OpenVPN UDP multihome fails when connecting to an IP that is not logically closest.
If you connect to the external WAN IP from an OpenVPN client on an internal interface of a pfSense install running an OpenVPN server in UDP multihome mode. it will fail.
The server will reply from the closest interface IP and the client will reject the traffic as it does not come from the IP it connected to.
This is a known bug in FreeBSD:
Also documented by OpenVPN:
It's possible to work around it by setting the -floating option in the client that allows traffic from any IP once authorized. Or by using TCP, this bug applies only to UDP.
#3 Updated by Jim Pingle 3 months ago
- Target version set to 2.5.0
The FreeBSD patch has been merged into head (on FreeBSD), will be MFCd soon so it's probably safe to put a 2.5.0 target back on this.