Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN kills firewall PF2.0

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    10 Posts 4 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vito
      last edited by

      I have pfsnese setup at two locations on diff hardware.
      When a user logs into OPVN, they will connect and work for a bit.
      But, after a while the firewall will lockup.  Cannot get to device for screen errors
      Other packages installed and seem to be working fine
      Squid
      Squid Guard
      Snort
      OpenVPN Export
      Light Squid
      Anyterm
      Happens on snaps between 12-5 12-7
      Can’t upgrade to latest due to the Squid bug in newest snap.

      Anyone else having problems?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • V
        vito
        last edited by

        I got an alert that there was a reply here from nastraga, but i do not see it.

        1 Reply Last reply Reply Quote 0
        • D
          dreamslacker
          last edited by

          I've encountered a similar issue for 6th dec & 12th dec.  OpenVPN doesn't work, firewall logs shows the client connection being made but Ovpn server doesn't negotiate with the client.
          I had initially thought that it was an issue with the Cert manager generated certs and copied the certs from a separate working config (Aug 27th build).
          The result was that Ovpn negotiates but gives an error about server expected before the webgui & sshd locks up.  Web traffic still passes through fine but attempts to SSH, access via WebGUI on WAN or NAT doesn't work.  After the box recovers, the uptime shows 1 minute but there are no records of the unit rebooting.  The system logs are empty and no errors are recorded.

          1 Reply Last reply Reply Quote 0
          • V
            vito
            last edited by

            While testing, i had to recreate the OPVPN server multiple times.
            Each time it would create more certs. I created one cert for the OPVPN server prior to the original setup.

            I had to go in and delete about 7 certs with the same name.

            Maybe i am missing something with the cert manager.

            On a side note: Great work on OPVPN and the Export! Very nice features.
            (only thing missing is AD groups for auth.)
            :)

            1 Reply Last reply Reply Quote 0
            • V
              vito
              last edited by

              Updated to the latest snap and OpenVPN still kills firewall. (can not get into the router to see logs or console due to being remote)

              This happened on different installs of PF 2.0 across different hardware and clients.
              At once site it seemed to get better only when i lowered the encryption settings. (from 256 to 19x)

              my same config worked fine with older Snaps (before Dec.)

              Thanks in advance

              1 Reply Last reply Reply Quote 0
              • V
                vito
                last edited by

                more info:
                this is the setting i changed
                Encryption algorithm from 256 to 192 cbc
                once i did that, i can stay connected

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  What kind of hardware are you running this on? I haven't seen anything like this, and there are many, many people using OpenVPN on 2.0 with success.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • V
                    vito
                    last edited by

                    lanner server with intel nics 3.0ghz 4gb ram
                    super micro server atom 510 with 4Gb ram intel nics

                    can get models later if need be, mobile at the moment

                    the same config worked on prior snaps fine on the servers
                    thanks!

                    1 Reply Last reply Reply Quote 0
                    • N
                      nastraga
                      last edited by

                      I am also running into problems with OpenVPN on recent snapshots - can't say what version problem started with.

                      Currently TESTING:

                      2.0-BETA5 (i386)
                      built on Thu Dec 30 02:29:44 EST 2010

                      Router is acting as an OpenVPN client with the following settings:

                      Peer to Peer ( SSL/TLS )
                      TCP
                      tun
                      TLS Authentication
                      BF-CBC (128-bit)

                      Moving 5+ Mbps through an OpenVPN tunnel seems to cause issues.
                      Router locks up, followed by a reboot.  Haven't actually caught the screen yet during a dump.

                      This is not a problem with the Oct 30 build I've been using.  Link is stable & moves significantly more than 5Mbps, using the integrated em NICs.

                      Router Specs:

                      Supermicro PDSML-LN2 mobo
                      Intel Pentium D CPU 2.8GHz
                      1GB RAM

                      Have tried both onboard NICs (Intel 82573L/Intel 82573V - caused REAL stability problems with many operations) and offboard Realtek (8139)

                      1 Reply Last reply Reply Quote 0
                      • V
                        vito
                        last edited by

                        had a chance to get a screen grab when this happens

                        I can not get the error on the other hardware in the field, but the same problem happens.
                        Same hardware worked with older snaps. The Oct snaps as mentioned by another poster seems to be the time frame this last worked.
                        Thanks!!

                        NOTE: my firewall does not reboot after this. It has to be manually restarted.

                        fw.JPG
                        fw.JPG_thumb

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.