Filter error after setup of OpenVPN

vMAC

I just added a VPN.
After the setup of that VPN I'm getting the following error in my logs:

There were error(s) loading the rules: /tmp/rules.debug:182: unknown protocol udp4 - The line in question reads [182]: pass in quick on $WAN reply-to ( em0 xxx.xxx.xxx.201 ) inet proto udp4 from any to xxx.xxx.xxx.202 tracker 1526356772 keep state label "USER_RULE: OpenVPN HomeVPN wizard"
@ 2018-05-15 08:15:58.

There is obviously something borked in the VPN setup as the VPN doesn't work, but since I used the wizard how do I chase down the configuration error?

I used 10.1.1.0/28 as my tunnel network which is different than my LAN interface of 192.168.1.0/24, did I misunderstand the rules on that?

Lastly although my CPU has AES-NI Crypto Yes it is marked as (inactive), how do I get that fixed?

viragomann

Yeah, there is a bug in the OpenVPN wizard. It sets wrong parameter in the firewall rule.

Edit the rule generated by the wizard in Firwall > Rules > WAN and set the "Address Family" to "IPv4" and the "Protocol" to "UDP".

For enabling the AES-NI crypto, go to System > Advanced > Miscellaneous  > "Cryptographic Hardware" and select "AES-NI CPU-based acceleration".

jimp

If you upgrade to 2.4.3-p1 that wizard issue has been fixed. So if you use the wizard again after upgrading it will be OK for future tunnels. Editing the current rule and fixing it manually will work around the issue on 2.4.3.