Hello
I set up a OpenVPN server and most thinks work like expected, only the routes are not regular updated.
There are several networks, IPs and IPs behind FQDN I have to route trought the VPN so I setup two alias for IPv4 Local network(s), one is network alias with some networks and fixed IPs inside, the other one is a host alias with some FQDN.
The network alias works fine, because there are no changes (only when I add/remove a server/network which should be used over the VPN)
Inside the host alias I use FQDN, this list is up to date under Diagnostic/Tables. When the OpenVPN server and OpenVPN Connect are fresh restarted, everthing works like I want to. But after some time (days, weeks I don’t know, because I didn’t get the information when/why the IPs change) the OpenVPN server use still the old IPs for pushing the routes to the Client.
After restart:
- example.fqdn
- IP: a.a.a.a
- IP: b.b.b.b
- IP: c.c.c.c
- routes over VPN set to a.a.a.a, b.b.b.b, c.c.c.c
after some time
- example.fqdn
- IP: d.d.d.d
- IP: b.b.b.b
- IP: c.c.c.c
- routes over VPN set to a.a.a.a, b.b.b.b, c.c.c.c
This continued till no IP from the FQDN is longer in the routes, after restart the OpenVPN Server (Status/OpenVPN restart service) the clients nromaly get the new IPs behinde the FQDN as routes on reconnect, some clients need a manual reconnect othes a OpenVPN client restart. The default OpenVPN client is OpenVPN Connect
The Problem is that the routes are not update only on OpenVPN service restart.
In the moment I manually restart once a week the OpenVPN service (Status/OpenVPN), when nobody use the VPN, because the cron job with this command /usr/local/sbin/pfSsh.php playback svc restart openvpn server 1 restart something for this VPN, but the VPN completly stop working, until i restart the service manually in Status/OpenVPN.
Basic Infomation:
pfsense: Netgat 6100 23.09.1-RELEASE
I followed mostly this documentation and this for the alias with some change to fit to the usecase. (Split traffic and split DNS for internal domains only over VPN)
clients: Windwos/MacOS/Linux with OpenVPN Connect (some MacOS use Tunnelblick) for testing I tried other OpenVPN clients but all get the wrong routes till the OpenVPN service ist restartet, some clients get the correct routes on reconnect, some I have manually disconnect and after this the correct routes are set.
If more Information needed pleas ask.
BdT
Varmandra