OpenVPN no tap-device after upgrade RC1

sebastian

Hi,

Sorry for my poor english.

After upgrade my RC1 from 20.03.2011 to 24.03.2011 and later. I'm not able to create a openvpn working configuration with tap as device type. At webgui and In config.xml tap is set, but in generated /var/etc/openvpn/client1.conf it is always tun. In earlier releases it has worked.

Also it's not possible to create a bridge with RC1. Interfaces do not leave learning state.

are this know bugs?
sebastian

jimp

It's a known issue. Tap was never officially supported, but it was possible to hack around it in 1.2.x.

There is an open ticket, someone has a patch there to try, but it's too late for that to make it into 2.0.

http://redmine.pfsense.org/issues/1222

sebastian

Thanks for your answer.

Ticket is for the server part but I'll use pfSense as a client. It's also unsupported? In RC1 before 03/21 it seem to work - but I think my bridge configuration is broken.

thank
sebastian

jimp

Ah, ok. I misread that part.

Looks like this commit may have broken the selection.

https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/bf87b4d7d1e9c0064e59727afd7601c111f6f3da

ericab

wait a second;

could this be the reason for my issue ? i think it is.
well it looks like sebastian and i are sticking to the march 20th snap.

http://forum.pfsense.org/index.php/topic,34858.0.html

jimp

I let the person who made that previous commit know and they're working on a fix.

ericab

excellent news jimp,
im so glad this has finally been resolved, or at least now we know the cause of the problem

ericab

jimp; Luiz,
i noticed this:
http://redmine.pfsense.org/projects/pfsense/repository/revisions/681b43b0790694b737dc91573a233a8aa468b681

the problem still persists however.

my vpn client calls for a TAP device, but despite what is selected in the WebUI, a TUN device is used.

the log of a working client (March 20th and before)

Mar 29 19:12:52 	openvpn[16984]: Initialization Sequence Completed
Mar 29 19:12:52 	openvpn[16984]: /sbin/route add -net 128.0.0.0 88.126.75.1 128.0.0.0
Mar 29 19:12:52 	openvpn[16984]: /sbin/route add -net 0.0.0.0 88.126.75.1 128.0.0.0
Mar 29 19:12:52 	openvpn[16984]: /sbin/route add -net 78.73.215.170 192.68.1.1 255.255.255.255
Mar 29 19:12:50 	openvpn[16984]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1574 88.126.75.98 255.255.255.128 init
Mar 29 19:12:50 	openvpn[16984]: /sbin/ifconfig ovpnc2 88.126.75.98 netmask 255.255.255.128 mtu 1500 up
Mar 29 19:12:50 	openvpn[16984]: do_ifconfig, tt->ipv6=0
Mar 29 19:12:50 	openvpn[16984]: TUN/TAP device /dev/tap2 opened
Mar 29 19:12:50 	openvpn[16984]: ROUTE default_gateway=192.168.1.1

NOTE the TAP device –-^

anything after March 20th this is the result:

Mar 29 19:01:47 	openvpn[16905]: Initialization Sequence Completed
Mar 29 19:01:47 	openvpn[16905]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 29 19:01:47 	openvpn[16905]: /sbin/route add -net 128.0.0.0 88.126.74.129 128.0.0.0
Mar 29 19:01:47 	openvpn[16905]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 29 19:01:47 	openvpn[16905]: /sbin/route add -net 0.0.0.0 88.126.74.129 128.0.0.0
Mar 29 19:01:47 	openvpn[16905]: /sbin/route add -net 78.73.215.173 192.68.1.1 255.255.255.255
Mar 29 19:01:45 	openvpn[16905]: /usr/local/sbin/ovpn-linkup ovpnc2 1532 1574 88.126.74.237 255.255.255.128 init
Mar 29 19:01:45 	openvpn[16905]: /sbin/ifconfig ovpnc2 88.126.74.237 255.255.255.128 mtu 1532 netmask 255.255.255.255 up
Mar 29 19:01:45 	openvpn[16905]: do_ifconfig, tt->ipv6=0
Mar 29 19:01:45 	openvpn[16905]: TUN/TAP device /dev/tun2 opened
Mar 29 19:01:45 	openvpn[16905]: ROUTE default_gateway=192.168.1.1

NOTE the TUN device –-^

note: IP's have been changed ;)

sebastian

same her …

I have found a manual workaround. Change <dev_mode>and</dev_mode> in /conf/config.xml to <device_mode>and</device_mode> and now it work ... I think the comiter forget to change vpn_openvpn_client.php (or which script create configuration?) - but I have no clue how to fix it  :(

thanks
Sebastian

jimp

Yeah it really should have been standardized on dev_mode not device_mode, or else older configs will break. I'll check on the fix.

jimp

https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/4936ff53df99f9c3f7de42980b581d21c1838404

ericab

edit*

nevermind, it works just fine; just needed a reboot !
it was throwing this error at me:

Apr 1 15:11:36 	openvpn[35065]: Exiting
Apr 1 15:11:36 	openvpn[35065]: FreeBSD ifconfig failed: external program exited with error status: 1
```'

+1 jimp
thanks !