Client does not connect after updating from 2.4.4 to 2.5.2

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mode
OpenVpn Newbie
Posts: 2
Joined: Sat Jan 08, 2022 10:05 pm

Client does not connect after updating from 2.4.4 to 2.5.2

Post by mode » Sat Jan 08, 2022 10:19 pm

Hi,

i just updated my pfSense and with it openVPN from 2.4.4. to 2.5.2.

I have one openVPN Client that can not connect to its watchgurad VPN server after the update. It stucks right after the initial tcp connection is established.

First the old working Client:

Code: Select all

openvpn --version
OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 16 2018
library versions: OpenSSL 1.0.2m-freebsd  2 Nov 2017, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
the config
Server Config

dev ovpnc1
verb 4
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
#daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp4-client
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.x.x
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote x.x.x.x
route 10.0.0.0 255.255.255.0
ca /var/etc/openvpn/client1.ca
cert /var/etc/openvpn/client1.cert
key /var/etc/openvpn/client1.key
ncp-ciphers AES-256-GCM:AES-128-GCM
resolv-retry infinite
auth-user-pass /conf/endpoint/endpoint_login.conf
remote-cert-eku "TLS Web Server Authentication"
route-nopull


the log

Code: Select all

/usr/local/sbin/openvpn --config /var/etc/openvpn/client1.conf
Sat Jan  8 22:31:05 2022 us=193834 Current Parameter Settings:
Sat Jan  8 22:31:05 2022 us=193936   config = '/var/etc/openvpn/client1.conf'
Sat Jan  8 22:31:05 2022 us=193945   mode = 0
Sat Jan  8 22:31:05 2022 us=193953   show_ciphers = DISABLED
Sat Jan  8 22:31:05 2022 us=193961   show_digests = DISABLED
Sat Jan  8 22:31:05 2022 us=193969   show_engines = DISABLED
Sat Jan  8 22:31:05 2022 us=193977   genkey = DISABLED
Sat Jan  8 22:31:05 2022 us=193985   key_pass_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=193993   show_tls_ciphers = DISABLED
Sat Jan  8 22:31:05 2022 us=194001   connect_retry_max = 0
Sat Jan  8 22:31:05 2022 us=194009 Connection profiles [0]:
Sat Jan  8 22:31:05 2022 us=194017   proto = tcp4-client
Sat Jan  8 22:31:05 2022 us=194025   local = '192.168.x.x'
Sat Jan  8 22:31:05 2022 us=194033   local_port = '0'
Sat Jan  8 22:31:05 2022 us=194041   remote = 'x.x.x.x'
Sat Jan  8 22:31:05 2022 us=194049   remote_port = ''
Sat Jan  8 22:31:05 2022 us=194057   remote_float = DISABLED
Sat Jan  8 22:31:05 2022 us=194065   bind_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=194073   bind_local = ENABLED
Sat Jan  8 22:31:05 2022 us=194081   bind_ipv6_only = DISABLED
Sat Jan  8 22:31:05 2022 us=194089   connect_retry_seconds = 5
Sat Jan  8 22:31:05 2022 us=194097   connect_timeout = 120
Sat Jan  8 22:31:05 2022 us=194106   socks_proxy_server = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194114   socks_proxy_port = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194122   tun_mtu = 1500
Sat Jan  8 22:31:05 2022 us=194130   tun_mtu_defined = ENABLED
Sat Jan  8 22:31:05 2022 us=194138   link_mtu = 1500
Sat Jan  8 22:31:05 2022 us=194146   link_mtu_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=194154   tun_mtu_extra = 0
Sat Jan  8 22:31:05 2022 us=194163   tun_mtu_extra_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=194171   mtu_discover_type = -1
Sat Jan  8 22:31:05 2022 us=194178   fragment = 0
Sat Jan  8 22:31:05 2022 us=194186   mssfix = 1450
Sat Jan  8 22:31:05 2022 us=194195   explicit_exit_notification = 0
Sat Jan  8 22:31:05 2022 us=194202 Connection profiles END
Sat Jan  8 22:31:05 2022 us=194210   remote_random = DISABLED
Sat Jan  8 22:31:05 2022 us=194218   ipchange = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194226   dev = 'ovpnc1'
Sat Jan  8 22:31:05 2022 us=194234   dev_type = 'tun'
Sat Jan  8 22:31:05 2022 us=194242   dev_node = '/dev/tun1'
Sat Jan  8 22:31:05 2022 us=194250   lladdr = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194258   topology = 1
Sat Jan  8 22:31:05 2022 us=194266   ifconfig_local = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194274   ifconfig_remote_netmask = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194282   ifconfig_noexec = DISABLED
Sat Jan  8 22:31:05 2022 us=194290   ifconfig_nowarn = DISABLED
