4. Open VPN Server Issue

Open VPN Server Issue

  • V

    Hi,
    I am using pfsense 2.4.4 as My Firewall. I am getting following errors. I am a bit new to Pfsense and Open VPN.
    FreeBSD ifconfig failed: external program exited with error status: 1. Kindly advice me
    I am also getting the error : could not detrmine ipv4/ipv6 protocol. using AF_INET6

    Kindly advice

    0
  • LAYER 8 Netgate

    You are probably trying to add a route to the routing table that already exists.

    You didn't provide enough log entries to tell.

    0
  • V

    Kindly have a look at my server logs

    Apr 15 20:49:14 openvpn 9600 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 15 20:49:14 openvpn 10581 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
    Apr 15 20:49:14 openvpn 10581 OpenVPN 2.4.5 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 2 2018
    Apr 15 20:49:14 openvpn 10581 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Apr 15 20:49:14 openvpn 10599 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 15 20:49:14 openvpn 9600 TUN/TAP device ovpns1 exists previously, keep at program end
    Apr 15 20:49:14 openvpn 9600 TUN/TAP device /dev/tun1 opened
    Apr 15 20:49:14 openvpn 9600 ioctl(TUNSIFMODE): Device busy (errno=16)
    Apr 15 20:49:14 openvpn 9600 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Apr 15 20:49:14 openvpn 9600 /sbin/ifconfig ovpns1 192.168.10.1 192.168.10.2 mtu 1500 netmask 255.255.255.0 up
    Apr 15 20:49:15 openvpn 9600 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.10.1 255.255.255.0 init
    Apr 15 20:49:15 openvpn 10599 TUN/TAP device ovpnc2 exists previously, keep at program end
    Apr 15 20:49:15 openvpn 10599 TUN/TAP device /dev/tun2 opened
    Apr 15 20:49:15 openvpn 10599 ioctl(TUNSIFMODE): Device busy (errno=16)
    Apr 15 20:49:15 openvpn 10599 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Apr 15 20:49:15 openvpn 10599 /sbin/ifconfig ovpnc2 192.168.10.2 192.168.10.1 mtu 1500 netmask 255.255.255.255 up
    Apr 15 20:49:15 openvpn 10599 FreeBSD ifconfig failed: external program exited with error status: 1
    Apr 15 20:49:15 openvpn 10599 Exiting due to fatal error
    Apr 15 20:49:15 openvpn 9600 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Apr 15 20:49:15 openvpn 9600 setsockopt(IPV6_V6ONLY=0)
    Apr 15 20:49:15 openvpn 9600 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Apr 15 20:49:15 openvpn 9600 UDPv6 link remote: [AF_UNSPEC]
    Apr 15 20:49:15 openvpn 9600 Initialization Sequence Completed
    Apr 16 06:51:11 openvpn 8685 WARNING: POTENTIALLY DANGEROUS OPTION –verify-client-cert none|optional (or --client-cert-not-required) may accept clients which do not present a certificate
    Apr 16 06:51:11 openvpn 8685 OpenVPN 2.4.5 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 2 2018
    Apr 16 06:51:11 openvpn 8685 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Apr 16 06:51:11 openvpn 8743 GDG: problem writing to routing socket
    Apr 16 06:51:11 openvpn 8743 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 16 06:51:11 openvpn 8743 TUN/TAP device ovpns1 exists previously, keep at program end
    Apr 16 06:51:11 openvpn 8743 TUN/TAP device /dev/tun1 opened
    Apr 16 06:51:11 openvpn 8743 ioctl(TUNSIFMODE): Device busy (errno=16)
    Apr 16 06:51:11 openvpn 8743 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Apr 16 06:51:11 openvpn 8743 /sbin/ifconfig ovpns1 192.168.10.1 192.168.10.2 mtu 1500 netmask 255.255.255.0 up
    Apr 16 06:51:11 openvpn 8743 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.10.1 255.255.255.0 init
    Apr 16 06:51:11 openvpn 8743 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Apr 16 06:51:11 openvpn 8743 setsockopt(IPV6_V6ONLY=0)
    Apr 16 06:51:11 openvpn 8743 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Apr 16 06:51:11 openvpn 8743 UDPv6 link remote: [AF_UNSPEC]
    Apr 16 06:51:11 openvpn 8743 Initialization Sequence Completed
    Apr 16 06:51:11 openvpn 10483 disabling NCP mode (–ncp-disable) because not in P2MP client or server mode
    Apr 16 06:51:11 openvpn 10483 OpenVPN 2.4.5 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 2 2018
    Apr 16 06:51:11 openvpn 10483 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Apr 16 06:51:11 openvpn 10576 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 16 06:51:11 openvpn 10576 TUN/TAP device ovpnc2 exists previously, keep at program end
    Apr 16 06:51:11 openvpn 10576 TUN/TAP device /dev/tun2 opened
    Apr 16 06:51:11 openvpn 10576 ioctl(TUNSIFMODE): Device busy (errno=16)
    Apr 16 06:51:11 openvpn 10576 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Apr 16 06:51:11 openvpn 10576 /sbin/ifconfig ovpnc2 192.168.10.2 192.168.10.1 mtu 1500 netmask 255.255.255.255 up
    Apr 16 06:51:11 openvpn 10576 FreeBSD ifconfig failed: external program exited with error status: 1
    Apr 16 06:51:11 openvpn 10576 Exiting due to fatal error

