OpenVPN: interface 'ovpns1' does not exist



  • Currently there seems to be a few issues with OpenVPN in 2.2. I've been unable to get a server instance started, firstly due to issues with the configs that pfSense is generating (https://redmine.pfsense.org/issues/3596), but once I fix that I'm seeing ifconfig spitting out this:

    
    Apr 11 05:04:39    openvpn[23401]: OpenVPN 2.3.2 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
    Apr 11 05:04:39    openvpn[23401]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Apr 11 05:04:40    openvpn[23401]: TUN/TAP device /dev/tun1 opened
    Apr 11 05:04:40    openvpn[23401]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Apr 11 05:04:40    openvpn[23401]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
    Apr 11 05:04:40    openvpn[23401]: FreeBSD ifconfig failed: external program exited with error status: 1
    Apr 11 05:04:40    openvpn[23401]: Exiting due to fatal error
    
    
    ifconfig: interface ovpns1 does not exist
    

    Just to be sure that I'm not making any basic mistakes here, does anyone have any ideas on what's going wrong and/or how to fix?



  • You should see that device if you just run a plain ifconfig command.
    If its not there should see what is not making it be there.

    pfSense pre generates that and does not leave to openvpn to create the interface.



  • ifconfig's output doesn't include any interface named 'ovpns1'. Is there a way to force this interface to be created?



  • 2.2-ALPHA (i386)
    built on Wed Apr 9 09:01:59 CDT 2014
    FreeBSD 10.0-STABLE
    and I have made the fix to openvpn.inc at https://github.com/pfsense/pfsense/commit/db45bc6892d013e6f8d2e997822f526aa13ed687

    Same issue here. I have an OpenVPN site-to-site client that will attempt to connect out to main office. It fails on startup (either during boot or restarting from webGUI). System Log:

    Apr 12 13:57:17 	kernel: tun1: link state changed to UP
    Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group VPNclients
    Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group InetGeneral
    Apr 12 13:57:17 	php-fpm[8077]: /rc.filter_configure_sync: MONITOR: OPT1_DHCP is down, removing from routing group Subisu1
    Apr 12 13:57:17 	kernel: tun1: link state changed to DOWN
    

    OpenVPN log:

    Apr 12 13:57:16 	openvpn[57535]: OpenVPN 2.3.2 i386-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
    Apr 12 13:57:16 	openvpn[57535]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Apr 12 13:57:17 	openvpn[57535]: TUN/TAP device /dev/tun1 opened
    Apr 12 13:57:17 	openvpn[57535]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Apr 12 13:57:17 	openvpn[57535]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up
    Apr 12 13:57:17 	openvpn[57535]: FreeBSD ifconfig failed: external program exited with error status: 1
    Apr 12 13:57:17 	openvpn[57535]: Exiting due to fatal error
    
    

    And an "ifconfig" shows no ovpnc1 device.
    Now to try some command line stuff to see what is wrong.

    Does anybody have any OpenVPN server or client running on 2.2 yet?



  • Okay, progress in the latest snapshots (thanks Ermal) but still having dramas trying to connect to pfSense from a client. Looks like a couple of small typos in /usr/local/sbin/ovpn_auth_verify are causing TLS handshakes to fail:

    #!/bin/sh
    
    if [ "$1" = "tls" ]; then
    	RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certsubject=$4&certdepth=$5"
    else
    	password = $(echo '$password' | /usr/bin/sed 's/&/%26/g')
    	RESULT = $(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
    fi
    
    if [ "${RESULT} = "OK" ]; then
    	exit 0
    fi
    
    exit 1
    
    

    Note the missing closing parenthesis after:

    &certdepth=$5"
    

    and the missing closing quotes in:

    if [ "${RESULT} = "OK" ]; then
    

    Can we get this fixed please?



  • Fixed thanks for the report.


Log in to reply