Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UNDEF and TLS Error after 22.05 Upgrade

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 266 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ironmonkey
      last edited by

      Hello,

      After upgrading my pfSense Netgate cloud based server from 22.01 to 22.05 I am seeing a lot of these TLS errors in the logs. I am also see them show up as UNDEF in the OpenVPN logs. We did not have this problem prior to the upgrade and I do have the "Username as common name" enabled. All of the IP's showing up as UNDEF or TLS Errors were IP's that were previously able to connect successfully. And post upgrade I do have other users able to connect successfully. All of the UNDEF's seem to correspond to AES-CBC which in turn seem to correlate to the TLS Errors. However the Cipher is permitted in the server config. Is there anything about the upgrade and the use of AES-256-CBC that would cause this?

      Status/OpenVPN

      UNDEF	x.x.x.x:63792		2023-02-08 16:56:55	0 B	27 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:10134		2023-02-08 16:57:37	0 B	10 KiB	AES-256-CBC	  
UNDEF	x.x.x.x:32765		2023-02-08 16:57:39	0 B	10 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:51555		2023-02-08 16:56:38	0 B	10 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:1851		2023-02-08 16:56:37	0 B	10 KiB	AES-256-CBC	   
UNDEF	x.x.x.x:62497		2023-02-08 16:57:39	0 B	10 KiB	AES-256-CBC

      Status/System Logs/OpenVPN

      
Feb 8 16:54:30	openvpn	38471	x.x.x.x:50137 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:50137 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:29	openvpn	38471	x.x.x.x:49351 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:49351 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:29	openvpn	38471	x.x.x.x:19575 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:19575 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:29	openvpn	38471	x.x.x.x:50137 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:50137 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:28	openvpn	38471	x.x.x.x:49351 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:49351 (si=3 op=P_CONTROL_V1)
Feb 8 16:54:28	openvpn	38471	x.x.x.x:19575 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:19575 (si=3 op=P_CONTROL_V1)

      This is a paired down version of my config.ovpn

      dev xxxxx
disable-dco
verb 3
dev-type tun
dev-node /dev/tun1
proto udp4
auth SHA256
tls-server
username-as-common-name
remote-cert-tls client
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
persist-remote-ip
float
topology subnet
explicit-exit-notify 1
inactive 300

      This is a paired down version of my client.config

      dev tun
persist-tun
persist-key
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x ### udp
lport 0
verify-x509-name "removed" name
auth-user-pass
remote-cert-tls server
explicit-exit-notify
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.