OpenVPN fails after failover to upgraded node (25.1.7)

Started by ajr, May 23, 2025, 12:58:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 23, 2025, 12:58:46 PM
I upgraded may backup node and then did a failover to (persistent CARP switch) to upgrade the old master.
The OpenVPN client could not create a tunnel.
I switched back to the old master (running 25.1.5_5) and the tunnel came up.

Does the OpenVPN configuration needs a change with 25.1.7, related to (from README):
  openvpn: add port-share as advanced feature
  openvpn: add (push) block-ipv6 option
?

Is this a known bug ?

What else can I do to resolve the issue ?

ajr
May 27, 2025, 07:08:20 PM #1
I have just upgraded an HA setup from 25.1.5 to 25.1.7 with running multiple OpenVPN servers running. Still in legacy mode one for end users clients, two for Site2Site to some Ubuntu servers running OpenVPN and one where another OPNsense does connect from with the legacy client. Plus also a new instance for end users.
So far all of them are working fine, as they already did when the secondary system had been updated and then was CARP master.

Maybe check in VPN / OpenVPN / Log File for anything indicating what may be the issue.
June 01, 2025, 03:54:12 PM #2
No significant entries in logfile.
Maybe related: My OpenVPN tunnel provides the IPv6 default route.

I'm trying now WireGuard, as OpenVPN legacy client is obsolete ...

Thanks for replying
Print
Go Up Pages1
User actions