Changed Behaviour for OpenVPN in Latest Tumbleweed

I installed my Tumbleweed server 3-4 months ago and the configuration
below has worked until now. I run “zypper dup” every couple of weeks
and after running this on Friday I’ve run into a problem. I’m not sure
if this is an OpenVPN problem or a SuSE problem or something else so I’m
starting here

My server runs 2 instances of OpenVPN. One as a client to a VPN provider
which sets the default gateway of my server to the VPN connection. All
the rest of my PCs use this server as their default gateway, I NAT from
the internal to the VPN connection and so all my PCs always send their
traffic down the VPN

The second instance is as an OpenVPN server which listens on UDP 1194
(the default) for incoming connections and when connected allows me
access to my PCs when I’m out in the field

I also run a webserver on the server and have had no problems with this
setup for several months

After running zypper dup on Friday I have had 2 problems. The first was
that the OpenVPN instances would not start as they were asking for the
Private Key Password. I solved this by editing
/etc/systemd/system/ and removing
–askpass from the ExecStart line and then “systemctl daemon-reload”

They now both start but if the client instance is connected then I can’t
access the server instance or the webserver from outside my network
(they’re available internally). If I shut down the client instance then
everything is accessible from outside my network

With both OpenVPN instances connected when I try to access my server
then you can see the traffic arriving at the server (tcpdump port 1194
-i any) but replies aren’t being sent or they’re lost somewhere before
tcpdump can see them

Hopefully someone out there can help with this as I’m running out of
ideas how to fix this and it’s quite a major issue for me

If anyone needs more info please ask and thanks for reading


I should also have said that my previously working setup used a single
NIC and single IP address. I have also tried a second IP address in the
same subnet and a different IP address in a different subnet and used
these for the OpenVPN server instance and webserver. For each IP address
I also tried the OpenVPN server options “local” and “multihome”
individually and together - the results were as previously described