OpenVPN kills firewall PF2.0

vito

I have pfsnese setup at two locations on diff hardware.
When a user logs into OPVN, they will connect and work for a bit.
But, after a while the firewall will lockup.  Cannot get to device for screen errors
Other packages installed and seem to be working fine
Squid
Squid Guard
Snort
OpenVPN Export
Light Squid
Anyterm
Happens on snaps between 12-5 12-7
Can’t upgrade to latest due to the Squid bug in newest snap.

Anyone else having problems?

Thanks in advance

vito

I got an alert that there was a reply here from nastraga, but i do not see it.

dreamslacker

I've encountered a similar issue for 6th dec & 12th dec.  OpenVPN doesn't work, firewall logs shows the client connection being made but Ovpn server doesn't negotiate with the client.
I had initially thought that it was an issue with the Cert manager generated certs and copied the certs from a separate working config (Aug 27th build).
The result was that Ovpn negotiates but gives an error about server expected before the webgui & sshd locks up.  Web traffic still passes through fine but attempts to SSH, access via WebGUI on WAN or NAT doesn't work.  After the box recovers, the uptime shows 1 minute but there are no records of the unit rebooting.  The system logs are empty and no errors are recorded.

vito

While testing, i had to recreate the OPVPN server multiple times.
Each time it would create more certs. I created one cert for the OPVPN server prior to the original setup.

I had to go in and delete about 7 certs with the same name.

Maybe i am missing something with the cert manager.

On a side note: Great work on OPVPN and the Export! Very nice features.
(only thing missing is AD groups for auth.)
:)

vito

Updated to the latest snap and OpenVPN still kills firewall. (can not get into the router to see logs or console due to being remote)

This happened on different installs of PF 2.0 across different hardware and clients.
At once site it seemed to get better only when i lowered the encryption settings. (from 256 to 19x)

my same config worked fine with older Snaps (before Dec.)

Thanks in advance

vito

more info:
this is the setting i changed
Encryption algorithm from 256 to 192 cbc
once i did that, i can stay connected

jimp

What kind of hardware are you running this on? I haven't seen anything like this, and there are many, many people using OpenVPN on 2.0 with success.

vito

lanner server with intel nics 3.0ghz 4gb ram
super micro server atom 510 with 4Gb ram intel nics

can get models later if need be, mobile at the moment

the same config worked on prior snaps fine on the servers
thanks!

nastraga

I am also running into problems with OpenVPN on recent snapshots - can't say what version problem started with.

Currently TESTING:

2.0-BETA5 (i386)
built on Thu Dec 30 02:29:44 EST 2010

Router is acting as an OpenVPN client with the following settings:

Peer to Peer ( SSL/TLS )
TCP
tun
TLS Authentication
BF-CBC (128-bit)

Moving 5+ Mbps through an OpenVPN tunnel seems to cause issues.
Router locks up, followed by a reboot.  Haven't actually caught the screen yet during a dump.

This is not a problem with the Oct 30 build I've been using.  Link is stable & moves significantly more than 5Mbps, using the integrated em NICs.

Router Specs:

Supermicro PDSML-LN2 mobo
Intel Pentium D CPU 2.8GHz
1GB RAM

Have tried both onboard NICs (Intel 82573L/Intel 82573V - caused REAL stability problems with many operations) and offboard Realtek (8139)

vito

had a chance to get a screen grab when this happens

I can not get the error on the other hardware in the field, but the same problem happens.
Same hardware worked with older snaps. The Oct snaps as mentioned by another poster seems to be the time frame this last worked.
Thanks!!

NOTE: my firewall does not reboot after this. It has to be manually restarted.