PFS 2.5.2-RELEASE OpenVPN
-
Добрый день!
После обновления на последнюю версию пфсенс
и создания сервера openvpn начал отваливаться демон мониторинга службы и сама служба openvpn.
До обновления ранее созданные сервера - работают стабильно, не отваливаются.
После обновления шлюза клиента стал так же отваливаться демон(служба), до обновления он просто показывал что нет соединения с сервером и служба была запущена т.к сам сервер ложился из-за демона. (Служба падает).Настроено всё идентично работающим.
Повторюсь сервера настроенные на том же шлюзе до обновления работают, количество серверов/туннелей OpenVPN -6 штук.
Прошу помощи.
Спасибо. -
Добрый.
@veezs
Покажите логи с сервера и клиента при этом.
15 шт обновились - проблем нет.Зы. Поищите по багам еще здесь https://redmine.pfsense.org/projects/pfsense/roadmap
-
@werter said in PFS 2.5.2-RELEASE OpenVPN:
Добрый.
@veezs
Покажите логи с сервера и клиента при этом.
15 шт обновились - проблем нет.Зы. Поищите по багам еще здесь https://redmine.pfsense.org/projects/pfsense/roadmap
P.s Порт по пути проблемы менял с 1199 на 1299 и разница между клиентом и сервером 3 часа. После открытия топика как ни странно пока не отваливалось, но думаю что, отвалиться. Нету закономерности..
Спасибо!Логи Сервера:
===group``` Jul 26 09:31:22 openvpn 48293 Authenticate/Decrypt packet error: missing authentication info Jul 26 09:39:13 openvpn 48293 Authenticate/Decrypt packet error: missing authentication info Jul 26 10:37:53 openvpn 48293 Authenticate/Decrypt packet error: missing authentication info Jul 26 10:49:21 openvpn 22264 Inactivity timeout (--ping-restart), restarting Jul 26 10:49:21 openvpn 22264 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 10:49:26 openvpn 22264 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 10:49:26 openvpn 22264 Re-using pre-shared static key Jul 26 10:49:26 openvpn 22264 Preserving previous TUN/TAP instance: ovpns6 Jul 26 10:49:26 openvpn 22264 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1199 Jul 26 10:49:26 openvpn 22264 UDPv4 link remote: [AF_UNSPEC] Jul 26 10:54:26 openvpn 22264 Inactivity timeout (--inactive), exiting Jul 26 10:54:26 openvpn 22264 SIGTERM received, sending exit notification to peer Jul 26 10:54:27 openvpn 22264 /usr/local/sbin/ovpn-linkdown ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 10:54:27 openvpn 22264 SIGTERM[soft,exit-with-notification] received, process exiting Jul 26 10:57:32 openvpn 35440 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 10:57:32 openvpn 35440 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 10:57:32 openvpn 35440 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 10:57:32 openvpn 35717 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 10:57:32 openvpn 35717 TUN/TAP device ovpns6 exists previously, keep at program end Jul 26 10:57:32 openvpn 35717 TUN/TAP device /dev/tun6 opened Jul 26 10:57:32 openvpn 35717 /sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up Jul 26 10:57:32 openvpn 35717 /usr/local/sbin/ovpn-linkup ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 10:57:32 openvpn 35717 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1199 Jul 26 10:57:32 openvpn 35717 UDPv4 link remote: [AF_UNSPEC] Jul 26 11:02:32 openvpn 35717 Inactivity timeout (--inactive), exiting Jul 26 11:02:32 openvpn 35717 SIGTERM received, sending exit notification to peer Jul 26 11:02:33 openvpn 35717 /usr/local/sbin/ovpn-linkdown ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 11:02:33 openvpn 35717 SIGTERM[soft,exit-with-notification] received, process exiting Jul 26 11:03:02 openvpn 51229 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 11:03:02 openvpn 51229 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 11:03:02 openvpn 51229 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 11:03:02 openvpn 51546 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 11:03:02 openvpn 51546 TUN/TAP device ovpns6 exists previously, keep at program end Jul 26 11:03:02 openvpn 51546 TUN/TAP device /dev/tun6 opened Jul 26 11:03:02 openvpn 51546 /sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up Jul 26 11:03:02 openvpn 51546 /usr/local/sbin/ovpn-linkup ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 11:03:02 openvpn 51546 