Project

General

Profile

Actions

Bug #15851

closed

openvpn DCO mode Failed to open tun/tap interface

Added by yon Liu 4 days ago. Updated 4 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
Affected Architecture:
amd64

Description

openvpn can't create interface when I use DCO mode. p2p tunnel,For privacy reasons, the IP has been changed

Nov 19 11:40:30 openvpn 33936 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Nov 19 11:40:30 openvpn 33936 Failed to open tun/tap interface
Nov 19 11:40:30 openvpn 33936 ERROR: Failed to apply push options
Nov 19 11:40:30 openvpn 33936 OPTIONS ERROR: pushed options are incompatible with data channel offload. Use --disable-dco to connect to this server
Nov 19 11:40:30 openvpn 33936 OPTIONS IMPORT: Server did not request DATA_V2 packet format required for data channel offload
Nov 19 11:40:28 openvpn 33936 [tv189.com] Peer Connection Initiated with [AF_INET6]2a04:e8c0:18:71a::1:51758
Nov 19 11:40:28 openvpn 33936 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ED25519, signature: ED25519, peer temporary key: 253 bits X25519
Nov 19 11:40:28 openvpn 33936 peer info: IV_PROTO=746
Nov 19 11:40:28 openvpn 33936 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Nov 19 11:40:28 openvpn 33936 VERIFY OK: depth=0, CN=tv1.com
Nov 19 11:40:28 openvpn 33936 VERIFY EKU OK
Nov 19 11:40:28 openvpn 33936 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 19 11:40:28 openvpn 33936 Validating certificate extended key usage
Nov 19 11:40:28 openvpn 33936 VERIFY KU OK
Nov 19 11:40:28 openvpn 33936 VERIFY OK: depth=1, CN=Liuxyon
Nov 19 11:40:28 openvpn 33936 UDPv6 link remote: [AF_INET6]2a04:e0c0:18:71a::1:51958
Nov 19 11:40:28 openvpn 33936 UDPv6 link local (bound): [AF_INET6]2409:8290:404:c46a::
Nov 19 11:40:28 openvpn 33936 setsockopt(IPV6_V6ONLY=0)
Nov 19 11:40:28 openvpn 33936 TCP/UDP: Preserving recently used remote address: [AF_INET6]2a04:e8c0:18:71a::1:51758
Nov 19 11:40:28 openvpn 33936 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

dev ovpnc8
verb 2
dev-type tun
dev-node /dev/tun8
writepid /var/run/openvpn_client8.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp6
auth SHA3-256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 2409:8290:404:c46a:::4394
tls-client
lport 0
management /var/etc/openvpn/client8/sock unix
remote 2a04:e0c0:18:71a::1 51958 udp6
pull
remote-cert-tls server
capath /var/etc/openvpn/client8/ca
cert /var/etc/openvpn/client8/cert
key /var/etc/openvpn/client8/key
data-ciphers AES-256-GCM:AES-128-GCM
data-ciphers-fallback AES-256-GCM
allow-compression no
resolv-retry infinite
tls-crypt-v2 /root/v2crypt-client-1.key
ifconfig 10.11.3.2 10.11.3.1
ifconfig-ipv6 2a0d:2408:513:a::3/124 2a0d:2408:513:a::2
topology p2p
route-nopull

Actions #1

Updated by Jim Pingle 4 days ago

  • Category changed from VPN (Multiple Types) to OpenVPN
  • Status changed from New to Rejected

That appears to be a settings issue. Post on the forum with the server and client settings for assistance. Also, if that was not using DCO before, but is now, try rebooting to see if it comes up correctly then.

Actions #2

Updated by yon Liu 4 days ago

I am setting up a new dco openvpn tunnel.The same configuration works fine on Ubuntu 24.04. So I think the problem is with pfsense.

Actions

Also available in: Atom PDF