Topics

Hey guys, have anyone of you had such problem: I have set up GIF tunnel with Tunnelbroker (tunnelbroker.com). After the GIF is done I have to "assign" the interface, but the moment I try to enable the interface the OS reboots.
This is 100% reproducible. Never had real problems with Opnsense but this one is strange.
I'm using the last available version. There are no messages in the logs. It's just like I have pulled the power cord.
Even if I have mistake in my config, enabling interface should not kill the entire OS, right?!

Just wonder has anyone had such experience:

• Single WAN interface.
  Openvpn tun server instance for site to site clients (peer2peer)
  Openvpn tun server instance for remote access (mobile) clients
  Openvpn tun client to another server with bunch of networks routed though the tunnel.

All works fine until the client instance is started. It breaks all remote access and site to site tunnels. And all openvpn services fall into a loop where everything starts and stops. If I leave it like this over the night, I have it settled and working in the morning. And it stays stable until the client instance reconnects - then all falls apart.

Anyone tried this setup?

Using OPNsense 20.7.3-amd64 I have set up openvpn server with for remote access when I'm mobile or remote and joining few remote sites I frequently visit.
I have the server as ssl/tls|tcp|tun|dynamic ip|addr pool|topology. I have /24 as tunnel network and /16 as local network (so that I can join and route all remote sites). As single user I can connect from anywhere and successfully use the tunnel. The problem comes when I join remote sites.
Single users and remote sites have the same client configuration. The only difference is that for remote sites I have set up "client specific overrides" on the openvpn server.
And the only thing I specify is "ipv4 remote network", so that when this client joins and gets any (dynamic) ip from the vpn pool, openvpn activates the route to it's remote subnet.

All goes very well except for the final part - injecting the remote network routes to kernel routing table. All routes are correctly shown in OpenVPN > Connection Status > Routing Table, but are missing from OS' routing table thus I can't reach the remote sites (their subnets are routed via the default gateway on WAN interface).

Does anybody used it this way and seen the same problem?

[per firewall rule]

Looks like restarting VPN server with 200-300 active clients is bad idea. I have such on dual Xeon 3.3GHz.
OpenVPN service gets smashed by all the clients rushing in. As a result, nobody can connect and the service is dead. showing mostly

WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255

in the logs.

I see that it's possible in firewall rule to have SYN rate limiting per IP. But what if the connections are coming each from unique IP?!

So, is there a way of limiting the SYN rate per firewall rule, not per single source IP? For example to have no more than 1 new incoming (SYN) connection per 2 seconds in the fw rule, which allows access to the service.

Hi guys,
Is there a way to get the status of OpenVPN server with all the clients connected?
API doesn't seem to provide such capability. If I try to socat it from the unix socket (/var/etc/openvpn/server1.sock) it breaks the server and reboot is required. SNMP maybe?

Hi all,
Yesterday I have decided to upgrade to the latest 17.x version, I was on the previous v17 build and I the machine didn't came up...
I had similar problems when installing it. I couldn't install v17 because of the same error. What I did was to install v16 and then upgrade to v17. It was working OK since then, until the yesterdays update...
Attached is the screen where the booting process stops.
Did anyone had similar problem or ideas what could be causing it? The server is HP DL380 G5