Cryptostorm connection error
-
For over 2 years I have an successful connection to the Cryptostorm VPN network. Recently I noticed my VPN wasn't working anymore. I did upgrade from 2.4.3 to 2.4.4 a few days before I noticed it was no longer working. So for now I blame the upgrade.
I spent a few hours on it. I even deleted all CA, gateway and VPN configs and re-added but the same error remains:
Oct 10 20:17:28 openvpn 66603 Exiting due to fatal error Oct 10 20:17:28 openvpn 66603 FreeBSD ifconfig failed: external program exited with error status: 1 Oct 10 20:17:28 openvpn 66603 /sbin/ifconfig tun 10.66.2.242 10.66.2.1 mtu 1500 netmask 255.255.255.0 upVPN settings
Gateway settings
I did also try with an monitoring IP and monitoring disabled.
Full error log: https://pastebin.com/bxRP1GNk
netstat -rn
Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.1.1 UGS igb0 8.8.8.8 192.168.1.1 UGHS igb0 10.0.0.0/16 link#3 U igb2 10.0.0.2 link#3 UHS lo0 10.1.0.0/24 10.0.0.2 UGS igb2 10.10.10.1 link#3 UHS lo0 10.10.10.1/32 link#3 U igb2 127.0.0.1 link#5 UH lo0 192.168.0.0/16 link#1 U igb0 192.168.1.14 link#1 UHS lo0 Internet6: Destination Gateway Flags Netif Expire ::1 link#5 UH lo0 fe80::%igb0/64 link#1 U igb0 fe80::20d:b9ff:fe43:3f30%igb0 link#1 UHS lo0 fe80::%igb2/64 link#3 U igb2 fe80::20d:b9ff:fe43:3f32%igb2 link#3 UHS lo0 fe80::%lo0/64 link#5 U lo0 fe80::1%lo0 link#5 UHS lo0ifconfig -a on pastebin, as this is considered spam by Askimet?!
Cryptostorm ovpn file on Github.
This is the only VPN client I have, no VPN servers. I do have an IPSEC tunnel with IP's in 10.1.0.0/24. My LAN is located in 10.0.0.0/16. I'm no network guru but I think that those don't overlap with "/sbin/ifconfig tun 10.66.2.242 10.66.2.1 mtu 1500 netmask 255.255.255.0 up"
There is an bug report and a topic with the same error, but that is caused by the monitoring ip on the OpenVPN interface.
https://redmine.pfsense.org/issues/8142
https://forum.pfsense.org/index.php?topic=138608.msg764734#msg764734Can someone please help me out?
-
So your using the OLD RSA configs, but your using 5060 isn't that port reserved for ECC configs?
https://cryptostorm.is/configs/rsa/
If necessary, you can change the port in these configs to anything from 1 to 29999,
excluding ports 5060, 5061, and 5062. Those three are reserved for the ecc configs,And your gui setup is saying to use your web gui cert??
-
My bad. I linked to the RSA configs because I tried them both, I edited the link. My current setup is based on the ecc settings.
The client certificate is not needed by Cryptostorm, pfsense demands it, you cannot leave it blank. Other option is to specify password/username. But then the error remains the same:
Oct 14 16:45:06 openvpn 15297 Exiting due to fatal error Oct 14 16:45:06 openvpn 15297 FreeBSD ifconfig failed: external program exited with error status: 1 Oct 14 16:45:06 openvpn 15297 /sbin/ifconfig tun 10.66.2.90 10.66.2.1 mtu 1500 netmask 255.255.255.0 upDo you have any other suggestions?
-
Issue has been resolved. Because of "dev tun;" in the custom options the interface wasn't coming up. I removed it and everything works as wanted.
-
Also if your not going to use the client cert you should just set it to none ;)
-
The following input errors were detected:
If no Client Certificate is selected, a username and/or password must be entered.pfSense doesn't allow me to.