----- Original Message ----- > From: "Udo Müller" <[email protected]> > To: [email protected] > Sent: Tuesday, February 14, 2012 8:58:46 AM > Subject: Re: [pfSense] OpenVPN problems after upgrading to 2.0.1 > Am 14.02.12 14:43, schrieb Jim Pingle: > > On 2/14/2012 8:38 AM, Udo Müller wrote: > >> I just installed the fix, redited my openvpn configuration and ... > >> tatata... nothing changes :( > >> > >> The ifconfig command still fails to execute because of a missing > >> destination. > > > > What other advanced options do you have specified? The behavior of > > the > > ifconfig command is controlled by the tun/tap mode and the contents > > of > > the tunnel network box. > > This is the current (new created config): > > dev ovpns2 > dev-type tap > dev-node /dev/tap2 > writepid /var/run/openvpn_server2.pid > #user nobody > #group nobody > script-security 3 > daemon > keepalive 10 60 > ping-timer-rem > persist-tun > persist-key > proto udp > cipher AES-128-CBC > up /usr/local/sbin/ovpn-linkup > down /usr/local/sbin/ovpn-linkdown > local 87.128.223.162 > tls-server > server 10.22.2.0 255.255.255.0 > client-config-dir /var/etc/openvpn-csc > username-as-common-name > auth-user-pass-verify /var/etc/openvpn/server2.php via-env > tls-verify /var/etc/openvpn/server2.tls-verify.php > lport 1198 > management /var/etc/openvpn/server2.sock unix > push "dhcp-option DOMAIN openknowledge.de" > push "dhcp-option DNS 192.168.221.203" > push "dhcp-option NTP 192.168.221.203" > push "dhcp-option WINS 192.168.221.203" > ca /var/etc/openvpn/server2.ca > cert /var/etc/openvpn/server2.cert > key /var/etc/openvpn/server2.key > dh /etc/dh-parameters.1024 > comp-lzo > passtos > persist-remote-ip > float > push "route 192.168.221.0 255.255.255.0" > push "route 192.168.71.0 255.255.255.0" > push "route 10.21.22.0 255.255.255.0" > push "route 10.21.24.0 255.255.255.0" > push "route 10.21.40.0 255.255.255.0" > push "route 10.21.50.0 255.255.255.0" > push "route 172.20.48.0 255.255.255.0" > tun-mtu 1500 > fragment 1400 > mssfix > > means: > > Device mode is tap > Tunnel network is 10.22.2.0/24 > Compression is enabled > Type-of-service is enabled > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list
In my case of upgrade 1.2.3 >> 2.0.1, (peer-to-peer tun shared-key),openvpn looked perfect in terms of configuration in GUI on both ends; routing was added as expected, but no traffic would pass. Comp-lzo was flagged as enabled on both ends. I disabled compression on both ends, restarted the service manually on both ends, and everything worked. Then I re-enabled comp-lzo on both ends, restarted services, and traffic successfully passes. I chalked it up to some upgrade quirk as mentioned prior, where the GUI was not actually enabling comp-lzo (but telling me it was), or the process wasn't obeying. Nevertheless, toggling it off/on on both ends worked for me., Gordon Russell Clarke County IT _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
