Show Posts
1
Virtual private networks / Re: Questions to Migrate OpenVPN Servers legacy to Instances New
« on: August 31, 2024, 06:17:30 pm »
I recently migrated from the "legacy" OpenVPN client configuration to the "instance" one.
I'm not skilled enough to give a valuable opinion about which one is best. However since migrating I'm having a strange issue, that I believe could be because of the "Bind address" mentioned earlier in this thread.
I'm playing with multiple OpenVPN and Wiregard clients; most of them are in use at random times during the day and I strongly suspect some connections are not keeped-alive continuously.
From time to time, one of the clients will randomly (and silently) redirect all traffic through another one; which mostly shows up on the "Traffic" bandwidth graphs, where one interface clearly correlates the other in both directions. The problem is resolved by restarting one of the two clients involved.
I do believe this can be caused by the "Bind addresses" being left empty - most of the time, connection or keep-alive is done through WAN ; but not always.
I'm lucky enough to have a fixed IP address; I've set up the field accordingly, restarted all OpenVPN clients - works fine so far. As I stated before it is a random issue (sometimes days before it happens), I'll keep you all posted with the results
EDIT. Didn't work
same behavior all over again, this time between a Wiregard client and an OpenVPN one. Looks like OpnSense is using the OpenVPN tunel to establish the Wiregard connection; but there's not "Bind address" option in the later, so I guess it's not the same issue after all.
EDIT 2. Finally found it the issue was indeed caused by migrating from the legacy client configuration to the new one... My OpenVPN provider is pulling routes when establishing a connection, leading all further traffic - including other VPN connections, such as Wireguard - to use it to access the larger network 
This behavior was previously corrected by the "Don't pull routes" option, but in the new interface one has to define the "route-nopull" option.
I'm not skilled enough to give a valuable opinion about which one is best. However since migrating I'm having a strange issue, that I believe could be because of the "Bind address" mentioned earlier in this thread.
I'm playing with multiple OpenVPN and Wiregard clients; most of them are in use at random times during the day and I strongly suspect some connections are not keeped-alive continuously.
From time to time, one of the clients will randomly (and silently) redirect all traffic through another one; which mostly shows up on the "Traffic" bandwidth graphs, where one interface clearly correlates the other in both directions. The problem is resolved by restarting one of the two clients involved.
I do believe this can be caused by the "Bind addresses" being left empty - most of the time, connection or keep-alive is done through WAN ; but not always.
I'm lucky enough to have a fixed IP address; I've set up the field accordingly, restarted all OpenVPN clients - works fine so far. As I stated before it is a random issue (sometimes days before it happens), I'll keep you all posted with the results
EDIT. Didn't work
same behavior all over again, this time between a Wiregard client and an OpenVPN one. Looks like OpnSense is using the OpenVPN tunel to establish the Wiregard connection; but there's not "Bind address" option in the later, so I guess it's not the same issue after all.EDIT 2. Finally found it
the issue was indeed caused by migrating from the legacy client configuration to the new one... My OpenVPN provider is pulling routes when establishing a connection, leading all further traffic - including other VPN connections, such as Wireguard - to use it to access the larger network This behavior was previously corrected by the "Don't pull routes" option, but in the new interface one has to define the "route-nopull" option.
Made me scratch up my head for a good while, hopefully with the help of all the fine folks here I managed to get it working !
I'm using it on top of AdGuard and UnboundDNS