Project

General

Profile

Actions

Bug #14541

closed

No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0

Added by Michael Schefczyk over 1 year ago. Updated over 1 year ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

After upgrading from CE 2.6.0 to 2.7.0, OpenVPN site-to-site does stop working. This does not seem to be an isolated issue, cf. https://forum.netgate.com/topic/181210/no-site-to-site-vpn-after-upgrading-ce-from-2-6-0-to-2-7-0

My situation is a two-location SOHO with pfSense on Supermicro hardware, with 2 WAN connections per location, with fixed IPs and IPv4 with NAT and LAGG on the LAN side. There are two routers per location set up as a high-availability router based on CARP.

For 10 years, this setup did serve me well for a site to site VPN:

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ospf.html
A variant with no OSPF and remote networks provided did also work. Also a single WAN site-to-site with the server running on localhost and NAT port forwarding to localhost did work well. I am using manual outbound NAT, switching to hybrid does not change any of the issues below.

After upgrading from CD 2.6.0 to 2.7.0 I did not regain full performance of the site-to-site VPN:

OpenVPN
The best result I can get is that Diagnostics -> Ping on each firewall can ping all devices in the respective other LAN. Telephones using udp SIP can also log in through the tunnel. ICPM and TCP traffic will not flow.
The following measures do not make a difference:
- IPv4 Remote network(s) empty vs. populated
- remote network included in IPv4 Local network(s) or not
- Client specific override with IPv4 Remote Network/s depeding on the certificate CN or not
- Adding an OpenVPN interface and setting a static route or not.

Related issues

Has duplicate Bug #14552: No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0Duplicate

Actions
Actions #1

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Not a Bug
  • Priority changed from High to Normal

That is almost certainly a configuration issue. This site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum .

See Reporting Issues with pfSense Software for more information.

Actions #2

Updated by Michael Schefczyk over 1 year ago

If I still may respond: I would never dare to post anything here prematurely. This was filed AFTER posting in the forum (link is included in the first line) and getting feedback on similiar situations from multiple others. My problem might well be due to my lack of competence. If multiple people are affected, there is at least some likelihood that the software does not work as intended or as documented under some circumstances.

Actions #3

Updated by Jim Pingle over 1 year ago

  • Has duplicate Bug #14552: No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0 added
Actions

Also available in: Atom PDF