VPN setup dead after upgrade

[ar]

First, congrats on the new version!

Just did an upgrade at home and I use OPNsense as mullvad client over wireguard and an openvpn client to one of my work clients. After the upgrade, wireguard is offline in the interface monitoring, openvpn shows up, but none of the routes work.

Most of the setup is based on the opensense manual, like https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html and others.

I can't seem to find any hint why none of the VPN routes work anymore. The only logfile entry that seems relevant are build like this:

Code Select Expand


Error firewall There were error(s) loading the rules: /tmp/rules.debug:116: syntax error - The line in question reads [116]: nat log on ovpnc1 inet6 from (igb0:network),fe80::/10 to $vpn_XXX_targets -> (ovpnc1:0) port 1024:65535 # LAN to XXX IPv6 NAT


Any clue what changed from 22.1 to 22.7 that could be related to this?

[ar]

Had to deactivate all IPv6 related outbound NATs (and to be safe firewall routes) that are related to selective routing through VPN, at least VPN over IPv4 is working again now. No idea whats wrong with IPv6 though.

[BastiB]

Have the same problem with Wireguard. I had to disable it completely to get everything working again. I need IPV6 because of fiber. Hope there is a fix soon

[franco]

Yikes, IPv6 outbound NAT. It's been reported only today and merely speculated upon. Thanks for posting the error to confirm. Will submit a fix tomorrow morning.

In the interim this probably works:

--REDACTED, SEE BELOW--

And reload rules.


Cheers,
Franco

[franco]

Correct patch is https://github.com/opnsense/core/commit/2412d574f3

# opnsense-patch 2412d574f3


Cheers,
Franco

[ar]

Applied the patch, reactivated the rules, looking good so far!

[franco]

Neat, thanks!