OpenVPN TAP on pf 2.4.1 not working with UDP, working with TCP or pf 2.3.3



  • Hy,

    First i have to say that this config was working perflectly for 1 year on pfsense 2.3.3 :

    OpenVPN / TAP Mode with a bridge interface / UDP 1194

    On a new site i'm using same configuration with Pfsense 2.4.1, with TCP-CLIENT, it's working but it's a bit slow.

    With UDP, client can't get any IP on DHCP :

    Mon Nov 20 10:40:01 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
    Mon Nov 20 10:40:01 2017 Windows version 6.2 (Windows 8 or greater) 64bit
    Mon Nov 20 10:40:01 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
    Enter Management Password:
    Mon Nov 20 10:40:03 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
    Mon Nov 20 10:40:03 2017 UDP link local (bound): [AF_INET][undef]:1194
    Mon Nov 20 10:40:03 2017 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
    Mon Nov 20 10:40:03 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Nov 20 10:40:03 2017 [openvpn] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
    Mon Nov 20 10:40:04 2017 open_tun
    Mon Nov 20 10:40:04 2017 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{2D5F6F68-DDF3-4122-8BBF-B8C76AC50CFF}.tap
    Mon Nov 20 10:40:04 2017 Successful ARP Flush on interface [8] {2D5F6F68-DDF3-4122-8BBF-B8C76AC50CFF}
    Mon Nov 20 10:40:09 2017 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
    Mon Nov 20 10:40:09 2017 Initialization Sequence Completed
    

    With TCP-CLIENT i don't have the latest line.

    Carte Ethernet Ethernet 3 :
    
       Suffixe DNS propre à la connexion. . . :
       Description. . . . . . . . . . . . . . : TAP-Windows Adapter V9
       Adresse physique . . . . . . . . . . . : 00-FF-2D-5F-6F-68
       DHCP activé. . . . . . . . . . . . . . : Oui
       Configuration automatique activée. . . : Oui
       Adresse IPv6 de liaison locale. . . . .: fe80::7d0e:5457:32db:1add%8(préféré)
       Adresse d’autoconfiguration IPv4 . . . : 169.254.26.221(préféré)
       Masque de sous-réseau. . . . . . . . . : 255.255.0.0
       Passerelle par défaut. . . . . . . . . :
       IAID DHCPv6 . . . . . . . . . . . : 620822317
       DUID de client DHCPv6\. . . . . . . . : 00-01-00-01-20-36-6A-05-74-DF-BF-73-86-F9
       Serveurs DNS. . .  . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS sur Tcpip. . . . . . . . . . . : Activé
    
    

    There is not difference in pfsense configuration for openvpn except tcp / udp and ports.

    Conclusion :

    • TAP Mode with UDP 1194 on 2.3.3 => OK
    • TAP Mode with TCP 2294 on 2.4.1 => OK
    • TAP Mode with UDP 1194 on 2.4.1 => KO (no IP from DHCP…)

    I'm planning to upgrade my pfsense to 2.4.1 but it's not possible with this bug ?

    Thanks if anyone could help me,

    Guldil



  • other test :

    • latest version of OpenVPN Client (2.4.4) => KO
    • recreated a configuration with Export Client from Pfsense 2.4.1 => KO
    • force "ip /renew" manually after connection => KO


  • finally latest test, i switch my pfsense 2.4.1 for a 2.3.3 and everthing is working as expected with OpenVPN and UDP.

    My openvpnclient acquire IP from DHCP.

    So there is something wrong with my 2.4.1

    I'll reinstall a 2.3.5 on my pfsense 2.4.1 we'll see.


Log in to reply