OpenVPN client showing 100% packetloss following 2.5.0 upgrade
-
Hi,
I have a policy based routing setup to pass certain traffic through an OpenVPN client on pfSense to NordVPN. I followed the NordVPN setup instructions for pfSense here and this has been working perfectly for ~6 months now.
Today, I've upgraded to 2.5.0 and the NordVPN gateway is now reporting "Offline, Packetloss: 100%" with no traffic able to be routed to NordVPN. The normal WAN traffic is unaffected.
-
Status / OpenVPN shows the NordVPN client connection status as "up" with a Virtual Address assigned;
-
System Logs / OpenVPN reports a successful connection, but includes a "Authenticate/Decrypt packet error: missing authentication info" error;
-
System Logs / System / Gateway shows a dpinger alarm "NORDVPN_VPNV4 8.8.8.8: Alarm latency 0us stddev 0us loss 100%";
-
Firewall / NAT / Outbound has the correct manual rules for the Gateway;
-
System / Routing / Gateways - I have tried disabling Gateway Monitoring & Gateway Action but with no impact;
-
VPN / OpenVPN - I have deleted the NordVPN client and set it up from scratch but encounter the same problem.
I'm starting to run out of ideas - any thoughts?
Thanks
-
-
@custardduck22 I also have issue with the OpenVPN. I'm using torguard. I too have "Offline, Packetloss: 100%" when viewing on the Status > Gateway. While Status > OpenVPN showing the status is up. But my system logs for OpenVPN only contain warning but no mention about Authenticate/Decrypt packet error"
-
@custardduck22 I have the same.
From what I can gather people that have done a clean install have not got these issues, whereas I upgraded and have numerous problems.
Im going to have to reinstall and start from scratch, :(
Also nordvpn wont even talk about 2.5 as if unsupported by them.
-
@nevar also same
but i have got it to work by disabling gateway monitoring
-
Same here. I also have NordVPN. It worked flawless with 2.4.5 P1 for > 6 months.
My problems are a bit different though.It started with the default gateway set to my IPTV WAN interface. Corrected -> works.
As soon as I start OpenVPN, my IPTV starts to interrupt. It looks like the VPN and IGMP Proxy do not work together.
Disable OpenVPN -> IPTV works flawless. -
@rummonkey69 you mean deleting the openvpn client profile? I did that still the same. I having feeling it is the addition setting added to the openvpn client. Like you unchecking "Enable Data Encryption Negotiation" does not do anything since it stated that "Disabling this feature is deprecated.". There also new field "TLS keydir direction" which I haven't see this before when I setup my torguard
-
@nevar no i mean disabling gateway monitoring for failover as I have more than one openvpn client.
-
@rummonkey69 I don't have gateway monitoring enable aside "Do not create rules when gateway is down". I disable that as well and I'm getting same error Offline, Packetloss: 100%. I using two openvpn clients as well. I can't only point the issue to "Enable Data Encryption Negotiation" and "TLS keydir direction". On tutorial it show that uncheck Enable NCP which I guess replace with "Enable Data Ecnryption Negotiation".
-
I am having the same issue as well. I've been doing some research and tried a few different configurations on my VPN connection but no luck. Following this thread in hope that someone gets a lead.
-
I played with the settings for a while and finally got it working by unchecking "Enable Data Encryption Negotiation". You might want to reboot after making this change.
-
@bjames88 Already tried that. so what confusing with the last sentence "Disabling this feature is deprecated." So unchecking does not do anything? So who is your vpn provider?
-
@bjames88 Thanks! This has solved my issue. I was pulling my hair out.
On top of that, Cloudflare had an issue in Chicago area tonight, which when navigating to www.nordvpn.com (and few others) caused 502 nginx bad gateway to be shown. Their app on android also didn't work for several minutes. -
@bjames88 thank you - this worked for me too
-
@nevar Deprecated means the feature will be removed in the feature but it is currently still available. It's not longer supported and will eventually be completely removed.
I use Nord as my VPN provider.
-
@bjames88 That's it. Thanks a lot! Everthing is working again. Worked right away, didn't even have to reboot.
-
I managed to get it work on Torguard somewhat. I need select AES-128-GCM instead of AES-256GCM for the Fallback Data Encryption Algorithm as well unchecked Enable Data Encryption Negotiation. But on Status > Gateways, it still showing Offline, 100% packet loss. Can you guy confirm if you still seeing that status ?
-
Relating to "Offline, Packetlost: 100%", Goto System > Routing, then edit the each vpn gateway you have and checked "Disable Gateway Monitoring" & "Disable Gateway Monitoring Action". Majority of VPN provider ignore ping which explain why you getting 100% Packetlost. This resolve my issue running multiple vpn clients. Since pfsense detects that gateway is offline since it didn't get ping response which causing some weird issue.
-
@nevar not true.
Reinstall clean of 2.5 and it's working as was before.
Doing upgrade and restore didn't fuck the issue.
-
@nevar thanks that worked for me
-
ok so doing that allowed the connection to work. However its now ignoring all my rules and routing everything thru the openvpn gateway. These rules have not changed in the last 2 years so something has changed with 2.5.0. I guess next step is to do a clean install and restore the config