Project

General

Profile

Actions

Bug #3948

closed

Changing OpenVPN from tun to tap or vice-versa breaks that instance

Added by Chris Buechler over 9 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
10/20/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Where you have an OpenVPN client or server instance defined on tun and switch to tap, or vice-versa, the ovpnc*/ovpns* interface is retained from the previous configuration. ifconfig will error out with:

Oct 20 19:14:02    openvpn[39784]: FreeBSD ifconfig failed: external program exited with error status: 1
Oct 20 19:14:02    openvpn[39784]: Exiting due to fatal error

because the ifconfig it uses on a tap isn't valid on tun, or vice versa.

To work around, "ifconfig ovpncX destroy" (or ovpnsX), then edit and save the OpenVPN instance, which will re-create the tun/tap. Or reboot.

Actions #1

Updated by Viktor Gurov over 2 years ago

no such issue on pfSense 2.6.0.a.20210726.1819:

Jul 28 10:18:29 pf100 openvpn[48625]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 28 10:18:29 pf100 openvpn[48625]: WARNING: experimental option --capath /var/etc/openvpn/server1/ca
Jul 28 10:18:29 pf100 openvpn[48625]: TUN/TAP device ovpns1 exists previously, keep at program end
Jul 28 10:18:29 pf100 openvpn[48625]: TUN/TAP device /dev/tun1 opened
Jul 28 10:18:29 pf100 openvpn[48625]: ioctl(TUNSIFMODE): Device busy (errno=16)
Jul 28 10:18:29 pf100 openvpn[48625]: /sbin/ifconfig ovpns1 10.34.34.1 10.34.34.2 mtu 1500 netmask 255.255.255.0 up
Jul 28 10:18:29 pf100 openvpn[48625]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 10.34.34.1 255.255.255.0 init
Jul 28 10:18:29 pf100 openvpn[48625]: UDPv4 link local (bound): [AF_INET]192.168.89.117:1194
Jul 28 10:18:29 pf100 openvpn[48625]: UDPv4 link remote: [AF_UNSPEC]
Jul 28 10:18:29 pf100 openvpn[48625]: Initialization Sequence Completed
Jul 28 10:18:48 pf100 openvpn[48625]: event_wait : Interrupted system call (code=4)
Jul 28 10:18:50 pf100 openvpn[48625]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 10.34.34.1 255.255.255.0 init
Jul 28 10:18:50 pf100 openvpn[48625]: SIGTERM[hard,] received, process exiting
Jul 28 10:18:51 pf100 openvpn[62334]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Jul 28 10:18:51 pf100 openvpn[62334]: OpenVPN 2.5.3 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul  9 2021
Jul 28 10:18:51 pf100 openvpn[62334]: library versions: OpenSSL 1.1.1k-freebsd  25 Mar 2021, LZO 2.10
Jul 28 10:18:51 pf100 openvpn[62499]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 28 10:18:51 pf100 openvpn[62499]: WARNING: experimental option --capath /var/etc/openvpn/server1/ca
Jul 28 10:18:51 pf100 openvpn[62499]: TUN/TAP device ovpns1 exists previously, keep at program end
Jul 28 10:18:51 pf100 openvpn[62499]: TUN/TAP device /dev/tap1 opened
Jul 28 10:18:51 pf100 openvpn[62499]: /sbin/ifconfig ovpns1 10.34.34.1 netmask 255.255.255.0 mtu 1500 up
Jul 28 10:18:51 pf100 openvpn[62499]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1653 10.34.34.1 255.255.255.0 init
Jul 28 10:18:51 pf100 openvpn[62499]: UDPv4 link local (bound): [AF_INET]192.168.89.117:1194
Jul 28 10:18:51 pf100 openvpn[62499]: UDPv4 link remote: [AF_UNSPEC]
Jul 28 10:18:51 pf100 openvpn[62499]: Initialization Sequence Completed

Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from Confirmed to Closed
Actions

Also available in: Atom PDF