• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN: interface 'ovpns1' does not exist

2.2 Snapshot Feedback and Problems - RETIRED
3
6
2.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    ingmthompson
    last edited by Apr 11, 2014, 1:38 PM

    Currently there seems to be a few issues with OpenVPN in 2.2. I've been unable to get a server instance started, firstly due to issues with the configs that pfSense is generating (https://redmine.pfsense.org/issues/3596), but once I fix that I'm seeing ifconfig spitting out this:

    
    Apr 11 05:04:39    openvpn[23401]: OpenVPN 2.3.2 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
    Apr 11 05:04:39    openvpn[23401]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Apr 11 05:04:40    openvpn[23401]: TUN/TAP device /dev/tun1 opened
    Apr 11 05:04:40    openvpn[23401]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Apr 11 05:04:40    openvpn[23401]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
    Apr 11 05:04:40    openvpn[23401]: FreeBSD ifconfig failed: external program exited with error status: 1
    Apr 11 05:04:40    openvpn[23401]: Exiting due to fatal error
    
    
    ifconfig: interface ovpns1 does not exist
    

    Just to be sure that I'm not making any basic mistakes here, does anyone have any ideas on what's going wrong and/or how to fix?

    1 Reply Last reply Reply Quote 0
    • E
      eri--
      last edited by Apr 11, 2014, 9:54 PM

      You should see that device if you just run a plain ifconfig command.
      If its not there should see what is not making it be there.

      pfSense pre generates that and does not leave to openvpn to create the interface.

      1 Reply Last reply Reply Quote 0
      • I
        ingmthompson
        last edited by Apr 12, 2014, 6:42 AM

        ifconfig's output doesn't include any interface named 'ovpns1'. Is there a way to force this interface to be created?

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by Apr 12, 2014, 8:18 AM

          2.2-ALPHA (i386)
          built on Wed Apr 9 09:01:59 CDT 2014
          FreeBSD 10.0-STABLE
          and I have made the fix to openvpn.inc at https://github.com/pfsense/pfsense/commit/db45bc6892d013e6f8d2e997822f526aa13ed687

          Same issue here. I have an OpenVPN site-to-site client that will attempt to connect out to main office. It fails on startup (either during boot or restarting from webGUI). System Log:

          Apr 12 13:57:17 	kernel: tun1: link state changed to UP
          Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group VPNclients
          Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group InetGeneral
          Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group Subisu1
          Apr 12 13:57:17 	kernel: tun1: link state changed to DOWN
          

          OpenVPN log:

          Apr 12 13:57:16 	openvpn[57535]: OpenVPN 2.3.2 i386-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
          Apr 12 13:57:16 	openvpn[57535]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
          Apr 12 13:57:17 	openvpn[57535]: TUN/TAP device /dev/tun1 opened
          Apr 12 13:57:17 	openvpn[57535]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
          Apr 12 13:57:17 	openvpn[57535]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up
          Apr 12 13:57:17 	openvpn[57535]: FreeBSD ifconfig failed: external program exited with error status: 1
          Apr 12 13:57:17 	openvpn[57535]: Exiting due to fatal error
          
          

          And an "ifconfig" shows no ovpnc1 device.
          Now to try some command line stuff to see what is wrong.

          Does anybody have any OpenVPN server or client running on 2.2 yet?

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • I
            ingmthompson
            last edited by Apr 15, 2014, 9:14 PM Apr 15, 2014, 9:08 PM

            Okay, progress in the latest snapshots (thanks Ermal) but still having dramas trying to connect to pfSense from a client. Looks like a couple of small typos in /usr/local/sbin/ovpn_auth_verify are causing TLS handshakes to fail:

            #!/bin/sh
            
            if [ "$1" = "tls" ]; then
            	RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certsubject=$4&certdepth=$5"
            else
            	password = $(echo '$password' | /usr/bin/sed 's/&/%26/g')
            	RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
            fi
            
            if [ "${RESULT} = "OK" ]; then
            	exit 0
            fi
            
            exit 1
            
            

            Note the missing closing parenthesis after:

            &certdepth=$5"
            

            and the missing closing quotes in:

            if [ "${RESULT} = "OK" ]; then
            

            Can we get this fixed please?

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by Apr 15, 2014, 9:12 PM

              Fixed thanks for the report.

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.