OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: AndyX90 on February 14, 2017, 08:14:27 pm

Title: Problem after 17.1.1 Upgrade
Post by: AndyX90 on February 14, 2017, 08:14:27 pm

Hi Guys,
i have a serious problem with OpenVPN after the upgrade to 17.1.1.
My OPNSense is acting as a OpenVPN-Client for Site2Site which is working normal after the Upgrade.
But the OpenVPN-Server for my "Road-Warrior-Connections" isn't working as it should.
Both are assigned to separate Interfaces.
I can connect to the Server via UDP, authenticate against OTP+Local Users and establish the connection.
But obviously the rules on the assigned interface are failing... (I have no rules on openvpn tab)

For example: I create one rule on (ovpn-server)interface: Proto TCP, Source Any, Dest. Lan Address, Port HTTPS
and i can't access the webinterface from within the VPN.
Server Settings: tun, UDP, topology, tunnel-network: 192.168.x.x/29, conc. connections: 3, pushed 3 routes to local/other networks.
On client side: everything seems ok. got correct ips on vpn-adapter, got correct routes pushed.
Any suggestions?

Thanks in advance.

Title: Re: Problem after 17.1.1 Upgrade
Post by: AndyX90 on February 15, 2017, 06:06:59 pm

Okay, setting "sysctl net.pf.share_forward=0" solves the problem.
But after every reboot the option reverts to 1. Any solution for that?

Title: Re: Problem after 17.1.1 Upgrade
Post by: fabian on February 15, 2017, 06:32:48 pm

create a tuneable which this setting

Title: Re: Problem after 17.1.1 Upgrade
Post by: franco on February 15, 2017, 09:57:37 pm

We are circling back to using the default pf/ipfw behaviour with 17.1.2, with an additional GUI firewall setting for using the new behaviour.

That should be permanent enough and accommodate for both kinds of users/use cases. :)


Cheers,
Franco