Sat Jan  8 22:31:05 2022 us=194298   ifconfig_ipv6_local = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194306   ifconfig_ipv6_netbits = 0
Sat Jan  8 22:31:05 2022 us=194314   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194323   shaper = 0
Sat Jan  8 22:31:05 2022 us=194331   mtu_test = 0
Sat Jan  8 22:31:05 2022 us=194338   mlock = DISABLED
Sat Jan  8 22:31:05 2022 us=194346   keepalive_ping = 10
Sat Jan  8 22:31:05 2022 us=194354   keepalive_timeout = 60
Sat Jan  8 22:31:05 2022 us=194362   inactivity_timeout = 0
Sat Jan  8 22:31:05 2022 us=194370   ping_send_timeout = 10
Sat Jan  8 22:31:05 2022 us=194378   ping_rec_timeout = 60
Sat Jan  8 22:31:05 2022 us=194386   ping_rec_timeout_action = 2
Sat Jan  8 22:31:05 2022 us=194394   ping_timer_remote = ENABLED
Sat Jan  8 22:31:05 2022 us=194402   remap_sigusr1 = 0
Sat Jan  8 22:31:05 2022 us=194410   persist_tun = ENABLED
Sat Jan  8 22:31:05 2022 us=194418   persist_local_ip = DISABLED
Sat Jan  8 22:31:05 2022 us=194427   persist_remote_ip = DISABLED
Sat Jan  8 22:31:05 2022 us=194434   persist_key = ENABLED
Sat Jan  8 22:31:05 2022 us=194442   passtos = DISABLED
Sat Jan  8 22:31:05 2022 us=194450   resolve_retry_seconds = 1000000000
Sat Jan  8 22:31:05 2022 us=194458   resolve_in_advance = DISABLED
Sat Jan  8 22:31:05 2022 us=194466   username = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194474   groupname = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194482   chroot_dir = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194490   cd_dir = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194498   writepid = '/var/run/openvpn_client1.pid'
Sat Jan  8 22:31:05 2022 us=194506   up_script = '/usr/local/sbin/ovpn-linkup'
Sat Jan  8 22:31:05 2022 us=194514   down_script = '/usr/local/sbin/ovpn-linkdown'
Sat Jan  8 22:31:05 2022 us=194522   down_pre = DISABLED
Sat Jan  8 22:31:05 2022 us=194530   up_restart = DISABLED
Sat Jan  8 22:31:05 2022 us=194538   up_delay = DISABLED
Sat Jan  8 22:31:05 2022 us=194546   daemon = DISABLED
Sat Jan  8 22:31:05 2022 us=194554   inetd = 0
Sat Jan  8 22:31:05 2022 us=194562   log = DISABLED
Sat Jan  8 22:31:05 2022 us=194569   suppress_timestamps = DISABLED
Sat Jan  8 22:31:05 2022 us=194578   machine_readable_output = DISABLED
Sat Jan  8 22:31:05 2022 us=194586   nice = 0
Sat Jan  8 22:31:05 2022 us=194593   verbosity = 4
Sat Jan  8 22:31:05 2022 us=194601   mute = 0
Sat Jan  8 22:31:05 2022 us=194609   gremlin = 0
Sat Jan  8 22:31:05 2022 us=194617   status_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194625   status_file_version = 1
Sat Jan  8 22:31:05 2022 us=194633   status_file_update_freq = 60
Sat Jan  8 22:31:05 2022 us=194641   occ = ENABLED
Sat Jan  8 22:31:05 2022 us=194649   rcvbuf = 0
Sat Jan  8 22:31:05 2022 us=194657   sndbuf = 0
Sat Jan  8 22:31:05 2022 us=194665   sockflags = 0
Sat Jan  8 22:31:05 2022 us=194673   fast_io = DISABLED
Sat Jan  8 22:31:05 2022 us=194681   comp.alg = 0
Sat Jan  8 22:31:05 2022 us=194689   comp.flags = 0
Sat Jan  8 22:31:05 2022 us=194697   route_script = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194704   route_default_gateway = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194712   route_default_metric = 0
Sat Jan  8 22:31:05 2022 us=194720   route_noexec = DISABLED
Sat Jan  8 22:31:05 2022 us=194728   route_delay = 0
Sat Jan  8 22:31:05 2022 us=194750   route_delay_window = 30
Sat Jan  8 22:31:05 2022 us=194759   route_delay_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=194768   route_nopull = ENABLED
Sat Jan  8 22:31:05 2022 us=194776   route_gateway_via_dhcp = DISABLED
Sat Jan  8 22:31:05 2022 us=194784   allow_pull_fqdn = DISABLED
Sat Jan  8 22:31:05 2022 us=194793   route 10.0.0.0/255.255.255.0/default (not set)/default (not set)
Sat Jan  8 22:31:05 2022 us=194811   management_addr = '/var/etc/openvpn/client1.sock'
Sat Jan  8 22:31:05 2022 us=194819   management_port = 'unix'
Sat Jan  8 22:31:05 2022 us=194827   management_user_pass = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194835   management_log_history_cache = 250
Sat Jan  8 22:31:05 2022 us=194843   management_echo_buffer_size = 100
Sat Jan  8 22:31:05 2022 us=194851   management_write_peer_info_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194859   management_client_user = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194867   management_client_group = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194875   management_flags = 256
