After upgrade from 23.1.11 to 23.7.6 OpenVPN server interface is no longer up

[mircea]

Hello all,

In the past I have configured an OpenVPN bridged server following https://forum.opnsense.org/index.php?topic=5716.0 and it worked well.

After upgrading from 23.4.2 (based on community 23.1.11) to 23.10 (based on community 23.7.6) the openvpn interface is no longer up after reboot and we need to stop the openvpn server from gui and start it again.

We are still on the servers interface (not instances)

After manually restarting the openvpn

Code: [Select]

ovpns1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OpenVPNXXXX (opt4)
        options=80000<LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        groups: tap openvpn
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 9615
After reboot:

Code: [Select]

ovpns1: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OpenVPNXXXX (opt4)
        options=80000<LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        groups: tap openvpn
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 16316

Searching I have found https://github.com/opnsense/core/issues/980, but in our case the bridge correctly contains both interfaces.

Do you have any idea what is happening or what else I can do?

[mircea]

Hi,

In the meantime we upgraded to 23.10.1_2 (based on 23.7.9) but the problem is still there.

Does nobody have this problem?

[toom18]

Hi.
I also have this problem, I just installed OPNsense 24.1_1 and the problem still occurs.
Is there no solution for this?
Maybe ad hoc some script to restart OpenVPN service I don't know for example 2 minutes after start only how to make such?

[cristian.spiescu]

Hi,

I work togethe w/ Mircea (the author of this topic). A bit of context:

We bought an OPNsense appliance, which came w/ an one-year subscription to OPNsense commercial. After having configured it, we enabled the auto updates. The most important factor that pushed us to buy the appliance + subscription was the promise to have a curated update channel that is both 1/ secure and 2/ reliable.

Unfortunately, after the update, we had the unpleasant surprise to see that 2/ is actually not happening. The fact that the VPN has issues => has impact on our business.

The next unpleasant surprise was to see that even after a while, the issue was not fixed.

Another unpleasant surprise is the fact that OPNsense maintainers don't seem to watch the forum. It would have been nice to see this happen and maybe have a fix sometime.

We'll try to buy a commercial support package. As a curiosity to see how things evolve. I'll report the progress here, and hopefully the fix will help the community.

[Reiner030]

The posts of this are not very helpful to help you both ...
First post shows only an interface after manual service restart/reboot  ... and I can see only a different parent process id? 
Where are the logs oft startup process in which maybe some problems were written?
Bests setup "Verbosity level" minimum to "3 (recommend)" or temporary higher to see whats happens to fail...

We are running also business variant on buyed Decisio hardware with some updates already done.
After Reboots/Updates the OpenVPNs Service came always up for serving employees connections.
Since we haven't them in completely in production usage I tested the OpenVPN connection manually without problems.
But a bridge modus should be much different than the normal server modus.