Messages

I figured this out.

Upon examining the log on my VPN client, I noticed that VPN keepalives were failing, and the client was reconnecting over and over (with some time in between each attempt).  So - turns out I was using a connection profile from my previous OpenVPN configuration, and not the 'new' one I had just setup.  Something about the configuration was slightly different, requiring me to import a new connection profile using the Client Export function in OPNsense.  once I did that, packets show up in the firewall log and the OpenVPN rule set is working.

While running 25.1, I had a 'legacy' OpenVPN server setup.  When I set this up, the firewall automagically had the 'OpenVPN' rule set, which worked well for creating rules to grant access from VPN Users to stuff on the LAN.

I disabled the 'legacy' server, then setup a new server in the 'Instances' part of OpenVPN setup.  I was able to connect to it just fine, but was not able to access anything.  The firewall 'Live view' log didn't show any evidence of the packets I was sending over the OpenVPN tunnel.  It's almost as if they didn't exist, or were on some unassigned interface.

SO - I completely deleted the 'legacy' OpenVPN server, but had the same issue.

I then upgraded to 25.7.  No change, I still have this issue.  I noticed that the OpenVPN server interface was ovpns2 (probably because it existed at the same time the legacy server did), so I deleted the OpenVPN server instance, and then re-created it.  It is now using ovpns1, but the firewall OpenVPN rule set still isn't 'in effect' on packets sent over the VPN tunnel.

What must I do to make this work?  Do I need to assign the ovpns1 to an 'interface' under System?  If so, why does the firewall automatically have the OpenVPN rule set?  Does the firewall need some 'trigger' to re-scan the interfaces and associate ovpns1 with the OpenVPN rule set?