Invalid status for OpenVPN Point-to-Point Links
If one defines multiple OpenVPN servers in a tun point-to-point mode (i.e. use a /30 subnet in the IPv4 tunnel network field) the status for each respective server reported by pfSense is incorrect when more than one server instance is instantiated.
- Create two OpenVPN p2p server instances on a pfSense machine. Do this by specifying a unique tunnel network of /30 on each instance. The pfSense OpenVPN status widget will then group the server instances as per Figure 1 below.
- Create two client instances on other pfSense machines to dial into the two servers respectively. Ensure each server tunnel network is specified in the client tunnel network field too.
The clients will successfully connect as per Figure 2 and Figure 3. However, the server status on Figure 1 shows only one connection.
I am not sure whether this is a limitation of the OpenVPN management sockets or an issue in pfSense, but I thought I would raise it here to make the relevant people aware of it's existence regardless.
I connected to the OpenVPN management socket manually for the OpenVPN server instances and it seems that the status messages are extremely vague when operating in p2p mode compared to remote access mode. See output of server1 below:
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
Updated,Sat Oct 13 12:40:23 2018
TUN/TAP read bytes,2957
TUN/TAP write bytes,1928
TCP/UDP read bytes,14492
TCP/UDP write bytes,14092
Auth read bytes,2792