OpenVPN no tap-device after upgrade RC1



  • Hi,

    Sorry for my poor english.

    After upgrade my RC1 from 20.03.2011 to 24.03.2011 and later. I'm not able to create a openvpn working configuration with tap as device type. At webgui and In config.xml tap is set, but in generated /var/etc/openvpn/client1.conf it is always tun. In earlier releases it has worked.

    Also it's not possible to create a bridge with RC1. Interfaces do not leave learning state.

    are this know bugs?
    sebastian


  • Rebel Alliance Developer Netgate

    It's a known issue. Tap was never officially supported, but it was possible to hack around it in 1.2.x.

    There is an open ticket, someone has a patch there to try, but it's too late for that to make it into 2.0.

    http://redmine.pfsense.org/issues/1222



  • Thanks for your answer.

    Ticket is for the server part but I'll use pfSense as a client. It's also unsupported? In RC1 before 03/21 it seem to work - but I think my bridge configuration is broken.

    thank
    sebastian


  • Rebel Alliance Developer Netgate

    Ah, ok. I misread that part.

    Looks like this commit may have broken the selection.

    https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/bf87b4d7d1e9c0064e59727afd7601c111f6f3da



  • wait a second;

    could this be the reason for my issue ? i think it is.
    well it looks like sebastian and i are sticking to the march 20th snap.

    http://forum.pfsense.org/index.php/topic,34858.0.html


  • Rebel Alliance Developer Netgate

    I let the person who made that previous commit know and they're working on a fix.



  • excellent news jimp,
    im so glad this has finally been resolved, or at least now we know the cause of the problem



  • jimp; Luiz,
    i noticed this:
    http://redmine.pfsense.org/projects/pfsense/repository/revisions/681b43b0790694b737dc91573a233a8aa468b681

    the problem still persists however.

    my vpn client calls for a TAP device, but despite what is selected in the WebUI, a TUN device is used.

    the log of a working client (March 20th and before)

    Mar 29 19:12:52 	openvpn[16984]: Initialization Sequence Completed
    Mar 29 19:12:52 	openvpn[16984]: /sbin/route add -net 128.0.0.0 88.126.75.1 128.0.0.0
    Mar 29 19:12:52 	openvpn[16984]: /sbin/route add -net 0.0.0.0 88.126.75.1 128.0.0.0
    Mar 29 19:12:52 	openvpn[16984]: /sbin/route add -net 78.73.215.170 192.68.1.1 255.255.255.255
    Mar 29 19:12:50 	openvpn[16984]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1574 88.126.75.98 255.255.255.128 init
    Mar 29 19:12:50 	openvpn[16984]: /sbin/ifconfig ovpnc2 88.126.75.98 netmask 255.255.255.128 mtu 1500 up
    Mar 29 19:12:50 	openvpn[16984]: do_ifconfig, tt->ipv6=0
    Mar 29 19:12:50 	openvpn[16984]: TUN/TAP device /dev/tap2 opened
    Mar 29 19:12:50 	openvpn[16984]: ROUTE default_gateway=192.168.1.1
    

    NOTE the TAP device –-^

    anything after March 20th this is the result:

    Mar 29 19:01:47 	openvpn[16905]: Initialization Sequence Completed
    Mar 29 19:01:47 	openvpn[16905]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Mar 29 19:01:47 	openvpn[16905]: /sbin/route add -net 128.0.0.0 88.126.74.129 128.0.0.0
    Mar 29 19:01:47 	openvpn[16905]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Mar 29 19:01:47 	openvpn[16905]: /sbin/route add -net 0.0.0.0 88.126.74.129 128.0.0.0
    Mar 29 19:01:47 	openvpn[16905]: /sbin/route add -net 78.73.215.173 192.68.1.1 255.255.255.255
    Mar 29 19:01:45 	openvpn[16905]: /usr/local/sbin/ovpn-linkup ovpnc2 1532 1574 88.126.74.237 255.255.255.128 init
    Mar 29 19:01:45 	openvpn[16905]: /sbin/ifconfig ovpnc2 88.126.74.237 255.255.255.128 mtu 1532 netmask 255.255.255.255 up
    Mar 29 19:01:45 	openvpn[16905]: do_ifconfig, tt->ipv6=0
    Mar 29 19:01:45 	openvpn[16905]: TUN/TAP device /dev/tun2 opened
    Mar 29 19:01:45 	openvpn[16905]: ROUTE default_gateway=192.168.1.1
    

    NOTE the TUN device –-^

    note: IP's have been changed ;)



  • same her …

    I have found a manual workaround. Change <dev_mode>and</dev_mode> in /conf/config.xml to <device_mode>and</device_mode> and now it work ... I think the comiter forget to change vpn_openvpn_client.php (or which script create configuration?) - but I have no clue how to fix it  :(

    thanks
    Sebastian


  • Rebel Alliance Developer Netgate

    Yeah it really should have been standardized on dev_mode not device_mode, or else older configs will break. I'll check on the fix.


  • Rebel Alliance Developer Netgate



  • edit*

    nevermind, it works just fine; just needed a reboot !
    it was throwing this error at me:

    Apr 1 15:11:36 	openvpn[35065]: Exiting
    Apr 1 15:11:36 	openvpn[35065]: FreeBSD ifconfig failed: external program exited with error status: 1
    ```'
    
    +1 jimp
    thanks !

Locked