1
24.7 Production Series / blackhole routing vs openvpn not working
« on: October 29, 2024, 11:05:54 pm »
I am fairly new to opnsense but not to networking, nevertheless this is my first post.
A while ago i've added blackhole routes using this thread: https://forum.opnsense.org/index.php?topic=34190.0
That did work ok, i think...
I discovered recently that my OpenVPN did not forward traffic anymore. I did see DNS queries on the VPN interface but no traffic. In all that time i did upgrade to the latest Opnsense but did not test the VPN.
I've tried rebuilding configs etc but that did not work.
My VPN range consists of the 192.168.99.0/24 subnet.
I discovered today that the VPN traffic started working again by disabling this blackhole route: 192.168.0.0/16
So now i am confused, as far as i know the most specific route will win.
So routing to null for 192.168.0.0/16 would be overruled by the specific subnet 192.168.99.0/24.
But that network will only be "up" when a VPN connection is made.
So maybe the "injection" of the vpn network route when using a blackhole route does not work or the specific subnet does not overrule the larger subnet?
Can anyone comment on this? Do I misinterpret something or is it a bug?
Opnsense version 24.7.7
Openvpn version 2.6.12
cheers,
Sebas
A while ago i've added blackhole routes using this thread: https://forum.opnsense.org/index.php?topic=34190.0
That did work ok, i think...
I discovered recently that my OpenVPN did not forward traffic anymore. I did see DNS queries on the VPN interface but no traffic. In all that time i did upgrade to the latest Opnsense but did not test the VPN.
I've tried rebuilding configs etc but that did not work.
My VPN range consists of the 192.168.99.0/24 subnet.
I discovered today that the VPN traffic started working again by disabling this blackhole route: 192.168.0.0/16
So now i am confused, as far as i know the most specific route will win.
So routing to null for 192.168.0.0/16 would be overruled by the specific subnet 192.168.99.0/24.
But that network will only be "up" when a VPN connection is made.
So maybe the "injection" of the vpn network route when using a blackhole route does not work or the specific subnet does not overrule the larger subnet?
Can anyone comment on this? Do I misinterpret something or is it a bug?
Opnsense version 24.7.7
Openvpn version 2.6.12
cheers,
Sebas