Sat Jan  8 22:31:05 2022 us=194883   shared_secret_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=194891   key_direction = 0
Sat Jan  8 22:31:05 2022 us=194899   ciphername = 'AES-256-CBC'
Sat Jan  8 22:31:05 2022 us=194907   ncp_enabled = ENABLED
Sat Jan  8 22:31:05 2022 us=194915   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jan  8 22:31:05 2022 us=194923   authname = 'SHA1'
Sat Jan  8 22:31:05 2022 us=195136   prng_hash = 'SHA1'
Sat Jan  8 22:31:05 2022 us=195145   prng_nonce_secret_len = 16
Sat Jan  8 22:31:05 2022 us=195154   keysize = 0
Sat Jan  8 22:31:05 2022 us=195162   engine = DISABLED
Sat Jan  8 22:31:05 2022 us=195170   replay = ENABLED
Sat Jan  8 22:31:05 2022 us=195188   mute_replay_warnings = DISABLED
Sat Jan  8 22:31:05 2022 us=195225   replay_window = 64
Sat Jan  8 22:31:05 2022 us=195234   replay_time = 15
Sat Jan  8 22:31:05 2022 us=195292   packet_id_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195372   use_iv = ENABLED
Sat Jan  8 22:31:05 2022 us=195382   test_crypto = DISABLED
Sat Jan  8 22:31:05 2022 us=195391   tls_server = DISABLED
Sat Jan  8 22:31:05 2022 us=195399   tls_client = ENABLED
Sat Jan  8 22:31:05 2022 us=195408   key_method = 2
Sat Jan  8 22:31:05 2022 us=195416   ca_file = '/var/etc/openvpn/client1.ca'
Sat Jan  8 22:31:05 2022 us=195424   ca_path = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195433   dh_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195441   cert_file = '/var/etc/openvpn/client1.cert'
Sat Jan  8 22:31:05 2022 us=195472   extra_certs_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195480   priv_key_file = '/var/etc/openvpn/client1.key'
Sat Jan  8 22:31:05 2022 us=195489   pkcs12_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195497   cipher_list = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195505   tls_verify = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195513   tls_export_cert = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195522   verify_x509_type = 0
Sat Jan  8 22:31:05 2022 us=195530   verify_x509_name = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195538   crl_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195546   ns_cert_type = 0
Sat Jan  8 22:31:05 2022 us=195555   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195563   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195571   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195579   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195587   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195595   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195603   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195611   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195619   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195627   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195635   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195644   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195652   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195660   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195668   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195676   remote_cert_ku[i] = 0
Sat Jan  8 22:31:05 2022 us=195684   remote_cert_eku = 'TLS Web Server Authentication'
Sat Jan  8 22:31:05 2022 us=195692   ssl_flags = 0
Sat Jan  8 22:31:05 2022 us=195700   tls_timeout = 2
Sat Jan  8 22:31:05 2022 us=195709   renegotiate_bytes = -1
Sat Jan  8 22:31:05 2022 us=195717   renegotiate_packets = 0
Sat Jan  8 22:31:05 2022 us=195725   renegotiate_seconds = 3600
Sat Jan  8 22:31:05 2022 us=195733   handshake_window = 60
Sat Jan  8 22:31:05 2022 us=195745   transition_window = 3600
Sat Jan  8 22:31:05 2022 us=195757   single_session = DISABLED
Sat Jan  8 22:31:05 2022 us=195766   push_peer_info = DISABLED
Sat Jan  8 22:31:05 2022 us=195774   tls_exit = DISABLED
Sat Jan  8 22:31:05 2022 us=195782   tls_auth_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195800   tls_crypt_file = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195812   server_network = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195821   server_netmask = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195831   server_network_ipv6 = ::
