Problem after 17.1.1 Upgrade

Started by AndyX90, February 14, 2017, 08:14:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 14, 2017, 08:14:27 PM Last Edit: February 15, 2017, 06:57:04 AM by AndyX90
Hi Guys,
i have a serious problem with OpenVPN after the upgrade to 17.1.1.
My OPNSense is acting as a OpenVPN-Client for Site2Site which is working normal after the Upgrade.
But the OpenVPN-Server for my "Road-Warrior-Connections" isn't working as it should.
Both are assigned to separate Interfaces.
I can connect to the Server via UDP, authenticate against OTP+Local Users and establish the connection.
But obviously the rules on the assigned interface are failing... (I have no rules on openvpn tab)

For example: I create one rule on (ovpn-server)interface: Proto TCP, Source Any, Dest. Lan Address, Port HTTPS
and i can't access the webinterface from within the VPN.
Server Settings: tun, UDP, topology, tunnel-network: 192.168.x.x/29, conc. connections: 3, pushed 3 routes to local/other networks.
On client side: everything seems ok. got correct ips on vpn-adapter, got correct routes pushed.
Any suggestions?

Thanks in advance.
February 15, 2017, 06:06:59 PM #1
Okay, setting "sysctl net.pf.share_forward=0" solves the problem.
But after every reboot the option reverts to 1. Any solution for that?
February 15, 2017, 06:32:48 PM #2
create a tuneable which this setting
February 15, 2017, 09:57:37 PM #3
We are circling back to using the default pf/ipfw behaviour with 17.1.2, with an additional GUI firewall setting for using the new behaviour.

That should be permanent enough and accommodate for both kinds of users/use cases. :)


Cheers,
Franco
Print
Go Up Pages1
User actions