Issues during migration openVPN server -> openVPN instance

[opn_minded]

Hi there,

so I've got a working ovpn server (legacy!) and, coming with 24.1, its menu entry is now flagged as "legacy". So I decided to give the new instance GUI a try.

Currently I've set up various rules under Firewall > Rules > openVPN that are working (yes, I can see them under Firewall > Log Files > Live View (e.g.)). Although I've never set up an IF for ovpn via Interfaces > Assignments, I always had that particular menu entry as described earlier.

So, back to topic. I've set up the instance, exported the ovpn profile and I'm able to connect. I can see the client under VPN > OpenVPN > Connection Status and an IP address that is within the specified IP-range.

But.. now the FW rule menu entry is gone and my client is not able to do anything. I understand this behavior as it's "block everything" by default.

My question now is, how do I get this working - do I have to manually assign an IF for the new instance and create new rules for ovpn from scratch?

Many thanks for your time!

[cs1]

Normally, all OpenVPN interfaces are grouped as "OpenVPN" and you can simply write an allow rule for the OpenVPN client traffic. If this doesn't work, you might have found a bug and should report it here: https://github.com/opnsense/core/issues

[opn_minded]

hi there, thanks for confirmation (regarding the grouping of ovpn IFs).

got it working after installing 24.1.1 (i doubt that's the reason, because looking into https://forum.opnsense.org/index.php?topic=38644.0 the only ovpn-relevant change has nothing to do with my reported issue).

tbh, didn't change my "approach"; deactivate old "server" -> set up new "instance" -> export profile -> activate "instance" -> connection / accessibility checks.

again, thanks for your time, cs1!