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1199 Jul 26 11:03:02 openvpn 51546 UDPv4 link remote: [AF_UNSPEC] Jul 26 11:07:55 openvpn 51546 Peer Connection Initiated with [AF_INET]WAN IP CLIENT:37990 Jul 26 11:07:56 openvpn 51546 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 11:07:56 openvpn 51546 Initialization Sequence Completed Jul 26 11:56:49 openvpn 51546 Inactivity timeout (--ping-restart), restarting Jul 26 11:56:49 openvpn 51546 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 11:56:54 openvpn 51546 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 11:56:54 openvpn 51546 Re-using pre-shared static key Jul 26 11:56:54 openvpn 51546 Preserving previous TUN/TAP instance: ovpns6 Jul 26 11:56:54 openvpn 51546 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1199 Jul 26 11:56:54 openvpn 51546 UDPv4 link remote: [AF_UNSPEC] Jul 26 12:01:54 openvpn 51546 Inactivity timeout (--inactive), exiting Jul 26 12:01:54 openvpn 51546 SIGTERM received, sending exit notification to peer Jul 26 12:01:55 openvpn 51546 /usr/local/sbin/ovpn-linkdown ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 12:01:55 openvpn 51546 SIGTERM[soft,exit-with-notification] received, process exiting Jul 26 12:04:28 openvpn 23222 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 12:04:28 openvpn 23222 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 12:04:28 openvpn 23222 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 12:04:28 openvpn 23542 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 12:04:28 openvpn 23542 TUN/TAP device ovpns6 exists previously, keep at program end Jul 26 12:04:28 openvpn 23542 TUN/TAP device /dev/tun6 opened Jul 26 12:04:28 openvpn 23542 /sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up Jul 26 12:04:28 openvpn 23542 /usr/local/sbin/ovpn-linkup ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 12:04:28 openvpn 23542 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1199 Jul 26 12:04:28 openvpn 23542 UDPv4 link remote: [AF_UNSPEC] Jul 26 12:04:30 openvpn 23542 Peer Connection Initiated with [AF_INET]WAN IP CLIENT:5447 Jul 26 12:04:30 openvpn 23542 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 12:04:30 openvpn 23542 Initialization Sequence Completed Jul 26 12:07:19 openvpn 23542 event_wait : Interrupted system call (code=4) Jul 26 12:07:19 openvpn 23542 SIGTERM received, sending exit notification to peer Jul 26 12:07:20 openvpn 23542 /usr/local/sbin/ovpn-linkdown ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 12:07:20 openvpn 23542 SIGTERM[soft,exit-with-notification] received, process exiting Jul 26 12:07:21 openvpn 53735 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 12:07:21 openvpn 53735 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 12:07:21 openvpn 53735 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 12:07:21 openvpn 54061 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 12:07:21 openvpn 54061 TUN/TAP device ovpns6 exists previously, keep at program end Jul 26 12:07:21 openvpn 54061 TUN/TAP device /dev/tun6 opened Jul 26 12:07:21 openvpn 54061 /sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up Jul 26 12:07:21 openvpn 54061 /usr/local/sbin/ovpn-linkup ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 12:07:21 openvpn 54061 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1299 Jul 26 12:07:21 openvpn 54061 UDPv4 link remote: [AF_UNSPEC] Jul 26 12:07:48 openvpn 54061 Peer Connection Initiated with [AF_INET]WAN IP CLIENT:7966 Jul 26 12:07:48 openvpn 54061 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 12:07:48 openvpn 54061 Initialization Sequence Completed Jul 26 12:49:37 openvpn 48293 Authenticate/Decrypt packet error: missing authentication info Jul 26 13:39:53 openvpn 54061 Inactivity timeout (--inactive), exiting Jul 26 13:39:53 openvpn 54061 SIGTERM received, sending exit notification to peer Jul 26 13:39:54 openvpn 54061 /usr/local/sbin/ovpn-linkdown ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 13:39:54 openvpn 54061 SIGTERM[soft,exit-with-notification] received, process exiting Jul 26 14:10:47 openvpn 17523 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 14:10:47 openvpn 17523 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 14:10:47 openvpn 17523 