OpenVPN tap device failure (possible bug?)
Hello, I have recently trying to configure my pfSense to use a Site-to-Site OpenVPN tunnel to a vpn provider of mine.
I successfully connect to the provider and gets a ip address but I can't get it assigned on the tap device.
tap1: flags=8842 <broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:xx:xx:xx:xx:xx</linkstate></broadcast,running,simplex,multicast>
My suspections is that the tap-device that goes under the name "tap1" isn't noticed since it runs "ifconfig tap x.x.x.x.x x.x.x.x.x" etc but the the real device
is tap1. So it throws out this message.
openvpn: TUN/TAP device [b]/dev/tap1 opened[/b] openvpn: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 openvpn: /sbin/[b][color]ifconfig tap[/color][/b] x.x.x.x netmask 255.255.255.128 mtu 1500 up openvpn: FreeBSD ifconfig failed: external program exited with error status: 1
If I enter the "ifconfig-noexec" command in the advanced options I successfully get rid of the error (to the extent that I can't route any traffic through vpn).
But I see that it communicates with the vpn provider and it doesn't affect any connection problems or anything.
To note is that I get the same one with the "route" command i.e when it want's to add routes around.
When I add the "ifconfig-noexec" command it passes through the previous error I posted above and instead spits this out.
openvpn: [b]TUN/TAP device /dev/tap1 opened[/b] openvpn: /usr/local/sbin/ovpn-linkup tap 1500 1574 x.x.x.x 255.255.255.128 init openvpn: /sbin/route add -net x.x.x.x x.x.x.x 255.255.255.255 openvpn: /sbin/route add -net 0.0.0.0 x.x.x.x 22.214.171.124 openvpn: ERROR: FreeBSD route add command failed: external program exited with error status: 1 openvpn: /sbin/route add -net 126.96.36.199 x.x.x.x 188.8.131.52 openvpn: ERROR: FreeBSD route add command failed: external program exited with error status: 1
If I add both "ifconfig-noexec" and "route-noexec" into advanced options it connects to the vpn provider and gives me a IP but it doesn't assign it to tap nor does it add the routes (obviously since I said that it shouldn't use those two commands).
But has anybody found a solution to this problem?
I have tried editing the /conf/config.xml file as stated in a forum post I found here and changed to but it didn't do any good.
I have done numerous of restarts and checked logs every time.
Here is my advanced options:
dev tap dev-type tap verb 5 user root proto udp port 1194 resolv-retry infinite ca /etc/ca.crt auth-user-pass /etc/openvpn-password.txt persist-tun persist-key redirect-gateway def1
Really thankful for any help I could get!
I have managed to fix it by passing "dev tap1" instead of "dev tap" in the advanced configs.
Now my interface connected to tap1 gets the ip from the vpn provider but it doesn't pass it through to my gateway so I can't connect to the internet.
My gateway has the ip-address set to "dynamic" and the interface is set to the one getting the address from tap1. But all it says is "gathering data".
Problem solved. I simply changed back to default gateway and then back to the vpn gateway and it worked.
Oh boy, I have learnt a lot today about what could be wrong with this, hopefully I can have it working a while now :)
Thanks for a great software PFSENSE team!