• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

UNDEF and TLS Error after 22.05 Upgrade

Scheduled Pinned Locked Moved OpenVPN
1 Posts 1 Posters 262 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    ironmonkey
    last edited by Feb 8, 2023, 10:19 PM

    Hello,

    After upgrading my pfSense Netgate cloud based server from 22.01 to 22.05 I am seeing a lot of these TLS errors in the logs. I am also see them show up as UNDEF in the OpenVPN logs. We did not have this problem prior to the upgrade and I do have the "Username as common name" enabled. All of the IP's showing up as UNDEF or TLS Errors were IP's that were previously able to connect successfully. And post upgrade I do have other users able to connect successfully. All of the UNDEF's seem to correspond to AES-CBC which in turn seem to correlate to the TLS Errors. However the Cipher is permitted in the server config. Is there anything about the upgrade and the use of AES-256-CBC that would cause this?

    Status/OpenVPN

    UNDEF	x.x.x.x:63792		2023-02-08 16:56:55	0 B	27 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:10134		2023-02-08 16:57:37	0 B	10 KiB	AES-256-CBC	  
UNDEF	x.x.x.x:32765		2023-02-08 16:57:39	0 B	10 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:51555		2023-02-08 16:56:38	0 B	10 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:1851		2023-02-08 16:56:37	0 B	10 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:62497		2023-02-08 16:57:39	0 B	10 KiB	AES-256-CBC

    Status/System Logs/OpenVPN

    
Feb 8 16:54:30	openvpn	38471	x.x.x.x:50137 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:50137 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:29	openvpn	38471	x.x.x.x:49351 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:49351 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:29	openvpn	38471	x.x.x.x:19575 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:19575 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:29	openvpn	38471	x.x.x.x:50137 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:50137 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:28	openvpn	38471	x.x.x.x:49351 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:49351 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:28	openvpn	38471	x.x.x.x:19575 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:19575 (si=3 op=P_CONTROL_V1)

    This is a paired down version of my config.ovpn

    dev xxxxx
disable-dco
verb 3
dev-type tun
dev-node /dev/tun1
proto udp4
auth SHA256
tls-server
username-as-common-name
remote-cert-tls client
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
persist-remote-ip
float
topology subnet
explicit-exit-notify 1
inactive 300

    This is a paired down version of my client.config

    dev tun
persist-tun
persist-key
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x ### udp
lport 0
verify-x509-name "removed" name
auth-user-pass
remote-cert-tls server
explicit-exit-notify
    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received