Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Release 2.5 + OpenVPN 2.5 broken? Any fixes?

    Scheduled Pinned Locked Moved General pfSense Questions
    118 Posts 9 Posters 32.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @N8LBV
      last edited by

      @n8lbv
      Log from the client side, right ?
      "Socket not found" and "Socket bind failed on local address" : The interface used is down or no IP ?

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator @N8LBV
        last edited by

        @n8lbv said in PFSense Release 2.5 + OpenVPN 2.5 broken? Any fixes?:

        Clicked the start button (in the client ipsec status page) and it came back up and is working.

        Did you mean IPSec here?

        N8LBVN 1 Reply Last reply Reply Quote 0
        • N8LBVN
          N8LBV @stephenw10
          last edited by

          @stephenw10 No sorry only testing openvpn at this point.
          Must have been really tired when I posted that.
          Also it's been up & working 18 days since that post.
          We're both on battery backup.
          It just that when it gets shutdown or rebooted that thing go wonky again
          and I have to mess with it to get it to work.

          I feel more like I do now.

          N8LBVN 1 Reply Last reply Reply Quote 0
          • N8LBVN
            N8LBV @N8LBV
            last edited by

            This continues to be an issue.
            Had to restart the OPenVPN physical server and lose the vpn client connection.
            For this reason I have been unable to use any openVPN site to site persistant tunnels.

            I'm guessing anyone doing this has to use IPSEC for this purpose.
            The tunnel stayed up since my last post here back in March.
            But the moment that either end of the tunnel gets rebooted or loses power the tunnel is gone and never comes back on its own ever.
            Took me a half-hour of messing with it restarting services, re-saving the WAN connection settings to get it to work again.

            Same as before.

            I will need to look around and research if anyone else has reported or fixed this or related issues since March of 2022.

            -Steve

            I feel more like I do now.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I have several OpenVPN site to site tunnels and have done in all pfSense versions without any significant issues.
              Currently I'm running 22.05 there and will shortly be moving to 23.01 snapshots for testing.

              PSK will be going away in OpenVPN at some point so if you're using that for S2S tunnels it's worth switching to ssl/tls now. Though that shouldn't be causing any problems currently.

              Steve

              N8LBVN 1 Reply Last reply Reply Quote 0
              • N8LBVN
                N8LBV @stephenw10
                last edited by N8LBV

                @stephenw10 Thanks for the reply..
                When you say "all versions" not exactly sure what that means or if it matters too much but
                the more data points the better for sure.

                The problem might have something to do with the fact I am running multiple static IP (two in use at the moment) on the
                router public Internet facing versus using only one IP address.
                And I guess I may be in a minority here being the combination of this and running an openvpn
                server.

                This is also my first attempt to ever use OpenVPN for site to site..
                IPSEC works find always has and I think most people are using IPSEC for S2S even with PFSense.

                This time around I wanted to be "different" and see if I could use OPENVPN instead for what I have
                always done in the past with IPSEC on PFSense.

                I've not tried using this type of configuration in production with any clients yet.
                For now it's just a single test connection going to a friend's house.

                I will need to do some work if I want to troubleshoot it further and work on a fix.
                narrow it down to if a single IP address fixes it and such.

                And simplify the arrangement as much as possible.
                Right now I'm running two VPN serves on two different ports.
                I don't think that's part of the problem but I'll need to re-test that.
                I seem to remember trying that to rule it out but didn't document it unless I documented it here
                on this thread which I'll have to have a full lookback before I go back to work on it.

                The connection had been up for months and I had to reboot the router at the friends house
                and had to visit this all over again as it takes some significant fussing about it restarting services
                and re-saving the settings on the WAN page to get the connection to work again.

                I need to better track that process and determine what exactly does get the connection to work again when it finally does...
                As of now it's just random restarting things and re-saving the WAN page on BOTH ends until it works.

                Which is no position to actually start troubleshooting this from.
                I really need to read my previous nodes (above) to remind myself of what I had determined already on this. :)

                Thanks for the heads-up on PSK going away. (I've not been keeping up lately).
                I will start to get familiar with that now that you mentioned it.

