OpenVPN: interface 'ovpns1' does not exist
-
Currently there seems to be a few issues with OpenVPN in 2.2. I've been unable to get a server instance started, firstly due to issues with the configs that pfSense is generating (https://redmine.pfsense.org/issues/3596), but once I fix that I'm seeing ifconfig spitting out this:
Apr 11 05:04:39 openvpn[23401]: OpenVPN 2.3.2 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014 Apr 11 05:04:39 openvpn[23401]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 11 05:04:40 openvpn[23401]: TUN/TAP device /dev/tun1 opened Apr 11 05:04:40 openvpn[23401]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Apr 11 05:04:40 openvpn[23401]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up Apr 11 05:04:40 openvpn[23401]: FreeBSD ifconfig failed: external program exited with error status: 1 Apr 11 05:04:40 openvpn[23401]: Exiting due to fatal error
ifconfig: interface ovpns1 does not exist
Just to be sure that I'm not making any basic mistakes here, does anyone have any ideas on what's going wrong and/or how to fix?
-
You should see that device if you just run a plain ifconfig command.
If its not there should see what is not making it be there.pfSense pre generates that and does not leave to openvpn to create the interface.
-
ifconfig's output doesn't include any interface named 'ovpns1'. Is there a way to force this interface to be created?
-
2.2-ALPHA (i386)
built on Wed Apr 9 09:01:59 CDT 2014
FreeBSD 10.0-STABLE
and I have made the fix to openvpn.inc at https://github.com/pfsense/pfsense/commit/db45bc6892d013e6f8d2e997822f526aa13ed687Same issue here. I have an OpenVPN site-to-site client that will attempt to connect out to main office. It fails on startup (either during boot or restarting from webGUI). System Log:
Apr 12 13:57:17 kernel: tun1: link state changed to UP Apr 12 13:57:17 php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group VPNclients Apr 12 13:57:17 php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group InetGeneral Apr 12 13:57:17 php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group Subisu1 Apr 12 13:57:17 kernel: tun1: link state changed to DOWN
OpenVPN log:
Apr 12 13:57:16 openvpn[57535]: OpenVPN 2.3.2 i386-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014 Apr 12 13:57:16 openvpn[57535]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 12 13:57:17 openvpn[57535]: TUN/TAP device /dev/tun1 opened Apr 12 13:57:17 openvpn[57535]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Apr 12 13:57:17 openvpn[57535]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up Apr 12 13:57:17 openvpn[57535]: FreeBSD ifconfig failed: external program exited with error status: 1 Apr 12 13:57:17 openvpn[57535]: Exiting due to fatal error
And an "ifconfig" shows no ovpnc1 device.
Now to try some command line stuff to see what is wrong.Does anybody have any OpenVPN server or client running on 2.2 yet?
-
Okay, progress in the latest snapshots (thanks Ermal) but still having dramas trying to connect to pfSense from a client. Looks like a couple of small typos in /usr/local/sbin/ovpn_auth_verify are causing TLS handshakes to fail:
#!/bin/sh if [ "$1" = "tls" ]; then RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certsubject=$4&certdepth=$5" else password = $(echo '$password' | /usr/bin/sed 's/&/%26/g') RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4") fi if [ "${RESULT} = "OK" ]; then exit 0 fi exit 1
Note the missing closing parenthesis after:
&certdepth=$5"
and the missing closing quotes in:
if [ "${RESULT} = "OK" ]; then
Can we get this fixed please?
-
Fixed thanks for the report.