Client Windows 2.3.4 is not working …



  • Hy,

    I have a pfsense 2.1.3 with openvpn server (bridge mode).
    Everything is working with latest 2.3.2 client Windows from openvpn.net
    Today on a new PC we install the latest 2.3.4 and there is no traffic, the PC can't get IP from DHCP…
    We uninstall 2.3.4, reboot, then install 2.3.2 and it's working again !?

    Is there any troubleshooting with 2.3.4 client for pfsense 2.1.X ?

    Thanks

    Guldil


  • Rebel Alliance Global Moderator

    I am running
    Thu Sep 25 10:45:39 2014 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May  2 2014
    Thu Sep 25 10:45:39 2014 library versions: OpenSSL 1.0.1g 7 Apr 2014, LZO 2.05

    Which is the latest version on openvpn site that I see for windows.

    Not having issues
    Thu Sep 25 10:45:55 2014 MANAGEMENT: >STATE:1411659955,CONNECTED,SUCCESS,10.0.200.6,10.56.124.232

    My pfsense is
    2.1.5-RELEASE (i386)
    built on Mon Aug 25 07:44:26 EDT 2014

    So what is the error in the connection logs?



  • I reinstalled 2.3.4.

    The VPN connect but i cant' ping and it drop after some seconds, trying to reconnect forever…
    I can't kill my openvpn process, i can't disconnect, i have to reboot to close it.

    Thu Sep 25 21:52:48 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
    Thu Sep 25 21:52:48 2014 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
    Enter Management Password:
    Thu Sep 25 21:52:49 2014 Control Channel Authentication: using 'VPN-CRN-xxxxxxxxx.key' as a OpenVPN static key file
    Thu Sep 25 21:52:49 2014 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:52:49 2014 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:52:49 2014 TCPv4_CLIENT link local (bound): [undef]
    Thu Sep 25 21:52:49 2014 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:52:49 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Thu Sep 25 21:52:52 2014 [openvpn.xxxxxxx.xx] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:52:55 2014 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
    Thu Sep 25 21:52:55 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
    Thu Sep 25 21:52:55 2014 open_tun, tt->ipv6=0
    Thu Sep 25 21:52:55 2014 TAP-WIN32 device [Connexion au réseau local 3] opened: \\.\Global\{94DE5565-0978-4C52-8152-6C3659185833}.tap
    Thu Sep 25 21:52:55 2014 Successful ARP Flush on interface [24] {94DE5565-0978-4C52-8152-6C3659185833}
    Thu Sep 25 21:53:00 2014 Initialization Sequence Completed
    Thu Sep 25 21:53:55 2014 [openvpn.xxxxxxx.xx] Inactivity timeout (--ping-restart), restarting
    Thu Sep 25 21:53:55 2014 SIGUSR1[soft,ping-restart] received, process restarting
    Thu Sep 25 21:54:00 2014 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:54:00 2014 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:54:00 2014 TCPv4_CLIENT link local (bound): [undef]
    Thu Sep 25 21:54:00 2014 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:54:04 2014 [openvpn.xxxxxxxxx.xxxx] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:443
    
    

    With 2.3.2 i don't have Inactivity timeout (–ping-restart), restarting :

    Thu Sep 25 21:59:23 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug  7 2014
    Enter Management Password:
    Thu Sep 25 21:59:24 2014 Control Channel Authentication: using 'VPN-CRN-xxxxxxxx.key' as a OpenVPN static key file
    Thu Sep 25 21:59:24 2014 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:59:24 2014 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:59:24 2014 TCPv4_CLIENT link local (bound): [undef]
    Thu Sep 25 21:59:24 2014 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:59:24 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Thu Sep 25 21:59:27 2014 [openvpn.xxxxxxxx.xx] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:443
    Thu Sep 25 21:59:29 2014 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
    Thu Sep 25 21:59:29 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
    Thu Sep 25 21:59:29 2014 open_tun, tt->ipv6=0
    Thu Sep 25 21:59:29 2014 TAP-WIN32 device [Connexion au réseau local 3] opened: \\.\Global\{94DE5565-0978-4C52-8152-6C3659185833}.tap
    Thu Sep 25 21:59:29 2014 Successful ARP Flush on interface [22] {94DE5565-0978-4C52-8152-6C3659185833}
    Thu Sep 25 21:59:34 2014 Initialization Sequence Completed
    
    

    It could be a probleme with pfsense 2.1.3 because we tested with 2 differents PC behind different 4G mobile provider.


  • Rebel Alliance Global Moderator

    why are you getting this error

    OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0

    Where are you getting this download from??  Both of your 2.3.4 and 2.3.2 are showing

    built on Aug  7 2014

    Which download are you grabbing?
    https://openvpn.net/index.php/open-source/downloads.html




  • Rebel Alliance Global Moderator

    "The I603 installers are bundled with a modern, NDIS 6-compatible tap-windows driver which only works on Windows Vista and above."

    I had problems with this driver – use the other 2.3.4, listed for xp or above.
    http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.4-I003-x86_64.exe

    Does that work?



  • It's working !

    So the version Vista and above is trash ? Why it's not working on Windows 7 ?


  • Rebel Alliance Global Moderator

    that driver has some problems..  Because I have manually updated the driver to that and had issues with using the other install.


  • Rebel Alliance Developer Netgate

    I've had my eye on those new installers for a while but haven't had a chance to try them out. Looks like they aren't quite ready for prime time yet.

    In theory those should work better but I'm guessing they haven't got them completely stabilized yet.


  • Rebel Alliance Developer Netgate

    Got a report from a customer that these installers do work so long as you take "persist-tun" out of the client config.