• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Upgraded from 2.6 to 2.7 and OpenVPN client no longer works

Scheduled Pinned Locked Moved OpenVPN
4 Posts 2 Posters 728 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    anonymouse
    last edited by anonymouse Jul 28, 2023, 12:53 PM Jul 28, 2023, 12:47 PM

    I have a very basic and simple setup. I connect to an external VPN via this guide:
    https://mullvad.net/en/help/using-pfsense-mullvad/

    This used to work fine for 2.6, but now, unfortunately, no longer works.

    What happens is the following:

    1. I restart the OpenVPN client
    2. I ping from my laptop to a known external IP and I get back result (< 20ms)
    3. I start browsing the internet on a browser. Sometimes something renders, but most of the times it just gets stuck.
    4. I try to ping the external IP again from my laptop, and I get Request timeout for icmp_seq ...

    I can repeat the instructions above and it's 100% reproducable every single time.

    This is with a factory reset of 2.7, and by following the instructions on top of this post.

    Do you perhaps have an idea what could be going on here?

    S 1 Reply Last reply Jul 30, 2023, 12:24 AM Reply Quote 0
    • S
      SeaMonkey @anonymouse
      last edited by Jul 30, 2023, 12:24 AM

      @anonymouse What errors, if any, do you see in your OpenVPN log?

      1 Reply Last reply Reply Quote 0
      • A
        anonymouse
        last edited by Jul 30, 2023, 10:10 AM

        I've attached the log below.

        There are two parts that I'm not too sure about:

        • SIGTERM[soft,exit-with-notification] received, process exiting
        • GDG6: problem writing to routing socket: No such process (errno=3)

        The web GUI says it connected successfully and stays connected while I experience the problems described in the first post.