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 14:10:47 openvpn 17778 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 14:10:47 openvpn 17778 TUN/TAP device ovpns6 exists previously, keep at program end Jul 26 14:10:47 openvpn 17778 TUN/TAP device /dev/tun6 opened Jul 26 14:10:47 openvpn 17778 /sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up Jul 26 14:10:47 openvpn 17778 /usr/local/sbin/ovpn-linkup ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 14:10:47 openvpn 17778 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1299 Jul 26 14:10:47 openvpn 17778 UDPv4 link remote: [AF_UNSPEC] Jul 26 14:10:51 openvpn 17778 Peer Connection Initiated with [AF_INET]WAN IP CLIENT:20475 Jul 26 14:10:52 openvpn 17778 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 14:10:52 openvpn 17778 Initialization Sequence Completed Jul 26 14:18:17 openvpn 17778 Inactivity timeout (--inactive), exiting Jul 26 14:18:17 openvpn 17778 SIGTERM received, sending exit notification to peer Jul 26 14:18:18 openvpn 17778 /usr/local/sbin/ovpn-linkdown ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 14:18:18 openvpn 17778 SIGTERM[soft,exit-with-notification] received, process exiting Jul 26 14:39:14 openvpn 59816 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 14:39:14 openvpn 59816 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 14:39:14 openvpn 59816 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 14:39:14 openvpn 59991 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 14:39:14 openvpn 59991 TUN/TAP device ovpns6 exists previously, keep at program end Jul 26 14:39:14 openvpn 59991 TUN/TAP device /dev/tun6 opened Jul 26 14:39:14 openvpn 59991 /sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up Jul 26 14:39:14 openvpn 59991 /usr/local/sbin/ovpn-linkup ovpns6 1500 1572 16.16.16.1 16.16.16.2 init Jul 26 14:39:14 openvpn 59991 UDPv4 link local (bound): [AF_INET]WAN IP SERVER:1299 Jul 26 14:39:14 openvpn 59991 UDPv4 link remote: [AF_UNSPEC] Jul 26 14:39:18 openvpn 59991 Peer Connection Initiated with [AF_INET]WAN IP CLIENT:6014 Jul 26 14:39:18 openvpn 59991 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 14:39:18 openvpn 59991 Initialization Sequence Completed ```kotlin
===
Логи Клиента:
===group```Jul 26 07:59:48 openvpn 24762 write UDPv4: No route to host (code=65) Jul 26 07:59:48 openvpn 24762 write UDPv4: No route to host (code=65) Jul 26 07:59:59 openvpn 24762 write UDPv4: No route to host (code=65) Jul 26 07:59:59 openvpn 24762 write UDPv4: No route to host (code=65) Jul 26 08:00:07 openvpn 24762 Inactivity timeout (--ping-restart), restarting Jul 26 08:00:07 openvpn 24762 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 08:02:12 openvpn 22606 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 08:02:12 openvpn 22606 OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 5 2021 Jul 26 08:02:12 openvpn 22606 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 08:02:12 openvpn 22653 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 08:02:12 openvpn 22653 GDG: problem writing to routing socket Jul 26 08:02:12 openvpn 22653 TUN/TAP device ovpnc1 exists previously, keep at program end Jul 26 08:02:12 openvpn 22653 TUN/TAP device /dev/tun1 opened Jul 26 08:02:12 openvpn 22653 ioctl(TUNSIFMODE): Device busy (errno=16) Jul 26 08:02:12 openvpn 22653 /sbin/ifconfig ovpnc1 16.16.16.2 16.16.16.1 mtu 1500 netmask 255.255.255.255 up Jul 26 08:02:12 openvpn 22653 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 08:02:13 openvpn 22653 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 08:02:13 openvpn 22653 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 08:02:13 openvpn 22653 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 08:02:13 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:13 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:13 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:13 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:14 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:23 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:33 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:33 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:43 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:43 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:53 