OpenVPN kills firewall PF2.0



  • I have pfsnese setup at two locations on diff hardware.
    When a user logs into OPVN, they will connect and work for a bit.
    But, after a while the firewall will lockup.  Cannot get to device for screen errors
    Other packages installed and seem to be working fine
    Squid
    Squid Guard
    Snort
    OpenVPN Export
    Light Squid
    Anyterm
    Happens on snaps between 12-5 12-7
    Can’t upgrade to latest due to the Squid bug in newest snap.

    Anyone else having problems?

    Thanks in advance



  • I got an alert that there was a reply here from nastraga, but i do not see it.



  • I've encountered a similar issue for 6th dec & 12th dec.  OpenVPN doesn't work, firewall logs shows the client connection being made but Ovpn server doesn't negotiate with the client.
    I had initially thought that it was an issue with the Cert manager generated certs and copied the certs from a separate working config (Aug 27th build).
    The result was that Ovpn negotiates but gives an error about server expected before the webgui & sshd locks up.  Web traffic still passes through fine but attempts to SSH, access via WebGUI on WAN or NAT doesn't work.  After the box recovers, the uptime shows 1 minute but there are no records of the unit rebooting.  The system logs are empty and no errors are recorded.



  • While testing, i had to recreate the OPVPN server multiple times.
    Each time it would create more certs. I created one cert for the OPVPN server prior to the original setup.

    I had to go in and delete about 7 certs with the same name.

    Maybe i am missing something with the cert manager.

    On a side note: Great work on OPVPN and the Export! Very nice features.
    (only thing missing is AD groups for auth.)
    :)



  • Updated to the latest snap and OpenVPN still kills firewall. (can not get into the router to see logs or console due to being remote)

    This happened on different installs of PF 2.0 across different hardware and clients.
    At once site it seemed to get better only when i lowered the encryption settings. (from 256 to 19x)

    my same config worked fine with older Snaps (before Dec.)

    Thanks in advance



  • more info:
    this is the setting i changed
    Encryption algorithm from 256 to 192 cbc
    once i did that, i can stay connected


  • Rebel Alliance Developer Netgate

    What kind of hardware are you running this on? I haven't seen anything like this, and there are many, many people using OpenVPN on 2.0 with success.



  • lanner server with intel nics 3.0ghz 4gb ram
    super micro server atom 510 with 4Gb ram intel nics

    can get models later if need be, mobile at the moment

    the same config worked on prior snaps fine on the servers
    thanks!



  • I am also running into problems with OpenVPN on recent snapshots - can't say what version problem started with.

    Currently TESTING:

    2.0-BETA5 (i386)
    built on Thu Dec 30 02:29:44 EST 2010

    Router is acting as an OpenVPN client with the following settings:

    Peer to Peer ( SSL/TLS )
    TCP
    tun
    TLS Authentication
    BF-CBC (128-bit)

    Moving 5+ Mbps through an OpenVPN tunnel seems to cause issues.
    Router locks up, followed by a reboot.  Haven't actually caught the screen yet during a dump.

    This is not a problem with the Oct 30 build I've been using.  Link is stable & moves significantly more than 5Mbps, using the integrated em NICs.

    Router Specs:

    Supermicro PDSML-LN2 mobo
    Intel Pentium D CPU 2.8GHz
    1GB RAM

    Have tried both onboard NICs (Intel 82573L/Intel 82573V - caused REAL stability problems with many operations) and offboard Realtek (8139)



  • had a chance to get a screen grab when this happens

    I can not get the error on the other hardware in the field, but the same problem happens.
    Same hardware worked with older snaps. The Oct snaps as mentioned by another poster seems to be the time frame this last worked.
    Thanks!!

    NOTE: my firewall does not reboot after this. It has to be manually restarted.



Locked