Bug #9040
closedInvalid status for OpenVPN Point-to-Point Links
0%
Description
Background:
If one defines multiple OpenVPN servers in a tun point-to-point mode (i.e. use a /30 subnet in the IPv4 tunnel network field) the status for each respective server reported by pfSense is incorrect when more than one server instance is instantiated.
Server
- Create two OpenVPN p2p server instances on a pfSense machine. Do this by specifying a unique tunnel network of /30 on each instance. The pfSense OpenVPN status widget will then group the server instances as per Figure 1 below.
- Create two client instances on other pfSense machines to dial into the two servers respectively. Ensure each server tunnel network is specified in the client tunnel network field too.
The clients will successfully connect as per Figure 2 and Figure 3. However, the server status on Figure 1 shows only one connection.
I am not sure whether this is a limitation of the OpenVPN management sockets or an issue in pfSense, but I thought I would raise it here to make the relevant people aware of it's existence regardless.
I connected to the OpenVPN management socket manually for the OpenVPN server instances and it seems that the status messages are extremely vague when operating in p2p mode compared to remote access mode. See output of server1 below:
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
OpenVPN STATISTICS
Updated,Sat Oct 13 12:40:23 2018
TUN/TAP read bytes,2957
TUN/TAP write bytes,1928
TCP/UDP read bytes,14492
TCP/UDP write bytes,14092
Auth read bytes,2792
pre-compress bytes,0
post-compress bytes,0
pre-decompress bytes,0
post-decompress bytes,0
END
Best wishes,
James
Files
Updated by James Webb over 5 years ago
Update
- After trying on a fresh install on my VM, the issue seems to no longer be present.
Please disregard the above and close this issue, if I find this to be a problem in the future I'll open a new issue.