Messages

OpenVPN broken here, too. Tried the patch noted above.  Same issue.  Log entries:
Date
Severity
Process
Line
2024-12-04T20:51:00-08:00   Error   openvpn_client2   Cannot load CA certificate file /var/etc/openvpn/client2.ca (no entries were read)   
2024-12-04T20:51:00-08:00   Warning   openvpn_client2   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts   
2024-12-04T20:51:00-08:00   Warning   openvpn_client2   WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.   
2024-12-04T20:51:00-08:00   Warning   openvpn_client2   WARNING: using --pull/--client and --ifconfig together is probably not what you want   
2024-12-04T20:51:00-08:00   Warning   openvpn_client2   WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible   
2024-12-04T20:51:00-08:00   Warning   openvpn_client2   DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.   
2024-12-04T20:51:00-08:00   Warning   openvpn_client2   WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.   
2024-12-04T20:50:58-08:00   Error   openvpn_server1   Cannot load CA certificate file /var/etc/openvpn/server1.ca (no entries were read)   
2024-12-04T20:50:58-08:00   Warning   openvpn_server1   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Update: I created a new OpenPVN instance, seeing that the old one was marked legacy, exported the client file and now, all is well.  I also had to update the firewall rule to allow LAN visibility once I was in.

Thanks for your awesome work.

Compared my OpenVPN server settings to the OPNsense docs, unchecked "Dynamic IP" and "Address Pool" under Client Settings and all is well.  Why it worked before or why it stopped, I can't say.  But it works now.
Thanks.

Thank you for the quick reply but the interfaces seem to be named appropriately.  I'll keep digging as time permits and post logs, etc.

I recently migrated from a Fitlet2 to a SuperMicro X11SBA-LN4F/F platform.  I backed up my old config and restored on the new install.  Everything works except LAN access via OpenVPN.  I can still connect to the firewall via OpenVPN Android client but cannot access LAN devices.  I can't ping servers, SSH or view HTML.  When connected, I can browse the web and whatsmyip shows my home IP address.

There is no setting on the hardware side that seems relevant.  It feels like an OPNsense setting but I can't figure out why it worked before and not now.  Any thoughts on where to start?

Thanks.

I'll second the Fitlet2 recommendation.  Also using the J3455 model, paired with Ubiquiti for WiFi.

Another option to consider is the Fitlet2.  This is what I'm using for OPNsense.  https://www.amazon.com/fitlet-fitlet2-J3455-Barebone/dp/B078V6MT9D
More money than the link in your post, to be sure.
Differences between the CPUs:
http://cpuboss.com/cpus/Intel-J3455-vs-Intel-Celeron-J1800
The J3455 also has the AES instruction set which I wanted for OpenVPN.  The J1800 does not.
https://ark.intel.com/content/www/us/en/ark/products/78866/intel-celeron-processor-j1800-1m-cache-up-to-2-58-ghz.html
The Fitlet2 carries a 5-year warranty and their support has been excellent.
Quiet, runs cool and has been reliable.
Sounds like a commercial but just a happy home user, hoping it helps someone else.