        Jul 28 18:23:52	openvpn	70772	event_wait : Interrupted system call (fd=-1,code=4)
Jul 28 18:23:52	openvpn	70772	SIGTERM received, sending exit notification to peer
Jul 28 18:23:53	openvpn	70772	delete_route_ipv6(::/2)
Jul 28 18:23:53	openvpn	70772	delete_route_ipv6(4000::/2)
Jul 28 18:23:53	openvpn	70772	delete_route_ipv6(8000::/2)
Jul 28 18:23:53	openvpn	70772	delete_route_ipv6(c000::/2)
Jul 28 18:23:53	openvpn	70772	/sbin/ifconfig ovpnc1 10.15.0.31 -alias
Jul 28 18:23:53	openvpn	70772	/sbin/ifconfig ovpnc1 inet6 CENSORED_IPV6:1301::101d/64 -alias
Jul 28 18:23:53	openvpn	70772	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 0 10.15.0.31 255.255.0.0 init
Jul 28 18:23:53	openvpn	75022	Flushing states on OpenVPN interface ovpnc1 (Link Down)
Jul 28 18:23:53	openvpn	70772	SIGTERM[soft,exit-with-notification] received, process exiting
Jul 28 18:23:53	openvpn	88678	WARNING: file '/var/etc/openvpn/client1/up' is group or others accessible
Jul 28 18:23:53	openvpn	88678	OpenVPN 2.6.4 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
Jul 28 18:23:53	openvpn	88678	library versions: OpenSSL 1.1.1t-freebsd 7 Feb 2023, LZO 2.10
Jul 28 18:23:53	openvpn	88678	DCO version: FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n255866-686c8d3c1f0: Wed Jun 28 04:21:19 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/obj/amd64/LwYAddCr/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/sources/FreeBSD-src-REL
Jul 28 18:23:53	openvpn	88884	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 28 18:23:53	openvpn	88884	Initializing OpenSSL support for engine 'rdrand'
Jul 28 18:23:53	openvpn	88884	WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Jul 28 18:23:53	openvpn	88884	TCP/UDP: Preserving recently used remote address: [AF_INET]CENSORED_REMOTE_IP:80
Jul 28 18:23:53	openvpn	88884	Attempting to establish TCP connection with [AF_INET]CENSORED_REMOTE_IP:80
Jul 28 18:23:53	openvpn	88884	TCP connection established with [AF_INET]CENSORED_REMOTE_IP:80
Jul 28 18:23:53	openvpn	88884	TCPv4_CLIENT link local (bound): [AF_INET]192.168.178.23:0
Jul 28 18:23:53	openvpn	88884	TCPv4_CLIENT link remote: [AF_INET]CENSORED_REMOTE_IP:80
Jul 28 18:23:53	openvpn	88884	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 28 18:23:53	openvpn	88884	[nl-ams-ovpn-003.mullvad.net] Peer Connection Initiated with [AF_INET]CENSORED_REMOTE_IP:80
Jul 28 18:23:56	openvpn	88884	GDG6: problem writing to routing socket: No such process (errno=3)
Jul 28 18:23:56	openvpn	88884	TUN/TAP device ovpnc1 exists previously, keep at program end
Jul 28 18:23:56	openvpn	88884	TUN/TAP device /dev/tun1 opened
Jul 28 18:23:56	openvpn	88884	/sbin/ifconfig ovpnc1 10.6.0.7/16 mtu 1500 up
Jul 28 18:23:56	openvpn	88884	/sbin/ifconfig ovpnc1 inet6 CENSORED_IPV6:80::1005/64 mtu 1500 up
Jul 28 18:23:56	openvpn	88884	/usr/local/sbin/ovpn-linkup ovpnc1 1500 0 10.6.0.7 255.255.0.0 init
Jul 28 18:23:56	openvpn	88884	add_route_ipv6(::/2 -> CENSORED_IPV6:80:: metric -1) dev ovpnc1
Jul 28 18:23:56	openvpn	88884	add_route_ipv6(4000::/2 -> CENSORED_IPV6:80:: metric -1) dev ovpnc1
Jul 28 18:23:56	openvpn	88884	add_route_ipv6(8000::/2 -> CENSORED_IPV6:80:: metric -1) dev ovpnc1
Jul 28 18:23:56	openvpn	88884	add_route_ipv6(c000::/2 -> CENSORED_IPV6:80:: metric -1) dev ovpnc1
Jul 28 18:23:56	openvpn	88884	Initialization Sequence Completed

        What fascinates me is that I can keep pinging a remote host indefinitely without failure up until the point I start browsing on my laptop. At that stage, I can no longer ping anything.

        Could that be a routing problem? I have no firewall rules configured for OPT1 nor OpenVPN, and I have only the default 3 LAN rules setup:

        • 0/585 KiB * * * LAN Address 443 80 22 * * Anti-Lockout Rule
        • 23/1.16 MiB IPv4 * LAN net * * * * none Default allow LAN to any rule
        • 0/0 B IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
        1 Reply Last reply Reply Quote 0
        • A
          anonymouse
          last edited by Aug 5, 2023, 5:56 PM

          I think I found the culprit, yet I have no idea how to fix it:

          Aug  5 19:49:25 pfSense filterlog[41547]: 5,,,1000000104,ovpnc1,match,block,out,4,0x0,,63,0,0,DF,6,tcp,141,10.15.0.2,OUTGOING_IP,13281,443,89,FPA,1717258034:1717258123,761365153,2048,,nop;nop;TS

          I see that it also blocks the OPT1 traffic in the system log, as it mentions Default deny rule IPv4 (1000000104).

          Does anyone see anything wrong with the instructions I posted in the first post? It doesn't mention any firewall rules on the OPT1 or OpenVPN tab. However, I have come to believe this is no longer correct. Yet when I allow any traffic, it also still doesn't work. It could potentially be asymmetric routing according to the documentation, but I use UDP as a protocol, which it mentions that it shouldn't affect it (https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html).

          Any help would be greatly appreciated!

          1 Reply Last reply Reply Quote 1
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received