upgrade from 20.7 to 21.1.2 OpenVPN problems

[Electr0nik]

Hi! I upgraded yesterday and my OpenVPN connections stopped working. Ipsec site2site is OK, but OpenVPN is broken. I can connect, but i cannot ping lan host or open smb. There is nothing wrong popping up in firewall log also.

[Electr0nik]

I'm the only one with this problem? Please help me troubleshoot it!

[thowe]

Based on the screenshot, it is not possible for me to determine what the problem is at a glance. I would probably set up a second OpenVPN endpoint (on a different port) in parallel (e.g. with the wizard) and configure it. Once this is up and running you can see what is different with the first one.

Alternatively, you can check if there are at least two rules:
- One that allows UDP on the OpenVPN port on the WAN.
- One which allows access to the LAN from the OpenVPN interface.

[Electr0nik]

I think I have all needed rules. It was working before update. I set up everything based on Setup SSL VPN Road Warrior. I'm not very good with rules, usually  I just look in the logs, see what is wrongly denied and fix it, but in this situation there are no log entries regarding vpn ip's and target lan ip that I need to connect.
on the screen from the first post you can see that fw is allowing rdp connection, but it's still not working (worked before update)

[Electr0nik]

I still cannot fix this issue. Anyone have any ideas how to troubleshoot? I discovered that my route rule from vpn network to lan was disabled, but enabling it didn't help. To recap: everything was working before update to 21.1.2
openvpn and site to site ipsec, after update open vpn is connecting, but traffic isn't going. Site to site ipsec is working normally. And I don't see anything related to vpn blocked in fw log

[thowe]

In such a case I would set up a second OpenVPN server endpoint in parallel (on a different port). You can do that in OPNsense. I had to do this recently when I configured mine. With that I was able to find the problem.