    0
  • V

    My client Logs

    Sun Apr 15 21:04:50 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
    Sun Apr 15 21:04:50 2018 Windows version 6.2 (Windows 8 or greater) 64bit
    Sun Apr 15 21:04:50 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
    Enter Management Password:
    Sun Apr 15 21:04:57 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Sun Apr 15 21:04:57 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Sun Apr 15 21:04:57 2018 setsockopt(IPV6_V6ONLY=0)
    Sun Apr 15 21:04:57 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Sun Apr 15 21:04:57 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:39:50 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:39:50 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:39:55 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:39:55 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:39:55 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:39:55 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:39:55 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:41:55 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:41:55 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:42:00 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:42:00 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:42:00 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:42:00 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:42:00 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:44:00 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:44:00 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:44:05 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:44:05 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:44:05 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:44:05 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:44:05 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:46:05 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:46:05 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:46:10 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:46:10 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:46:10 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:46:10 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:46:10 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:48:10 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:48:10 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:48:20 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:48:20 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:48:20 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:48:20 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:48:20 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:50:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:50:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:50:41 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:50:41 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:50:41 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:50:41 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:50:41 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:52:41 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:52:41 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:53:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:53:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:53:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:53:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:53:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:55:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:55:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 08:56:41 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 08:56:41 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 08:56:41 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 08:56:41 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 08:56:41 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 08:58:41 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 08:58:41 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:01:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:01:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:01:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:01:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:01:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:03:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:03:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:08:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:08:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:08:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:08:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:08:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:10:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:10:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:15:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:15:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:15:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:15:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:15:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:17:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:17:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:22:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:22:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:22:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:22:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:22:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:24:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:24:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:29:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:29:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:29:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:29:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:29:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:31:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:31:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:36:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:36:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:36:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:36:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:36:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:38:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:38:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:43:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:43:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:43:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:43:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:43:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:45:21 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:45:21 2018 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 16 09:50:21 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Mon Apr 16 09:50:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mon Apr 16 09:50:21 2018 setsockopt(IPV6_V6ONLY=0)
    Mon Apr 16 09:50:21 2018 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mon Apr 16 09:50:21 2018 UDPv6 link remote: [AF_UNSPEC]
    Mon Apr 16 09:52:22 2018 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Mon Apr 16 09:52:22 2018 SIGUSR1[soft,ping-restart] received, process restarting

    0
  • LAYER 8 Netgate

    Apr 16 06:51:11  openvpn  8743  /sbin/ifconfig ovpns1 192.168.10.1 192.168.10.2 mtu 1500 netmask 255.255.255.0 up
    Apr 16 06:51:11  openvpn  8743  /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.10.1 255.255.255.0 init
    Apr 16 06:51:11  openvpn  10576  /sbin/ifconfig ovpnc2 192.168.10.2 192.168.10.1 mtu 1500 netmask 255.255.255.255 up
    Apr 16 06:51:11  openvpn  10576  FreeBSD ifconfig failed: external program exited with error status: 1

    Looks like the same tunnel network being used by ovpns1 (server 1) as ovpnc2 (client 2) on the "Server"

    0
  • V

    How to trouble shoot that. If you are ok , i can give my server to remote login. Kindly help me. I am using any desk / Team viewer  :'(

    0
  • LAYER 8 Netgate

    No, I am not going to do that.

    Change the tunnel network on the server.

    0
  • V

    Sure , i will try that. Thanks a lot for your time..

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy