seen:
- OpnVPN client randomly stops without warning. The only way I know it’s stopped is if I happen to notice a client that’s supposed to be on the VPN has the ISP IP address instead of the VPN IP address. Sometimes the OpnVPN client won’t restart, and it’s because it gets an error due to the tunnel still being open (i.e., the crash, or whatever it is, leaves the tunnel open.) I can temporarily fix it by running OpenVPN with a different client config (i.e., a different server offered by the VPN service), or I can reboot OpnSense.
- I use a VLAN to route some clients and their DNS requests to the VPN. The “VPN” VLAN is assigned to the client depending on which smart switch port it’s plugged into or which wireless network it’s on. This has worked fine for a long time. After I updated to 18.7.6 or 18.7.7, random clients on the LAN (not the VPN VLAN) would have their DNS requests sent through the VPN instead of the ISP. In some cases, their IP address would stil be the ISP, but in other cases their IP would be the VPN. I think this problem started when I put in a firewall rule passing the static IP address for a LAN printer to clients on the VPN VLAN in an attempt to get clients to be able to discover the printer. When I removed the rule, the problem seemed to go away. But there was nothing about the rule that should have caused this behavior. It’s possible the rule had nothing to do with it, but removing the rule reset the firewall.
- Before I describe the next problem, be advised that I’ve never been able to get IPV6 to work with the VPN, though it is supported by the VPN and works via their OpnVPN client on IOS and WINDOWS. I wasn’t able to get it to work on pfSense, either, even after spending many hours trying, and consulting both the VPN tech support and pfSense forum members. Basically each said the other’s platform “doesn’t do it right”, and I got nowhere. Note that IPV6 works fine in OpnSense through my Comcast ISP.
- The last straw happened tonight. I couldn’t get to any websites on a client connected to the wireless network on the LAN. When I checked the client’s IPV4 address, it was a VPN IP, when it should have been an ISP IP, and it had an ISP IPV6 address! Never saw that before - IPV4 going through the VPN, even though it should have gone through the ISP, and IPV6 going through the ISP. Bizarre.
Did I mention that none of these things happened prior to 18.7.x, and that my configuration hasn’t changed since I updated from 18.1.x?
My sense from reading the thread about OpnVPN firewall rules no longer working in 18.7.x is that OpnVPN is seriously messed up in 18.7.x.
I can’t wait for these bugs to get fixed, so I’d like to back up to 18.1.13. I assume that can’t be done in place and requires downloading a new image and doing a clean install. But the mirrors don’t have any images prior to the current one. Where are the legacy versions????