OpenVPN - Blocking DNS failed, unable to connect to VPN



  • (Moved from 'DHCP and DNS' as this is OpenVPN issue)

    I am having an issue with one of our remote users who can no longer access our LAN.

    I have a couple of others who also access the servers from overseas with no issue.

    This has only occurred in the last few weeks and nothing has been knowingly changed at either end.

    On Friday an attempt was made to create a new connection for the user and doing a clean install of the client using the 'Client Export' created installer.

    The log appears to show everything starting ok until the Blocking DNS service tried to start.

    Quote
    Fri Nov 03 15:07:08 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
    Fri Nov 03 15:07:08 2017 Windows version 6.1 (Windows 7) 64bit
    Fri Nov 03 15:07:08 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
    Enter Management Password:
    Fri Nov 03 15:07:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.x.xx.xxx:1194
    Fri Nov 03 15:07:08 2017 Attempting to establish TCP connection with [AF_INET]xx.x.xx.xxx:1194 [nonblock]
    Fri Nov 03 15:07:09 2017 TCP connection established with [AF_INET]xx.x.xx.xxx:1194
    Fri Nov 03 15:07:09 2017 TCP_CLIENT link local (bound): [AF_INET][undef]:0
    Fri Nov 03 15:07:09 2017 TCP_CLIENT link remote: [AF_INET]xx.x.xx.xxx:1194
    Fri Nov 03 15:07:11 2017 [server] Peer Connection Initiated with [AF_INET]xx.x.xx.xxx:1194
    Fri Nov 03 15:07:12 2017 open_tun
    Fri Nov 03 15:07:12 2017 TAP-WIN32 device [Local Area Connection 9] opened: \.\Global{0971897D-033D-4511-868E-2D97DD43E0BF}.tap
    Fri Nov 03 15:07:12 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.171.0/192.168.171.8/255.255.255.0 [SUCCEEDED]
    Fri Nov 03 15:07:12 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.171.8/255.255.255.0 on interface {0971897D-033D-4511-868E-2D97DD43E0BF} [DHCP-serv: 192.168.171.254, lease-time: 31536000]
    Fri Nov 03 15:07:12 2017 Successful ARP Flush on interface [26] {0971897D-033D-4511-868E-2D97DD43E0BF}
    Fri Nov 03 15:07:12 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Fri Nov 03 15:07:12 2017 Block_DNS: adding block dns filters using service failed: There are no more endpoints available from the endpoint mapper.  [status=0x6d9 if_index=26]
    Fri Nov 03 15:07:12 2017 Blocking DNS failed!
    Fri Nov 03 15:07:12 2017 Exiting due to fatal error

    Any advice on the cause and how to rectify this would be greatly appreciated.


  • LAYER 8 Global Moderator

    Your on old version of openvpn 2.4.1  Current is 2.4.4  What version of pfsense are you running..

    Here is whole thread about this here
    https://sourceforge.net/p/openvpn/mailman/message/35876049/

    I would suggest you update.



  • PFSense is currently running version 2.3.4 and it says there is the option to upgrade to version 2.4.1

    I am a little reluctant to do this as it could potentially lead to other issues (especially after reading through some of the problems others have had after doing the same) and it is only affecting one person.

    There is an option on the 'Certificate Export' page to use the 'Old Windows Installer' ver 2.3.14, as this is also a 2.3 release (as the server), could trying this potentially 'fix' the issue? I will give this a go.

    It should be noted that several users have been using the 2.4.1 client, as issued by the Client Export page, with no problems.


Log in to reply