OpenVPN on Wireguard data pass issue with GL-MT2500 and firmware 4.5.0

Hello everyone,
I have a problem with the new firmware 4.5.0 on my GL-MT2500.
In my business I have the GL-MT2500 which acts as my Wireguard Client towards a VPS with pfSense and which gives me connectivity to the entire business through this, I also have my own internal OpenVPN server with which I can connect remotely via the firewall company cascaded after the GL-MT2500. Up to firmware 4.4.6 I could easily run the company OpenVPN inside the Wireguard connection between the VPS and the GL-MT2500. However, since 4.5.0 it is no longer possible to establish a connection on OpenVPN with my company firewall. I tried changing the port such as 1196 instead of 1194 but the result does not change.
By putting the old 4.4.6 back everything works correctly again.
I have used this operation of my OpenVPN on the company firewall starting from the first Brume up to this firmware and I don’t understand what 4.5.0 could have that makes me block this company VPN of mine which should go transparently in UDP inside the Wireguard.

Marco

Could you please draw the topology?

Thank you very much for the prompt reply.
Here is the topology.
It should be noted that I have not changed any settings between updates. Simply with 4.4.6 and lower my corporate OpenVPN works and with 4.5.0 there is no way to start it.

Do you enable port forward on MT2500 to access the OpenVPN server?
I tested it works, I enabled “WireGuard Client Options” - “Remote Access LAN”, my topology doesn’t have port forward.

Can you please export log when using firmware 4.5?

Yes, my corporate router with Openvpn server IP is in DMZ from wireguard tunnel. Http/Https on my webserver work ok.
In the next few hours I will try to put the 4.5.0 back and try again with the settings you told me.
Thank you

Thanks for confirming.
Please try this workaround:

Done the procedures described, solved.

1 Like