OpenVPN TAP on pf 2.4.1 not working with UDP, working with TCP or pf 2.3.3
-
Hy,
First i have to say that this config was working perflectly for 1 year on pfsense 2.3.3 :
OpenVPN / TAP Mode with a bridge interface / UDP 1194
On a new site i'm using same configuration with Pfsense 2.4.1, with TCP-CLIENT, it's working but it's a bit slow.
With UDP, client can't get any IP on DHCP :
Mon Nov 20 10:40:01 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017 Mon Nov 20 10:40:01 2017 Windows version 6.2 (Windows 8 or greater) 64bit Mon Nov 20 10:40:01 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Enter Management Password: Mon Nov 20 10:40:03 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194 Mon Nov 20 10:40:03 2017 UDP link local (bound): [AF_INET][undef]:1194 Mon Nov 20 10:40:03 2017 UDP link remote: [AF_INET]XX.XX.XX.XX:1194 Mon Nov 20 10:40:03 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Nov 20 10:40:03 2017 [openvpn] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194 Mon Nov 20 10:40:04 2017 open_tun Mon Nov 20 10:40:04 2017 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{2D5F6F68-DDF3-4122-8BBF-B8C76AC50CFF}.tap Mon Nov 20 10:40:04 2017 Successful ARP Flush on interface [8] {2D5F6F68-DDF3-4122-8BBF-B8C76AC50CFF} Mon Nov 20 10:40:09 2017 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing Mon Nov 20 10:40:09 2017 Initialization Sequence Completed
With TCP-CLIENT i don't have the latest line.
Carte Ethernet Ethernet 3 : Suffixe DNS propre à la connexion. . . : Description. . . . . . . . . . . . . . : TAP-Windows Adapter V9 Adresse physique . . . . . . . . . . . : 00-FF-2D-5F-6F-68 DHCP activé. . . . . . . . . . . . . . : Oui Configuration automatique activée. . . : Oui Adresse IPv6 de liaison locale. . . . .: fe80::7d0e:5457:32db:1add%8(préféré) Adresse d’autoconfiguration IPv4 . . . : 169.254.26.221(préféré) Masque de sous-réseau. . . . . . . . . : 255.255.0.0 Passerelle par défaut. . . . . . . . . : IAID DHCPv6 . . . . . . . . . . . : 620822317 DUID de client DHCPv6\. . . . . . . . : 00-01-00-01-20-36-6A-05-74-DF-BF-73-86-F9 Serveurs DNS. . . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS sur Tcpip. . . . . . . . . . . : Activé
There is not difference in pfsense configuration for openvpn except tcp / udp and ports.
Conclusion :
- TAP Mode with UDP 1194 on 2.3.3 => OK
- TAP Mode with TCP 2294 on 2.4.1 => OK
- TAP Mode with UDP 1194 on 2.4.1 => KO (no IP from DHCP…)
I'm planning to upgrade my pfsense to 2.4.1 but it's not possible with this bug ?
Thanks if anyone could help me,
Guldil
-
other test :
- latest version of OpenVPN Client (2.4.4) => KO
- recreated a configuration with Export Client from Pfsense 2.4.1 => KO
- force "ip /renew" manually after connection => KO
-
finally latest test, i switch my pfsense 2.4.1 for a 2.3.3 and everthing is working as expected with OpenVPN and UDP.
My openvpnclient acquire IP from DHCP.
So there is something wrong with my 2.4.1
I'll reinstall a 2.3.5 on my pfsense 2.4.1 we'll see.