OpenVPN not working after 2.5 upgrade.
-
Without more info I can't say but it doesn't sound like the problem being discussed in this thread, so either start a different thread or continue one you already have elsewhere so the topic doesn't get hijacked.
The problem in this thread is for clients on pfSense to remote VPN providers, not for servers on pfSense.
-
@jegr said in OpenVPN not working after 2.5 upgrade.:
@stevemosher said in OpenVPN not working after 2.5 upgrade.:
2.5 is the suck until its tested properly.
That has nothing to do with pfSense 2.5 but with OpenVPN 2.5 that is now shipped with it. OpenVPN changed parameters and deprecated a few of thems and made others mandatory.
Also you both are discussing very different problems. @stevemosher obviously is using client mode to connect to some VPN provider which may still be on 2.4 and thus perhaps needs different settings now to connect from a 2.5 instance. Again not per se pfSense' fault.
@jknott describes a dial in scenario. Again one now has to check the clients if there are e.g. settings like NCP Ciphers active or not as 2.5 has NCP enforced and renamed to data-ciphers (one big change from OpenVPN). So that's nothing that has to be "properly" tested as again it is an OpenVPN problem, not a pfSense problem. Also check out, that now there is a checkbox in the client export settings that can generate v2.4 compat configurations when exporting configs otherwise your client has to understand the new keywords from v2.5.
Cheers
\jens -
All I hear is 'not our problem'.
Just sat in another meeting to discuss buying some Palo Alto product or some FIrepower crap from Cisco.
So much for open source solutions.
-
Not "not our problem" but "some things are out of our control".
If we can find a workaround or a way to make things behave better in our code, we'll happily change it. But thus far most of the threads have had OPs stop responding without giving us enough information to determine what can be done, or they get mixed up with 3-4 different issues and confuse people (like what was happening here).
See also: Changes we made at the direct suggestion of OpenVPN developers
https://redmine.pfsense.org/issues/10919If OP or anyone that is having a problem with the VPN client scenario to a third party provider wants to pick this back up and provide more info/logs, then we can keep looking into it.
-
@jimp said in OpenVPN not working after 2.5 upgrade.:
Not "not our problem" but "some things are out of our control".
If we can find a workaround or a way to make things behave better in our code, we'll happily change it. But thus far most of the threads have had OPs stop responding without giving us enough information to determine what can be done, or they get mixed up with 3-4 different issues and confuse people (like what was happening here).
See also: Changes we made at the direct suggestion of OpenVPN developers
https://redmine.pfsense.org/issues/10919If OP or anyone that is having a problem with the VPN client scenario to a third party provider wants to pick this back up and provide more info/logs, then we can keep looking into it.
What am I to gain out of the url provided?
-
@stevemosher said in OpenVPN not working after 2.5 upgrade.:
What am I to gain out of the url provided?
Information about specific changes made in OpenVPN behavior for OpenVPN 2.5.0 which could be relevant to problems in threads like this (and others).
-
@jimp said in OpenVPN not working after 2.5 upgrade.:
@stevemosher said in OpenVPN not working after 2.5 upgrade.:
What am I to gain out of the url provided?
Information about specific changes made in OpenVPN behavior for OpenVPN 2.5.0 which could be relevant to problems in threads like this (and others).
My eyes glaze over on some of this stuff. I was just trying to get my company back online here. You can see the entire thread is issues with 2.5. Our speeds are gone. 2 links to Nord usually got us about 80MB on the tunnels. We now get about 34MB. After this 'downgrade' they are making us buy Palo Alto products.
I'll say it again .. 2.5 is the suck.
-
@stevemosher Same problem from me! 2.5 really has broken openvpn badly!! Thinking of trying to find a way to downgrade maybe just to get my vpn working again!
-
@jagradang said in OpenVPN not working after 2.5 upgrade.:
@stevemosher Same problem from me! 2.5 really has broken openvpn badly!! Thinking of trying to find a way to downgrade maybe just to get my vpn working again!
We went back to 2.4.5-P1. Speeds, stability and peace from my users has returned. 2.5 is ass.
-
@stevemosher I'm on the verge of reverting too.. 2.5 is a shockingly bad release. Considering they had release candidates and still not fixed this.. I think the issue is around ciphers
I have managed to 'fix' the fluctuating speeds by unchecking Enable Data Encryption Negotiation and changed the Fallback Data Encryption Algorithm to AES-128.
I get lots of warnings in the logs but it connects and my speeds are now consistently back to how the were before my upgrade.
How that's working or why, no idea but it seems to fix it for me so guessing from your comment even though it shouldn't affect it, it is for me.
Let's see how much I can out up with it before I switch back to odler release