Project

General

Profile

Actions

Bug #14811

closed

[pfSense 23.05.1] OPEN VPN TAP

Added by Łukasz Rojczyk about 1 year ago. Updated about 1 year ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
4100

Description

Sep 26 08:35:01 openvpn 64050 Exiting due to fatal error
Sep 26 08:35:01 openvpn 64050 FreeBSD ifconfig failed: external program exited with error status: 1
Sep 26 08:35:01 openvpn 64050 /sbin/ifconfig ovpnc1 10.100.200.20/24 mtu 1500 up
Sep 26 08:35:01 openvpn 64050 TUN/TAP device /dev/tap1 opened
Sep 26 08:35:01 openvpn 64050 TUN/TAP device ovpnc1 exists previously, keep at program end

There is still the same problem in version 23.05.1 (it was fine before) - request fix it finally / advice in the same thread does nothing - a patch is needed

We pay for pfSense and with each new version problems come out that disconnect our devices

this can only be fixed by restarting the device

the problem occurs only in tap

Actions #1

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Not a Bug
  • Priority changed from Very High to Normal

That looks like you might have a configuration error there. In most cases the client tunnel network should be left blank (any SSL/TLS client/server setup), and in cases when it should be the older point-to-point style it would be a /30 not /24.

The error you see was also potentially a problem in versions before 23.05, fixed in 23.05 issue #13350 -- it's possible you once had a patch installed in the system patches package for that and unintentionally reverted the patch after upgrading, which then removed the fix and broke it again.

Another possibility is that you have an entry in the routing table that conflicts with the tunnel network so it can't configure the network on an interface because it already exists in the routing table.

No matter what is happening if you have questions and are a customer, you can talk to someone in TAC ( https://www.netgate.com/tac-support-request ) and they can help figure out what is happening on your system.

Actions #2

Updated by Łukasz Rojczyk about 1 year ago

Why do you give such advice that in the tunnel TAP should be for /30 ? They all work, even /22 - see pure debian + openvpn

The openvpn TAP server on the /24 network assigns an address from that network to the client via a specific client

We have linked quite a few networks - all work on old pfsense (no updates e.g. 23.05.1-RELEASE - no patches (never installed)) = never crashes.

On devices where we have added all the recommended patches (even when we remove them), something changes in pfSense 23.05.1 and it causes the described problem.

Don't write that it's not a bug, because yet it happens and any of these patches supposedly unrelated to openvpn causes "FreeBSD ifconfig failed" and uninstalling the patches does nothing.

Request to analyze it again. This is not the first submission to 23.05.1 however you continually reply that this is not a problem.

Probably in a few weeks someone will come up with it, where is the error ....

Actions

Also available in: Atom PDF