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:02:53 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:03:03 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:03:03 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:03:13 openvpn 22653 Inactivity timeout (--ping-restart), restarting Jul 26 08:03:13 openvpn 22653 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 08:03:18 openvpn 22653 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 08:03:18 openvpn 22653 Re-using pre-shared static key Jul 26 08:03:18 openvpn 22653 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 08:03:18 openvpn 22653 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 08:03:18 openvpn 22653 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 08:03:18 openvpn 22653 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 08:03:18 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:03:28 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:03:28 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:04:19 openvpn 22653 Inactivity timeout (--ping-restart), restarting Jul 26 08:04:19 openvpn 22653 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 08:04:24 openvpn 22653 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 08:04:24 openvpn 22653 Re-using pre-shared static key Jul 26 08:04:24 openvpn 22653 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 08:04:24 openvpn 22653 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 08:04:24 openvpn 22653 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 08:04:24 openvpn 22653 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 08:05:24 openvpn 22653 Inactivity timeout (--ping-restart), restarting Jul 26 08:05:24 openvpn 22653 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 08:05:29 openvpn 22653 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 08:05:29 openvpn 22653 Re-using pre-shared static key Jul 26 08:05:29 openvpn 22653 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 08:05:29 openvpn 22653 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 08:05:29 openvpn 22653 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 08:05:29 openvpn 22653 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 08:06:29 openvpn 22653 Inactivity timeout (--ping-restart), restarting Jul 26 08:06:29 openvpn 22653 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 08:06:34 openvpn 22653 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 08:06:34 openvpn 22653 Re-using pre-shared static key Jul 26 08:06:34 openvpn 22653 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 08:06:34 openvpn 22653 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 08:06:34 openvpn 22653 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 08:06:34 openvpn 22653 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 08:07:35 openvpn 22653 Inactivity timeout (--ping-restart), restarting Jul 26 08:07:35 openvpn 22653 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 08:07:45 openvpn 22653 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 08:07:45 openvpn 22653 Re-using pre-shared static key Jul 26 08:07:45 openvpn 22653 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 08:07:45 openvpn 22653 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 08:07:45 openvpn 22653 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 08:07:45 openvpn 22653 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 08:07:45 openvpn 22653 write UDPv4: No route to host (code=65) Jul 26 08:07:55 openvpn 22653 Peer Connection Initiated with [AF_INET]WAN IP SERVER:1199 Jul 26 08:07:57 openvpn 22653 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 08:07:57 openvpn 22653 Initialization Sequence Completed Jul 26 09:01:49 openvpn 23342 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 09:01:49 openvpn 23342 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 09:01:49 openvpn 23342 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 09:01:49 openvpn 23646 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 09:01:49 openvpn 23646 GDG: problem writing to routing socket Jul 26 09:01:49 openvpn 23646 TUN/TAP device ovpnc1 exists previously, keep at program end Jul 26 09:01:49 openvpn 23646 TUN/TAP device /dev/tun1 opened Jul 26 