Actions
Bug #3948
closedChanging OpenVPN from tun to tap or vice-versa breaks that instance
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
10/20/2014
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
Where you have an OpenVPN client or server instance defined on tun and switch to tap, or vice-versa, the ovpnc*/ovpns* interface is retained from the previous configuration. ifconfig will error out with:
Oct 20 19:14:02 openvpn[39784]: FreeBSD ifconfig failed: external program exited with error status: 1 Oct 20 19:14:02 openvpn[39784]: Exiting due to fatal error
because the ifconfig it uses on a tap isn't valid on tun, or vice versa.
To work around, "ifconfig ovpncX destroy" (or ovpnsX), then edit and save the OpenVPN instance, which will re-create the tun/tap. Or reboot.
Updated by Viktor Gurov over 2 years ago
no such issue on pfSense 2.6.0.a.20210726.1819:
Jul 28 10:18:29 pf100 openvpn[48625]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 28 10:18:29 pf100 openvpn[48625]: WARNING: experimental option --capath /var/etc/openvpn/server1/ca Jul 28 10:18:29 pf100 openvpn[48625]: TUN/TAP device ovpns1 exists previously, keep at program end Jul 28 10:18:29 pf100 openvpn[48625]: TUN/TAP device /dev/tun1 opened Jul 28 10:18:29 pf100 openvpn[48625]: ioctl(TUNSIFMODE): Device busy (errno=16) Jul 28 10:18:29 pf100 openvpn[48625]: /sbin/ifconfig ovpns1 10.34.34.1 10.34.34.2 mtu 1500 netmask 255.255.255.0 up Jul 28 10:18:29 pf100 openvpn[48625]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 10.34.34.1 255.255.255.0 init Jul 28 10:18:29 pf100 openvpn[48625]: UDPv4 link local (bound): [AF_INET]192.168.89.117:1194 Jul 28 10:18:29 pf100 openvpn[48625]: UDPv4 link remote: [AF_UNSPEC] Jul 28 10:18:29 pf100 openvpn[48625]: Initialization Sequence Completed Jul 28 10:18:48 pf100 openvpn[48625]: event_wait : Interrupted system call (code=4) Jul 28 10:18:50 pf100 openvpn[48625]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 10.34.34.1 255.255.255.0 init Jul 28 10:18:50 pf100 openvpn[48625]: SIGTERM[hard,] received, process exiting Jul 28 10:18:51 pf100 openvpn[62334]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate Jul 28 10:18:51 pf100 openvpn[62334]: OpenVPN 2.5.3 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 9 2021 Jul 28 10:18:51 pf100 openvpn[62334]: library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 28 10:18:51 pf100 openvpn[62499]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 28 10:18:51 pf100 openvpn[62499]: WARNING: experimental option --capath /var/etc/openvpn/server1/ca Jul 28 10:18:51 pf100 openvpn[62499]: TUN/TAP device ovpns1 exists previously, keep at program end Jul 28 10:18:51 pf100 openvpn[62499]: TUN/TAP device /dev/tap1 opened Jul 28 10:18:51 pf100 openvpn[62499]: /sbin/ifconfig ovpns1 10.34.34.1 netmask 255.255.255.0 mtu 1500 up Jul 28 10:18:51 pf100 openvpn[62499]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1653 10.34.34.1 255.255.255.0 init Jul 28 10:18:51 pf100 openvpn[62499]: UDPv4 link local (bound): [AF_INET]192.168.89.117:1194 Jul 28 10:18:51 pf100 openvpn[62499]: UDPv4 link remote: [AF_UNSPEC] Jul 28 10:18:51 pf100 openvpn[62499]: Initialization Sequence Completed
Actions