                I am super happy that AES-NI did not end up being a requirement as it was going to be.
                SO many of my implementations do not need it and so many of my customers are on
                Little J1900 no moving parts firewalls that do a great job for their needs.

                I feel more like I do now.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Yeah, I'd have to re-read it all too. 😉

                  But I would expect that to work without issues. I have run s2s OpenVPN tunnels in each version as we've released them and I've not seen an issue with tunnels failing that couldn't be fixed with a config change.
                  So I guess I'd say let's try to see exactly what's happening now and what's logged when it happens.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • N8LBVN
                    N8LBV
                    last edited by N8LBV

                    Probably not the most elegant solution but I just switched the family and friends VPN server to 2.7
                    This appears to have fixed it.
                    I actually just moved the edge router (PFSense) from ESXI6 over to a Hyper-V server.
                    I ran into all sorts of issues with speed to-from PFSense in Hyper-V and Hyper-V
                    and other VMs on the server.
                    Was getting 2mbps upload and around 3mbps download between servers.
                    and to the gigabit lan and a 2.5gb lan.
                    Read the huge PFS/FreeBSD/RSC Reddit thread for an hour or so.

                    Turning off RSC globally fixed the issue to the wired networks, but still had slow
                    transfers from PFsense to the other VMs.
                    Threw in the towel and switched to 2.7 and everything appears to be great.

                    This also appears to have fixed the ongoing issue I've had with OPENVPN tunnel server connections not being able to re-establish themselves (after a reboot/restart) without requiring manually going in and re-saving the WAN settings page as well as restarting the two OpenVPN servers I have on my PFsense system.

                    I feel more like I do now.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Yeah, that Hyper-V RSC issue in 2.6 was painful. But as you said is fixed in 2.7, RSC support in the hn driver is disabled by default.
                      Good news on the OpenVPN server there too. Would have been nice to know exactly what the cause was. There have been a number of fixes gone in for boot issues though. Many of them are only ever hit on some systems because of timing issues. I could imagine this being one of them.

                      Steve

                      N8LBVN 1 Reply Last reply Reply Quote 1
                      • N8LBVN
                        N8LBV @stephenw10
                        last edited by N8LBV

                        @stephenw10 switching over to 2.7 in January was a great fix for me.
                        Those systems are working flawlessly and have stayed up for months now and have not had to
                        be messed with.

                        I tried to setup another one about a week ago and I am no longer able to create a working 2.7 system.
                        If I upgrade from a clean 2.6.0 install to 2.7 it makes a system that hardlocks as soon as it tries to boot.
                        If I try a memstick install (from february the ONLY snapshot I can find anywhere) the installer will not boot and gives only a solid cursor.
                        I tried a lot of things I did not yet document.
                        At the moment I'm stuck!

                        I also started a new thread here:
                        link text

                        I feel more like I do now.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Mmm, yeah let me see about getting the 2.7 snapshots back. That Feb 15th snap ws the lasts one with php8.1 which is why it's there.
                          Upgrading fails but only in Hyper-V I assume?

                          N8LBVN 1 Reply Last reply Reply Quote 0
                          • N8LBVN
                            N8LBV @stephenw10
                            last edited by

                            @stephenw10 Hi,
                            Upgrading fails in all cases I have tried if upgrading from 2.6.0
                            Hyper-V and 4 different PC hardware routers I have tried it on.
                            I have two separate threads I started on that yesterday.
                            in the dev section for 2.7.0 CE
                            It used to work awhile back but at some point along the way it no longer works.
                            You can't upgrade from 2.6.0 to 2.7.0 dev latest
                            Well- you can but it results in an unbootable kernel or driver immediate failure when it goes
                            to reboot.
                            But works fine if you install the 2.7.0 CE memstick and then update from that.
                            That is my work-around and I'm very happy that at least works.
                            2.7 openvpns setups stay up like they're supposed to :)

                            I feel more like I do now.

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.