09:01:49 openvpn 23646 ioctl(TUNSIFMODE): Device busy (errno=16) Jul 26 09:01:49 openvpn 23646 /sbin/ifconfig ovpnc1 16.16.16.2 16.16.16.1 mtu 1500 netmask 255.255.255.255 up Jul 26 09:01:49 openvpn 23646 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 09:01:49 openvpn 23646 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 09:01:49 openvpn 23646 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 09:01:49 openvpn 23646 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 09:01:49 openvpn 23646 write UDPv4: No route to host (code=65) Jul 26 09:01:49 openvpn 23646 write UDPv4: No route to host (code=65) Jul 26 09:01:49 openvpn 23646 write UDPv4: No route to host (code=65) Jul 26 09:01:50 openvpn 23646 write UDPv4: No route to host (code=65) Jul 26 09:02:49 openvpn 23646 Inactivity timeout (--ping-restart), restarting Jul 26 09:02:49 openvpn 23646 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 09:02:54 openvpn 23646 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 09:02:54 openvpn 23646 Re-using pre-shared static key Jul 26 09:02:54 openvpn 23646 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 09:02:54 openvpn 23646 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 09:02:54 openvpn 23646 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 09:02:54 openvpn 23646 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 09:03:04 openvpn 23646 event_wait : Interrupted system call (code=4) Jul 26 09:03:04 openvpn 23646 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 09:03:04 openvpn 23646 SIGTERM[hard,] received, process exiting Jul 26 09:03:05 openvpn 8440 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 09:03:05 openvpn 8440 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 09:03:05 openvpn 8440 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 09:03:05 openvpn 8634 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 09:03:05 openvpn 8634 TUN/TAP device ovpnc1 exists previously, keep at program end Jul 26 09:03:05 openvpn 8634 TUN/TAP device /dev/tun1 opened Jul 26 09:03:05 openvpn 8634 /sbin/ifconfig ovpnc1 16.16.16.2 16.16.16.1 mtu 1500 netmask 255.255.255.255 up Jul 26 09:03:05 openvpn 8634 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 09:03:05 openvpn 8634 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 09:03:05 openvpn 8634 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 09:03:05 openvpn 8634 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 09:04:05 openvpn 8634 Inactivity timeout (--ping-restart), restarting Jul 26 09:04:05 openvpn 8634 SIGUSR1[soft,ping-restart] received, process restarting Jul 26 09:04:10 openvpn 8634 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 09:04:10 openvpn 8634 Re-using pre-shared static key Jul 26 09:04:10 openvpn 8634 Preserving previous TUN/TAP instance: ovpnc1 Jul 26 09:04:10 openvpn 8634 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1199 Jul 26 09:04:10 openvpn 8634 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 09:04:10 openvpn 8634 UDPv4 link remote: [AF_INET]WAN IP SERVER:1199 Jul 26 09:04:30 openvpn 8634 Peer Connection Initiated with [AF_INET]WAN IP SERVER:1199 Jul 26 09:04:31 openvpn 8634 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 09:04:31 openvpn 8634 Initialization Sequence Completed Jul 26 09:07:19 openvpn 8634 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 09:07:19 openvpn 8634 SIGTERM[soft,remote-exit] received, process exiting Jul 26 09:07:48 openvpn 54724 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 09:07:48 openvpn 54724 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 09:07:48 openvpn 54724 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 09:07:48 openvpn 54928 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 09:07:48 openvpn 54928 TUN/TAP device ovpnc1 exists previously, keep at program end Jul 26 09:07:48 openvpn 54928 TUN/TAP device /dev/tun1 opened Jul 26 09:07:48 openvpn 54928 /sbin/ifconfig ovpnc1 16.16.16.2 16.16.16.1 mtu 1500 netmask 255.255.255.255 up Jul 26 09:07:48 openvpn 54928 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 09:07:48 openvpn 54928 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1299 Jul 26 09:07:48 openvpn 54928 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 09:07:48 