Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - Blocking DNS failed, unable to connect to VPN

    OpenVPN
    2
    3
    16.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GavinM
      last edited by

      (Moved from 'DHCP and DNS' as this is OpenVPN issue)

      I am having an issue with one of our remote users who can no longer access our LAN.

      I have a couple of others who also access the servers from overseas with no issue.

      This has only occurred in the last few weeks and nothing has been knowingly changed at either end.

      On Friday an attempt was made to create a new connection for the user and doing a clean install of the client using the 'Client Export' created installer.

      The log appears to show everything starting ok until the Blocking DNS service tried to start.

      Quote
      Fri Nov 03 15:07:08 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
      Fri Nov 03 15:07:08 2017 Windows version 6.1 (Windows 7) 64bit
      Fri Nov 03 15:07:08 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
      Enter Management Password:
      Fri Nov 03 15:07:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.x.xx.xxx:1194
      Fri Nov 03 15:07:08 2017 Attempting to establish TCP connection with [AF_INET]xx.x.xx.xxx:1194 [nonblock]
      Fri Nov 03 15:07:09 2017 TCP connection established with [AF_INET]xx.x.xx.xxx:1194
      Fri Nov 03 15:07:09 2017 TCP_CLIENT link local (bound): [AF_INET][undef]:0
      Fri Nov 03 15:07:09 2017 TCP_CLIENT link remote: [AF_INET]xx.x.xx.xxx:1194
      Fri Nov 03 15:07:11 2017 [server] Peer Connection Initiated with [AF_INET]xx.x.xx.xxx:1194
      Fri Nov 03 15:07:12 2017 open_tun
      Fri Nov 03 15:07:12 2017 TAP-WIN32 device [Local Area Connection 9] opened: \.\Global{0971897D-033D-4511-868E-2D97DD43E0BF}.tap
      Fri Nov 03 15:07:12 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.171.0/192.168.171.8/255.255.255.0 [SUCCEEDED]
      Fri Nov 03 15:07:12 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.171.8/255.255.255.0 on interface {0971897D-033D-4511-868E-2D97DD43E0BF} [DHCP-serv: 192.168.171.254, lease-time: 31536000]
      Fri Nov 03 15:07:12 2017 Successful ARP Flush on interface [26] {0971897D-033D-4511-868E-2D97DD43E0BF}
      Fri Nov 03 15:07:12 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Fri Nov 03 15:07:12 2017 Block_DNS: adding block dns filters using service failed: There are no more endpoints available from the endpoint mapper.  [status=0x6d9 if_index=26]
      Fri Nov 03 15:07:12 2017 Blocking DNS failed!
      Fri Nov 03 15:07:12 2017 Exiting due to fatal error

      Any advice on the cause and how to rectify this would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Your on old version of openvpn 2.4.1  Current is 2.4.4  What version of pfsense are you running..

        Here is whole thread about this here
        https://sourceforge.net/p/openvpn/mailman/message/35876049/

        I would suggest you update.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • G
          GavinM
          last edited by

          PFSense is currently running version 2.3.4 and it says there is the option to upgrade to version 2.4.1

          I am a little reluctant to do this as it could potentially lead to other issues (especially after reading through some of the problems others have had after doing the same) and it is only affecting one person.

          There is an option on the 'Certificate Export' page to use the 'Old Windows Installer' ver 2.3.14, as this is also a 2.3 release (as the server), could trying this potentially 'fix' the issue? I will give this a go.

          It should be noted that several users have been using the 2.4.1 client, as issued by the Client Export page, with no problems.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.