openvpn not working right after last update

[vico1959]

Okay here's my scenario: I've had openvpn up and running using Viscosity clients for several years now without any issue. My self signed certs expired on the same day I updated opnsense to the latest version. I noticed there were a lot of warnings about deprecated settings and protocols I was using so I decided to just rebuild the openvpn server. I did it manually the first time but have since rebuilt it three or four times and I've used the wizard for most of those. The issue I'm having is that I can connect to the VPN just fine but I cannot access anything beyond that. If I restart the VPN server then I can get to the remote network but only that first client. If another client tries to connect, they get the same issue until I restart the openvpn server on the firewall. I have gone through it so many times and everything looks right but just for kicks I have tweaked everything I could think of and still no dice. Please somebody help me before I pull all of my hair out and get run out of town by users and management. Thanks in advance. Also, DNS never works across the VPN but that is really not that important as I am only using the VPN for remote desktop access so I can use reserved IPs for that.

[bartjsmit]

On the page for the OpenVPN server, what settings do you have for these parameters?

 IPv4 Tunnel Network
 Address Pool

Does your LAN subnet appear in the routing table of the VPN client?

Bart...

[vico1959]

So I think I have it fixed now. I was using a 10.10.10.0/24 as the tunnel network. Nothing I tried would allow more than one client to access the network resources at a time. All could connect fine to the VPN but no access for anyone but whoever got in first. So after countless rebuilds of the VPN server, I got to thinking what if something is just corrupt in the firewall concerning that subnet so I rebuilt it using the wizard and chose the example network they give which is 10.0.8.0/24 and now everything seems to be working. So I don't know if there is some sort of bug in the latest version update that effects VPNs using that tunnel network but it makes no sense that it worked but it did. This needs to be brought to someone's attention to look into for sure.

[vico1959]

Actually, now I have figured out what happened and what my mistake was. I previously had the VPN setup using the aforementioned subnet and all was working fine. Sometime after that, I migrated a guest WiFi network to the opnsense firewall and chose the 10.10.10.0 subnet. All was working fine until I went to rebuild and then got the conflicting results because that guest network is a separate VLAN that is not allowed access to the main network so it was sort of allowing access and sort of blocking it I suppose. Anyway, that now explains why changing the subnet fixed the issue. Thanks for looking into it with me.   

[bartjsmit]

Good going! You may want to think about IPAM. Check this one out: https://phpipam.net/

[vico1959]

Thanks, I'll look into that.