Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN: interface 'ovpns1' does not exist

    2.2 Snapshot Feedback and Problems - RETIRED
    3
    6
    2061
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ingmthompson last edited by

      Currently there seems to be a few issues with OpenVPN in 2.2. I've been unable to get a server instance started, firstly due to issues with the configs that pfSense is generating (https://redmine.pfsense.org/issues/3596), but once I fix that I'm seeing ifconfig spitting out this:

      
Apr 11 05:04:39    openvpn[23401]: OpenVPN 2.3.2 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
Apr 11 05:04:39    openvpn[23401]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 11 05:04:40    openvpn[23401]: TUN/TAP device /dev/tun1 opened
Apr 11 05:04:40    openvpn[23401]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 11 05:04:40    openvpn[23401]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
Apr 11 05:04:40    openvpn[23401]: FreeBSD ifconfig failed: external program exited with error status: 1
Apr 11 05:04:40    openvpn[23401]: Exiting due to fatal error


      ifconfig: interface ovpns1 does not exist

      Just to be sure that I'm not making any basic mistakes here, does anyone have any ideas on what's going wrong and/or how to fix?

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        You should see that device if you just run a plain ifconfig command.
        If its not there should see what is not making it be there.

        pfSense pre generates that and does not leave to openvpn to create the interface.

        1 Reply Last reply Reply Quote 0
        • I
          ingmthompson last edited by

          ifconfig's output doesn't include any interface named 'ovpns1'. Is there a way to force this interface to be created?

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            2.2-ALPHA (i386)
            built on Wed Apr 9 09:01:59 CDT 2014
            FreeBSD 10.0-STABLE
            and I have made the fix to openvpn.inc at https://github.com/pfsense/pfsense/commit/db45bc6892d013e6f8d2e997822f526aa13ed687

            Same issue here. I have an OpenVPN site-to-site client that will attempt to connect out to main office. It fails on startup (either during boot or restarting from webGUI). System Log:

            Apr 12 13:57:17 	kernel: tun1: link state changed to UP
Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group VPNclients
Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group InetGeneral
Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group Subisu1
Apr 12 13:57:17 	kernel: tun1: link state changed to DOWN

            OpenVPN log:

            Apr 12 13:57:16 	openvpn[57535]: OpenVPN 2.3.2 i386-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
Apr 12 13:57:16 	openvpn[57535]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 12 13:57:17 	openvpn[57535]: TUN/TAP device /dev/tun1 opened
Apr 12 13:57:17 	openvpn[57535]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 12 13:57:17 	openvpn[57535]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up
Apr 12 13:57:17 	openvpn[57535]: FreeBSD ifconfig failed: external program exited with error status: 1
Apr 12 13:57:17 	openvpn[57535]: Exiting due to fatal error

            And an "ifconfig" shows no ovpnc1 device.
            Now to try some command line stuff to see what is wrong.

            Does anybody have any OpenVPN server or client running on 2.2 yet?

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • I
              ingmthompson last edited by

              Okay, progress in the latest snapshots (thanks Ermal) but still having dramas trying to connect to pfSense from a client. Looks like a couple of small typos in /usr/local/sbin/ovpn_auth_verify are causing TLS handshakes to fail:

              #!/bin/sh

if [ "$1" = "tls" ]; then
	RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certsubject=$4&certdepth=$5"
else
	password = $(echo '$password' | /usr/bin/sed 's/&/%26/g')
	RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
fi

if [ "${RESULT} = "OK" ]; then
	exit 0
fi

exit 1

              Note the missing closing parenthesis after:

              &certdepth=$5"

              and the missing closing quotes in:

              if [ "${RESULT} = "OK" ]; then

              Can we get this fixed please?

              1 Reply Last reply Reply Quote 0
              • E
                eri-- last edited by

                Fixed thanks for the report.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post