Openvpn Site to site SSL\TLS issue Pfsense+ 23.01
-
Hello,
I am trying to set site to site with SSL\TLS autentication with no luck, i have set many site to site before
but this one giving me hard time , cant figure out what is wrong
the Server side is Pfsense 2.6 version ,client side is Pfsense+ 23.01 Netgate 6100 , after setting all configuration , i keep getting error that i very generic and i cant figure out whats wrong, the error is as followed below
Please below
Please advice
Thanks
Mar 17 22:40:56 openvpn 35224 TUN/TAP device ovpnc1 exists previously, keep at program end Mar 17 22:40:56 openvpn 35224 TUN/TAP device /dev/tun1 opened Mar 17 22:40:56 openvpn 35224 /sbin/ifconfig ovpnc1 10.0.21.2/-1 mtu 1500 up Mar 17 22:40:56 openvpn 35224 FreeBSD ifconfig failed: external program exited with error status: 1 Mar 17 22:40:56 openvpn 35224 Exiting due to fatal error
client side config
dev ovpnc1 disable-dco verb 3 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 14.194.25.202 tls-client lport 0 management /var/etc/openvpn/client1/sock unix remote x.x.x.162 1211 udp4 ifconfig 10.0.21.2 10.0.21.1 remote-cert-tls server capath /var/etc/openvpn/client1/ca cert /var/etc/openvpn/client1/cert key /var/etc/openvpn/client1/key tls-auth /var/etc/openvpn/client1/tls-auth 1 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC allow-compression no resolv-retry infinite topology subnet explicit-exit-notify 1
server side
dev ovpns7 verb 1 dev-type tun dev-node /dev/tun7 writepid /var/run/openvpn_server7.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local x.x.x.162 tls-server server 10.0.21.0 255.255.255.0 client-config-dir /var/etc/openvpn/server7/csc ifconfig 10.0.21.1 10.0.21.2 tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'UkVpnServer' 1" lport 1211 management /var/etc/openvpn/server7/sock unix push "route 172.22.0.0 255.255.248.0" push "route 10.20.0.0 255.255.0.0" push "route 10.40.0.0 255.255.0.0" push "route 10.62.0.0 255.255.0.0" push "route 10.109.0.0 255.255.0.0" duplicate-cn remote-cert-tls client route 172.28.91.0 255.255.255.0 capath /var/etc/openvpn/server7/ca cert /var/etc/openvpn/server7/cert key /var/etc/openvpn/server7/key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server7/tls-auth 0 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC allow-compression no persist-remote-ip float topology subnet explicit-exit-notify 1 inactive 300 sndbuf 524288 rcvbuf 524288
-
@tbaror Just to add to this post that i configured client from another system to connect to the same server used it on CE ver 2.6 and works flawlessly
so i start to assume there is issue with current 23.01 or i missed extra step on this version
Please advice
Thanks -
Hi ! I have the same issue since upgrade on the client side. (before it worked )
this is the log before when it's worked :
/sbin/ifconfig ovpnc4 10.10.2.2 10.10.2.1 mtu 1500 netmask 10.10.2.1 up /usr/local/sbin/ovpn-linkup ovpnc4 1500 0 10.10.2.2 10.10.2.1 init
and after the upgrade :
/sbin/ifconfig ovpnc4 10.10.2.2/-1 mtu 1500 up FreeBSD ifconfig failed: external program exited with error status: 1