OpenVPN TAP on pf 2.4.1 not working with UDP, working with TCP or pf 2.3.3

Guldil · Nov 20, 2017, 9:54 AM

Hy,

First i have to say that this config was working perflectly for 1 year on pfsense 2.3.3 :

OpenVPN / TAP Mode with a bridge interface / UDP 1194

On a new site i'm using same configuration with Pfsense 2.4.1, with TCP-CLIENT, it's working but it's a bit slow.

With UDP, client can't get any IP on DHCP :

Mon Nov 20 10:40:01 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Mon Nov 20 10:40:01 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Nov 20 10:40:01 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Mon Nov 20 10:40:03 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
Mon Nov 20 10:40:03 2017 UDP link local (bound): [AF_INET][undef]:1194
Mon Nov 20 10:40:03 2017 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
Mon Nov 20 10:40:03 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Nov 20 10:40:03 2017 [openvpn] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
Mon Nov 20 10:40:04 2017 open_tun
Mon Nov 20 10:40:04 2017 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{2D5F6F68-DDF3-4122-8BBF-B8C76AC50CFF}.tap
Mon Nov 20 10:40:04 2017 Successful ARP Flush on interface [8] {2D5F6F68-DDF3-4122-8BBF-B8C76AC50CFF}
Mon Nov 20 10:40:09 2017 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Mon Nov 20 10:40:09 2017 Initialization Sequence Completed

With TCP-CLIENT i don't have the latest line.

Carte Ethernet Ethernet 3 :

   Suffixe DNS propre à la connexion. . . :
   Description. . . . . . . . . . . . . . : TAP-Windows Adapter V9
   Adresse physique . . . . . . . . . . . : 00-FF-2D-5F-6F-68
   DHCP activé. . . . . . . . . . . . . . : Oui
   Configuration automatique activée. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::7d0e:5457:32db:1add%8(préféré)
   Adresse d’autoconfiguration IPv4 . . . : 169.254.26.221(préféré)
   Masque de sous-réseau. . . . . . . . . : 255.255.0.0
   Passerelle par défaut. . . . . . . . . :
   IAID DHCPv6 . . . . . . . . . . . : 620822317
   DUID de client DHCPv6\. . . . . . . . : 00-01-00-01-20-36-6A-05-74-DF-BF-73-86-F9
   Serveurs DNS. . .  . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS sur Tcpip. . . . . . . . . . . : Activé

There is not difference in pfsense configuration for openvpn except tcp / udp and ports.

Conclusion :

TAP Mode with UDP 1194 on 2.3.3 => OK
TAP Mode with TCP 2294 on 2.4.1 => OK
TAP Mode with UDP 1194 on 2.4.1 => KO (no IP from DHCP…)

I'm planning to upgrade my pfsense to 2.4.1 but it's not possible with this bug ?

Thanks if anyone could help me,

Guldil

Guldil · Nov 20, 2017, 2:43 PM

other test :

latest version of OpenVPN Client (2.4.4) => KO
recreated a configuration with Export Client from Pfsense 2.4.1 => KO
force "ip /renew" manually after connection => KO

Guldil · Nov 23, 2017, 9:05 AM

finally latest test, i switch my pfsense 2.4.1 for a 2.3.3 and everthing is working as expected with OpenVPN and UDP.

My openvpnclient acquire IP from DHCP.

So there is something wrong with my 2.4.1

I'll reinstall a 2.3.5 on my pfsense 2.4.1 we'll see.