Can't connect more than one airvpn client ...
-
Hi ! i struggle A LOT with pfsense ...
i use airvpn and i can't connect more than one vpn client to it.
it's seems , whatever conf i make (udp or tcp or whatever), the openvpn client on "socket.2" 'or socket.3 etc...) never connect and never get ip adress from the server ... it's stay at 'pending'.However the first tunnel still works well.
I have check everything !!!! (routes / interface assignation / rules / vpn settings) ...
WIth almost the same parameter (they are all airvpn servers) , the first connect but not the second ...Even worst , struggeling to make this works , i have try to add NAT oubound rule related to the second vpn interface ... and i don't remenber exactly what i did with the gui but when i save settings i end up with "a crash of the gui written in yellow at the top of the screen" and a line in the nat table of the gui with " 5:16:42 PHP ERROR: Type: 1, File: /usr/local/www/firewall_nat_out.php, Line: 340, Message: Uncaught Error: Cannot use string offset as an array in /usr/local/www/firewall_nat_out.php:340
Stack trace:
#0 {main}
thrown"of course the "nat page of the gui" don't work anymore with this line in it (delete button do nothing) ... i had to restore a conf file to use it again !!!! (yeee)
and the last ... for now i have disabled dpinger in all interface ... but if i set "monitoring gateway of the interface of the first vpn (who works) with a "distant ip" (let's says in tunnel pfsense have 10.11.11.2 , i want ping to monitor 10.11.11.1) then the first vpn disconnect and can't connect anymore !!!
this is the log of openvpn ... but nothing in it .. i try wireshark but it's seems server never answers to to the first udp packet ...
Jul 30 04:03:22 openvpn 57435 MANAGEMENT: Client disconnected
Jul 30 04:03:22 openvpn 57435 MANAGEMENT: CMD 'state 1'
Jul 30 04:03:22 openvpn 57435 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jul 30 04:03:17 openvpn 57435 UDPv4 link remote: [AF_INET]195.206.105.226:443
Jul 30 04:03:17 openvpn 57435 UDPv4 link local (bound): [AF_INET]192.168.7.254:0
Jul 30 04:03:17 openvpn 57435 Socket Buffers: R=[42080->262144] S=[57344->262144]
Jul 30 04:03:17 openvpn 57435 TCP/UDP: Preserving recently used remote address: [AF_INET]195.206.105.226:443
Jul 30 04:03:17 openvpn 57435 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 30 04:03:17 openvpn 57435 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 30 04:03:17 openvpn 57435 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 30 04:03:17 openvpn 57435 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 30 04:03:17 openvpn 57435 Initializing OpenSSL support for engine 'rdrand'
Jul 30 04:03:17 openvpn 57435 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 30 04:03:17 openvpn 57435 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client2.sock
Jul 30 04:03:17 openvpn 57308 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jul 30 04:03:17 openvpn 57308 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018Maybe my next try it's to stop lro / tso / cheksum hardware check on interfaces ...
it's a pfsense in a esxi 6.7.0 u2 ... maybe theses prevent the second vpn to works ??? (but i don't think so ...)Anyways ... if someone have succefully setup multiples airvpn clients on the last pfsense maybe he can help me ;)))
I want to know why the first work and not the second !!!! it's crazy if it's not a pfsense bug !
Have nice days ;)
-
@maba Is your pfSense an ARM Box or PC Build? I can't get it working on my SG-2100.
My AirVPN posting How To Set Up pfSense+ for AirVPN.
-
Hi Maba, I am nor sure what you are trying to accomplish. Are you looking to have mulitable connections for back up or are you trying to increase vpn band width more than one connection?
Take a look at this guide and see if it helps. https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ -
it was on a pc build. My mistake was to not choose a "tls-crypt, tls1.2" airvpn server. only those works on pfsense.