No traffic over p2p shared key tunnel after upgrade to 2.3.4 (coming from 2.2.5)

  • Hi,

    We finally upgraded to 2.3.x of pfsense and coming from 2.2.5.

    Now i have the problem that i the VPN p2p tunnel we had is not working anymore.
    When i look at routing (which was opposed in the other forum) this looks ok to me but i cannot even ping the tunnel ip's on both sides.

    On the server side i have the following:
    Tunnel network ip is
    Local network is

    default UGS 40676 1500 fxp0 link#11 UHS 0 16384 lo0 link#11 UH 656 1500 ovpns4 link#8 UH 7122 16384 lo0 UGS 1592 1500 ovpns4 UGS 250 1500 ovpns4

    On the client side i have the following:
    Tunnel network IP is
    Local network is and

    Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
    default        gateway        UG    100    0        0 enp5s0 UH    0      0        0 ovpnc2  UG    0      0        0 ovpnc2  U    100    0        0 enp4s1

    The VPN tunnel connection is ok.
    And firewall let's everything through to these networks.
    But when i try to ping on the firewall to i get 100% packet loss
    The same on the client for pinging

    If i ping the machine it's own tunnel ip it works.

    Weird thing is though when looking in the states table i see sometimes states between the two networks.

    Config server side:

    General information:
    Server mode: Peer to Peer (Shared key)
    Protocol : UDP
    Device mode: tun
    interface : <our external="" ip="">local port: 1197

    Cryptographic Settings:
    Shared Key: <key>Encryption Algorythm : AES-256-CBC (256 bit key, 128 bit bloc)
    Auth digest alogithm: SHA1 (160-bit)
    Hardware crypto: No hardware….

    Tunnel settings
    IPv4 Tunnel network:
    IPv4 Remote networks:,
    Compression : No preference
    Type of service: not checked
    Duplicate connection: not checked
    Disable IPv6: checked

    Advanced configuration
    Custom Options: empty

    config client side
    dev ovpnc2
    dev-type tun
    #dev-node /dev/tun2
    #writepid /var/run/
    #user nobody
    #group nobody
    #script-security 3
    keepalive 10 60
    proto udp
    cipher AES-256-CBC
    #up /usr/local/sbin/ovpn-linkup
    #down /usr/local/sbin/ovpn-linkdown
    lport 0
    #management /var/etc/openvpn/client2.sock unix
    remote <our external="" ip="">#remote
    port 1197
    secret /etc/openvpn/dqna_hq.secret
    #secret /etc/openvpn/static_v2.key</our></key></our>

  • Ok I can shoot myself.
    Found the problem after lots of side testing and not working.

    The other side needed a fresh start of the openVPN client  :o  ::).

    Got a bit sidetracked by the fact it connects automatically and tunnel seemed to be functional (without traffic).

  • I logged on to my pfSense today and was pretty horrified to see a 502 error page. I didn't want to reboot until I understood the cause. I did have the OpenVPN Widget and IPSec VPN Widget running on the homepage of pfSense. I also changed my firewall logs to show 20 results, show FAIL & REJECT, and refresh every 1 second. Perhaps this was a bit too aggressive. My OpenVPN clients couldn't connect via OpenVPN but IPSec VPN was able to still connect.

    As advised earlier, restarting PHP-FPM using the numerical menu options in the pfSense console allowed the OpenVPN tunnels to connect again, and removed the 502 error.

    Hope this helps.

Log in to reply