1.2RC3 OpenVPN bug?



  • When PFSense starts it opens a OpenVPN client connection to a Win32 Server. Logs do not show errors but ping doesn't work. If you simply re-save OpenVPN client config it works. Rebooting again it does not connect again. This behaviour appear only on boot up.

    OpenVPN Log (just after boot) is:

    Nov 12 08:51:54 openvpn[350]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Nov 12 08:51:54 openvpn[350]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Nov 12 08:51:54 openvpn[350]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Nov 12 08:51:54 openvpn[350]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
    Nov 12 08:51:54 openvpn[350]: LZO compression initialized
    Nov 12 08:51:54 openvpn[351]: Attempting to establish TCP connection with A.B.C.D:1194
    Nov 12 08:51:55 openvpn[351]: TCP connection established with A.B.C.D:1194
    Nov 12 08:51:55 openvpn[351]: TCPv4_CLIENT link local: [undef]
    Nov 12 08:51:55 openvpn[351]: TCPv4_CLIENT link remote: A.B.C.D:1194
    Nov 12 08:51:59 openvpn[351]: [server] Peer Connection Initiated with A.B.C.D:1194
    Nov 12 08:52:02 openvpn[351]: gw 10.0.0.1
    Nov 12 08:52:02 openvpn[351]: TUN/TAP device /dev/tun0 opened
    Nov 12 08:52:02 openvpn[351]: /sbin/ifconfig tun0 10.3.0.254 10.3.0.253 mtu 1500 netmask 255.255.255.255 up
    Nov 12 08:52:02 openvpn[351]: /etc/rc.filter_configure tun0 1500 1544 10.3.0.254 10.3.0.253 init
    Nov 12 08:52:10 openvpn[351]: Initialization Sequence Completed

    Win32 Server (just after initial bootup PFSense connection) is:

    Mon Nov 12 08:51:38 2007 LZO compression initialized
    Mon Nov 12 08:51:38 2007 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Mon Nov 12 08:51:38 2007 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
    Mon Nov 12 08:51:38 2007 Local Options hash (VER=V4): 'c0103fa8'
    Mon Nov 12 08:51:38 2007 Expected Remote Options hash (VER=V4): '69109d17'
    Mon Nov 12 08:51:38 2007 TCP connection established with X.Y.Z.W:7859
    Mon Nov 12 08:51:38 2007 TCPv4_SERVER link local: [undef]
    Mon Nov 12 08:51:38 2007 TCPv4_SERVER link remote: X.Y.Z.W:7859
    Mon Nov 12 08:51:38 2007 X.Y.Z.W:7859 TLS: Initial packet from X.Y.Z.W:7859, sid=493548f0 166c5b31
    Mon Nov 12 08:51:42 2007 X.Y.Z.W:7859 VERIFY OK: depth=1, /C=IT/ST=SA/L=XXXXXX/O=XXXXXX/OU=XXXXXX/CN=XXXXXX/emailAddress=xxx@xxx.xxx
    Mon Nov 12 08:51:42 2007 X.Y.Z.W:7859 VERIFY OK: depth=0, /C=IT/ST=SA/O=XXXXXX/OU=XXXXXX/CN=nas-test/emailAddress=xxx@xxx.xxx
    Mon Nov 12 08:51:43 2007 X.Y.Z.W:7859 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Mon Nov 12 08:51:43 2007 X.Y.Z.W:7859 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Nov 12 08:51:43 2007 X.Y.Z.W:7859 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Mon Nov 12 08:51:43 2007 X.Y.Z.W:7859 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Nov 12 08:51:43 2007 X.Y.Z.W:7859 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Mon Nov 12 08:51:43 2007 X.Y.Z.W:7859 [nas-test] Peer Connection Initiated with X.Y.Z.W:7859
    Mon Nov 12 08:51:43 2007 nas-test/X.Y.Z.W:7859 OPTIONS IMPORT: reading client specific options from: ccd\nas-test
    Mon Nov 12 08:51:43 2007 nas-test/X.Y.Z.W:7859 MULTI: Learn: 10.3.0.254 -> nas-test/X.Y.Z.W:7859
    Mon Nov 12 08:51:43 2007 nas-test/X.Y.Z.W:7859 MULTI: primary virtual IP for nas-test/X.Y.Z.W:7859: 10.3.0.254
    Mon Nov 12 08:51:44 2007 nas-test/X.Y.Z.W:7859 PUSH: Received control message: 'PUSH_REQUEST'
    Mon Nov 12 08:51:44 2007 nas-test/X.Y.Z.W:7859 SENT CONTROL [nas-test]: 'PUSH_REPLY,ping 10,ping-restart 60,route 10.3.0.1,ifconfig 10.3.0.254 10.3.0.253' (status=1)

    Of course 1.2RC2 was working right (even if sometimes OpenVPN client losts connection).
    Thanks


Log in to reply