Bug #12232
closed
OpenVPN status incorrect for TAP servers without a defined tunnel network
Added by Max Leighton over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.01
Description
Creating an OpenVPN server TAP mode without specifying the IPv4 Tunnel Network will result in the Status>OpenVPN page not showing Client Connections. pfSense as a client on the other end of this tunnel will show that it is connected and traffic will pass successfully, but the server Status page doesn't see the connected client.
The settings I'm using to recreate it are:
UDP4 (1196)
Mode: Peer to Peer ( SSL/TLS )
Data Ciphers: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305, AES-256-CBC
Digest: SHA256
D-H Params: 2048 bits
2.5.2-RELEASE (amd64)
built on Fri Jul 02 15:33:00 EDT 2021
FreeBSD 12.2-STABLE
Files
I'm not able to reproduce this bug on 21.05.1. This may be a CE-only issue as I can see a status page in TAP mode on both the server and the client without an IPv4 tunnel network specified.
- Status changed from New to Confirmed
- Assignee set to Jim Pingle
- Target version set to 2.6.0
- Plus Target Version set to 21.09
I can reproduce it here using the settings from the XML file already attached on the issue.
Client shows connected, server shows 0 connections.
I'll check it out.
When in tap mode with an empty tunnel network, OpenVPN puts the tunnel into "point-to-point" mode which behaves like a static key tunnel or one with a subnet mask like /31 or /30. Basically it only allows one client even though it's SSL/TLS, so it isn't actually in "server" mode since the "server" directive requires a subnet on the interfafce.
I made some adjustments to the code to detect this case and now the status is properly reflected.
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Tested on:
2.6.0-DEVELOPMENT (amd64)
built on Thu Aug 12 01:16:53 EDT 2021
FreeBSD 12.2-STABLE
Looks good. I see the client status on the server now. Marking the ticket resolved.
- Subject changed from TAP server doesn't show client connection without tunnel IP configured to OpenVPN status incorrect for TAP servers without a defined tunnel network
Updating subject for release notes.
- Plus Target Version changed from 21.09 to 22.01
- Related to Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Viktor Gurov 
