Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN TAP is crashing after connect

    OpenVPN
    1
    2
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redflag237
      last edited by

      Hi,

      I've set up an openVPN Tunnel using TAP/TLS-Client.
      Pull is enabled for config.

      This is my openVPN config:

      
Server Mode: PeerToPeer (SSL/TLS)
Protocol: TCP
Device Mode: TAP
Remote mydyndns.no-ip.org
Port 4733
TLS-Auth of Packets: NO
Crypto: AES-128-CBC

Advanced Settings:
>dev tap
>proto tcp-client
>tls-client
>cipher AES-128-CBC
>pull
>auth SHA1
>verb 5
>auth-user-pass /home/firewallconn
>auth-nocache

      Log Output on Connection:

      
Oct 21 10:01:01	openvpn[47597]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 21 10:01:01	openvpn[47597]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 10:01:01	openvpn[47597]: Initializing OpenSSL support for engine 'cryptodev'
Oct 21 10:01:01	openvpn[47597]: Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Oct 21 10:01:01	openvpn[47597]: Socket Buffers: R=[65228->65536] S=[65228->65536]
Oct 21 10:01:01	openvpn[47597]: Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Oct 21 10:01:01	openvpn[47597]: Local Options String: 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_CLIENT,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Oct 21 10:01:01	openvpn[47597]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_SERVER,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Oct 21 10:01:01	openvpn[47597]: Local Options hash (VER=V4): 'c288c4ff'
Oct 21 10:01:01	openvpn[47597]: Expected Remote Options hash (VER=V4): '6a9bf004'
Oct 21 10:01:01	openvpn[47778]: Attempting to establish TCP connection with [AF_INET]***.***.82.35:4733 [nonblock]
Oct 21 10:01:02	openvpn[47778]: TCP connection established with [AF_INET]***.***.82.35:4733
Oct 21 10:01:02	openvpn[47778]: TCPv4_CLIENT link local (bound): [AF_INET]***.***.22.211
Oct 21 10:01:02	openvpn[47778]: TCPv4_CLIENT link remote: [AF_INET]***.***.82.35:4733
Oct 21 10:01:02	openvpn[47778]: TLS: Initial packet from [AF_INET]***.***.82.35:4733, sid=de714a64 aa9c39a7
Oct 21 10:01:04	openvpn[47778]: VERIFY OK: depth=1, C=DE, ST=[...]
Oct 21 10:01:04	openvpn[47778]: VERIFY OK: depth=0, C=DE, ST=[...]
Oct 21 10:01:05	openvpn[47778]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 21 10:01:05	openvpn[47778]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 21 10:01:05	openvpn[47778]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 21 10:01:05	openvpn[47778]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 21 10:01:05	openvpn[47778]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Oct 21 10:01:05	openvpn[47778]: [jupiter.home] Peer Connection Initiated with [AF_INET]***.***.82.35:4733
Oct 21 10:01:07	openvpn[47778]: SENT CONTROL [jupiter.home]: 'PUSH_REQUEST' (status=1)
Oct 21 10:01:12	openvpn[47778]: SENT CONTROL [jupiter.home]: 'PUSH_REQUEST' (status=1)
Oct 21 10:01:18	openvpn[47778]: SENT CONTROL [jupiter.home]: 'PUSH_REQUEST' (status=1)
Oct 21 10:01:18	openvpn[47778]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.178.2.1,dhcp-option WINS 10.178.2.1,ping 20,ping-restart 60,route-gateway 10.178.2.1,ifconfig 10.178.2.2 255.255.255.0'
Oct 21 10:01:18	openvpn[47778]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 21 10:01:18	openvpn[47778]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 21 10:01:18	openvpn[47778]: OPTIONS IMPORT: route-related options modified
Oct 21 10:01:18	openvpn[47778]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 21 10:01:18	openvpn[47778]: TUN/TAP device /dev/tap2 opened
Oct 21 10:01:18	openvpn[47778]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Oct 21 10:01:18	openvpn[47778]: /sbin/ifconfig tap 10.178.2.2 netmask 255.255.255.0 mtu 1500 up
Oct 21 10:01:18	openvpn[47778]: FreeBSD ifconfig failed: external program exited with error status: 1
Oct 21 10:01:18	openvpn[47778]: Exiting due to fatal error

      Can anybody help, please?

      1 Reply Last reply Reply Quote 0
      • R
        redflag237
        last edited by

        Hi together,

        As i remember,
        there was an fix-package available for openvpn-tap. Never needed to use tap before on pfSense.
        The System is a fresh and clean 2.1-installation, even one day ago.
        Peer is an mikrotik device with RouterOS 6.4, where other windows-clients are able to connect successfully.

        Thanks in advance for replies.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.