openvpn 54928 UDPv4 link remote: [AF_INET]WAN IP SERVER:1299 Jul 26 09:07:48 openvpn 54928 Peer Connection Initiated with [AF_INET]WAN IP SERVER:1299 Jul 26 09:07:49 openvpn 54928 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 09:07:49 openvpn 54928 Initialization Sequence Completed Jul 26 10:35:13 openvpn 54928 write UDPv4: No route to host (code=65) Jul 26 10:35:23 openvpn 54928 write UDPv4: No route to host (code=65) Jul 26 10:39:53 openvpn 54928 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 10:39:53 openvpn 54928 SIGTERM[soft,remote-exit] received, process exiting Jul 26 11:10:40 openvpn 56262 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 11:10:40 openvpn 56262 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 11:10:40 openvpn 56262 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 11:10:40 openvpn 56451 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 11:10:40 openvpn 56451 TUN/TAP device ovpnc1 exists previously, keep at program end Jul 26 11:10:40 openvpn 56451 TUN/TAP device /dev/tun1 opened Jul 26 11:10:40 openvpn 56451 /sbin/ifconfig ovpnc1 16.16.16.2 16.16.16.1 mtu 1500 netmask 255.255.255.255 up Jul 26 11:10:40 openvpn 56451 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 11:10:40 openvpn 56451 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1299 Jul 26 11:10:40 openvpn 56451 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 11:10:40 openvpn 56451 UDPv4 link remote: [AF_INET]WAN IP SERVER:1299 Jul 26 11:10:51 openvpn 56451 Peer Connection Initiated with [AF_INET]WAN IP SERVER:1299 Jul 26 11:10:52 openvpn 56451 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 11:10:52 openvpn 56451 Initialization Sequence Completed Jul 26 11:18:17 openvpn 56451 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 11:18:17 openvpn 56451 SIGTERM[soft,remote-exit] received, process exiting Jul 26 11:39:07 openvpn 73787 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Jul 26 11:39:07 openvpn 73787 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021 Jul 26 11:39:07 openvpn 73787 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10 Jul 26 11:39:07 openvpn 74130 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 26 11:39:07 openvpn 74130 TUN/TAP device ovpnc1 exists previously, keep at program end Jul 26 11:39:07 openvpn 74130 TUN/TAP device /dev/tun1 opened Jul 26 11:39:07 openvpn 74130 /sbin/ifconfig ovpnc1 16.16.16.2 16.16.16.1 mtu 1500 netmask 255.255.255.255 up Jul 26 11:39:07 openvpn 74130 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1572 16.16.16.2 16.16.16.1 init Jul 26 11:39:07 openvpn 74130 TCP/UDP: Preserving recently used remote address: [AF_INET]WAN IP SERVER:1299 Jul 26 11:39:07 openvpn 74130 UDPv4 link local (bound): [AF_INET]WAN IP CLIENT:0 Jul 26 11:39:07 openvpn 74130 UDPv4 link remote: [AF_INET]WAN IP SERVER:1299 Jul 26 11:39:18 openvpn 74130 Peer Connection Initiated with [AF_INET]WAN IP SERVER:1299 Jul 26 11:39:19 openvpn 74130 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jul 26 11:39:19 openvpn 74130 Initialization Sequence Completed ```kotlin
===
-
@veezs said in PFS 2.5.2-RELEASE OpenVPN:
/sbin/ifconfig ovpns6 16.16.16.1 16.16.16.2 mtu 1500 netmask 255.255.255.255 up
Надеюсь, что это не те ip для впн-сети, что вы используете в продакшене.
Покажите еще скринами настройки овпн-сервера и проблемного клиента.
-
@veezs said in PFS 2.5.2-RELEASE OpenVPN:
Добрый день!
После обновления на последнюю версию пфсенс
и создания сервера openvpn начал отваливаться демон мониторинга службы и сама служба openvpn.
До обновления ранее созданные сервера - работают стабильно, не отваливаются.
После обновления шлюза клиента стал так же отваливаться демон(служба), до обновления он просто показывал что нет соединения с сервером и служба была запущена т.к сам сервер ложился из-за демона. (Служба падает).Настроено всё идентично работающим.
Повторюсь сервера настроенные на том же шлюзе до обновления работают, количество серверов/туннелей OpenVPN -6 штук.
Прошу помощи.
Спасибо.Имеет отношение к багам:
https://redmine.pfsense.org/issues/12219 и
https://redmine.pfsense.org/issues/12102решение - выставите "Inactive" timeout в 0 и отключите ЭExit NotifyЭ
-
@viktor_g подробнее про этот баг: https://redmine.pfsense.org/issues/12219