[SOLVED] new pf version and lost openvpn connection



  • Hi all, need insight or help regarding my issue here

    Yesterday I fresh install pfsense 2.4.4-p3 64bit on the same hardware (under esxi 6.0) from previous pfsense 2.3.4-p1 32bit

    reason for that: want to try telegraf package

    the new pf works fine, just not the openvpn connection to other site (server client connection). Was working good with 2.3.4, but not connected with new 2.4.4

    the other site using pf 2.3.4-p1 32bit as a server for the connection

    already match all the setting and parameters from previous 2.3.4 but still not connected.

    server setting at pf 2.3.4
    peer to peer (shared key)
    protocol UDP
    device mode TUN
    interface WAN
    local port 1198
    shared key (already copy paste between server and client)
    encryption algo: AES-256-CBC (256 / 128)
    auth digest algo: SHA1 (160bit)
    no hardware crypto
    ipv4 tunnel network: 10.0.8.0/30
    ipv4 remote network: 192.168.5.0/24

    client setting at pf 2.4.4
    same parameters as above
    already input server ip address
    untick Enable NCP
    same ipv4 tunnel network
    ipv4 remote network: 192.168.4.0/24
    gateway creation: ipv4 only

    firewall-NAT-outbound = use automatic outbound NAT

    status from server: down or reconnecting;ping-restart
    status from client: reconnectin; ping-restart with local address and remote host have (pending) below them

    are there any issues with 2.4.4 with 2.3.4? 32bit with 64bit?

    cheers,
    mike


  • LAYER 8

    it's possible but you are not providing enought information, you should post screenshot of your configuration to see if it's realy like you say and we need the complete log from openvpn, increase verbosity if needed
    i would upgrade the other site too, 2.3.4 is very old and unsupported now


  • LAYER 8 Global Moderator

    Come back when both sides are currently supported versions ;) Zero motivation to help someone that can not be bothered to even keep their firewall current.

    are there any issues with 2.4.4 with 2.3.4? 32bit with 64bit?

    Lets say are just for discussion purposes... The fix for that would be to updated the outdated version to current.. So come back when that has happened and your still having issues.



  • Hi kiokoman and johnpoz,

    I plan to upgrade the other site version, but needed time to schedule a visit to the place. So for time being, i'm stuck with 2.3.4 at the other site. So my options are to drop telegraf curiosity and use previous 2.3.4 to connect, or solved this if possible.

    *sorry for the long screenshot

    this is screenshot for the client (2.4.4):
    Screenshot_122419_090103_AM.jpg
    Screenshot_122419_090145_AM.jpg
    Screenshot_122419_090216_AM.jpg
    Screenshot_122419_090238_AM.jpg

    this is for server side (2.3.4):
    Screenshot_122419_090452_AM.jpg
    Screenshot_122419_090513_AM.jpg
    Screenshot_122419_090551_AM.jpg

    this is log for client side:
    Screenshot_122419_090734_AM.jpg

    this is for server side:
    Screenshot_122419_091505_AM.jpg
    Screenshot_122419_091806_AM.jpg


  • LAYER 8

    try to change "Compression" try to set it on, both device, instead of "No Preference" or try to set it off on both device
    idk what you have available on 2.3.4, anyway they must match



  • It works!! Thanks for yours eagle eye Kiokoman!!
    I missed the compression, I just missed it completely
    It's very different options in 2.4.4 compared to 2.3.x or 2.2.x
    I take it for granted that it would not change

    I tried diff compression options, and the one that works best for me is:
    at 2.4.4 use LZO Compression [Legacy style, comp-lzo yes]
    at 2.3.4 use Enable without Adaptive Compression

    thank you again



  • @kiokoman hello brother i am using a open vpn client (expressvpn) in my case the vpn tunnel is up and then restarts every 30 secs i see in logs that the firewall is giving the following error , please please help
    /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.23.0.30 -> 10.107.0.10 - Restarting packages.


  • LAYER 8

    open a new 3d, we need more information like what modem / connection /network you have



  • This post is deleted!




  • @kiokoman i have set the certificates etc as per the instructions of vpn provider the the tunnel is up for a brief moment then disconnects...


  • LAYER 8 Moderator

    @akkiz said in [SOLVED] new pf version and lost openvpn connection:

    @kiokoman i have set the certificates etc as per the instructions of vpn provider the the tunnel is up for a brief moment then disconnects...

    you do NOT have the same problem as the OP. So please don't just jump on any thread because it's OpenVPN and post your problem but open a new one, describe your problem as much as possible and we'll see if we can help you. Also with a custom option box as full as that I'd just delete the thing and start over manually instead of some shady docs from VPN services.



  • @JeGr ok noted


Log in to reply