OpenVPN needs a gateway parameter

[felixtech-msp]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [X ] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [X ] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

When setting up a OpenVPN Site-to-Site VPN and configuring all required settings, the VPN fails to start up because there seems to be some tunnel configuration missing to the OpenVPN daemon which is not properly populated by the GUI, even though it's configured. The error is: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

In my view the IPv4 Local Network and/or IPv4 Remote Network settings are half way ignored and the daemon looks for them but doesn't properly find them. I was unable to find any actually useful information on that error.

To Reproduce

Set up the OPNsense part of the VPN like described here: https://forum.opnsense.org/index.php?topic=38350.0
The client part is not required to be set up as the OPNsense part of it already doesn't work at all.

Expected behavior

The VPN adapter starts and can be used.

Describe alternatives you considered

None.

Relevant log files

See the mentioned forum post.

Environment

OPNsense 23.7.12 (amd64) (commit f626813)

[AdSchellevis]

Better try to implement your use case with VPN: OpenVPN: Instances, if that fails, be more elaborate about the settings configured. It's highly likely a misconfiguration, in which case our forum (https://forum.opnsense.org) might be a better place to look for help.

[AdSchellevis]

suit yourself, there's nothing in your ticket that would allow someone to reproduce your issue. Merely explaining you the process and wishing you a pleasant day.

[AdSchellevis]

the relevant line in the log is the failing ifconfig here, but I'm not going on a further fishing expedition, your answer likely lies in the details of the log. the failing route is merely a symptom of a missing interface configuration.

[AdSchellevis]

You're seeking commercial level support on a community platform.... I'm not blaming anyone for not being able to read the logs, just offering some pointers on how to fix these kind of issues in my free time here, sorry about that, won't happen again, I too have better ways so spend my weekend.

[AdSchellevis]

For me this discussion ends, but feel free to discuss with the next person who has the spirit to continue.

As I tried to explain multiple times this (highly) likely is a misconfiguration (during support we offer, we have seen quite some variants), the routing issues are most likely caused by the fact that the interface configuration is not possible, but since you "know" it's in the configuration, you should also be able to debug this further (configuration files are stored in /var/etc/openvpn/, usually openvpn is quite elaborate about the command that failed in their log).

In case you are only seeing the messages reported earlier, you might want to change the log level in your view.

I do regret suggesting alternatives and areas to inspect to help you debug your issue, won't happen again, wish you a nice weekend.

[AdSchellevis]

Validations are likely incomplete, so incompatible choices may be possible. Which is one of the main reasons I've asked to try the new code first, eventually legacy modules will go end of live, adding more validations doesn't make much sense at this stage.

You're obviously free to call it a bug, from my perspective it's a misconfiguration, it would be nice if the gui would prevent some of these choices, but that's not a goal we're trying to reach with components that more or less outlived their live-time.

Let's close the ticket.

One word of advice for future tickets, with any community project, I would suggest to work on your communication skills, if you read the thread again, envision this is one of your projects you offered to someone for free you might understand why....