Sat Jan  8 22:31:05 2022 us=195839   server_netbits_ipv6 = 0
Sat Jan  8 22:31:05 2022 us=195848   server_bridge_ip = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195857   server_bridge_netmask = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195866   server_bridge_pool_start = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195881   server_bridge_pool_end = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195889   ifconfig_pool_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=195898   ifconfig_pool_start = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195907   ifconfig_pool_end = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195916   ifconfig_pool_netmask = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=195924   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=195932   ifconfig_pool_persist_refresh_freq = 600
Sat Jan  8 22:31:05 2022 us=195940   ifconfig_ipv6_pool_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=195949   ifconfig_ipv6_pool_base = ::
Sat Jan  8 22:31:05 2022 us=195957   ifconfig_ipv6_pool_netbits = 0
Sat Jan  8 22:31:05 2022 us=195965   n_bcast_buf = 256
Sat Jan  8 22:31:05 2022 us=195973   tcp_queue_limit = 64
Sat Jan  8 22:31:05 2022 us=195981   real_hash_size = 256
Sat Jan  8 22:31:05 2022 us=195990   virtual_hash_size = 256
Sat Jan  8 22:31:05 2022 us=195998   client_connect_script = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196006   learn_address_script = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196014   client_disconnect_script = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196023   client_config_dir = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196031   ccd_exclusive = DISABLED
Sat Jan  8 22:31:05 2022 us=196039   tmp_dir = '/tmp'
Sat Jan  8 22:31:05 2022 us=196047   push_ifconfig_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=196056   push_ifconfig_local = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=196065   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jan  8 22:31:05 2022 us=196073   push_ifconfig_ipv6_defined = DISABLED
Sat Jan  8 22:31:05 2022 us=196081   push_ifconfig_ipv6_local = ::/0
Sat Jan  8 22:31:05 2022 us=196090   push_ifconfig_ipv6_remote = ::
Sat Jan  8 22:31:05 2022 us=196098   enable_c2c = DISABLED
Sat Jan  8 22:31:05 2022 us=196110   duplicate_cn = DISABLED
Sat Jan  8 22:31:05 2022 us=196118   cf_max = 0
Sat Jan  8 22:31:05 2022 us=196127   cf_per = 0
Sat Jan  8 22:31:05 2022 us=196135   max_clients = 1024
Sat Jan  8 22:31:05 2022 us=196143   max_routes_per_client = 256
Sat Jan  8 22:31:05 2022 us=196151   auth_user_pass_verify_script = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196159   auth_user_pass_verify_script_via_file = DISABLED
Sat Jan  8 22:31:05 2022 us=196167   auth_token_generate = DISABLED
Sat Jan  8 22:31:05 2022 us=196175   auth_token_lifetime = 0
Sat Jan  8 22:31:05 2022 us=196184   port_share_host = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196192   port_share_port = '[UNDEF]'
Sat Jan  8 22:31:05 2022 us=196204   client = ENABLED
Sat Jan  8 22:31:05 2022 us=196212   pull = ENABLED
Sat Jan  8 22:31:05 2022 us=196221   auth_user_pass_file = '/conf/endpoint/endpoint_login.conf'
Sat Jan  8 22:31:05 2022 us=196230 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 16 2018
Sat Jan  8 22:31:05 2022 us=196247 library versions: OpenSSL 1.0.2m-freebsd  2 Nov 2017, LZO 2.10
Sat Jan  8 22:31:05 2022 us=196683 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Sat Jan  8 22:31:05 2022 us=196758 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan  8 22:31:05 2022 us=197188 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sat Jan  8 22:31:05 2022 us=197214 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Sat Jan  8 22:31:05 2022 us=197233 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Jan  8 22:31:05 2022 us=197242 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Jan  8 22:31:05 2022 us=197257 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:
Sat Jan  8 22:31:05 2022 us=197274 Socket Buffers: R=[65228->65228] S=[65228->65228]
Sat Jan  8 22:31:05 2022 us=197289 Attempting to establish TCP connection with [AF_INET]x.x.x.x: [nonblock]
Sat Jan  8 22:31:06 2022 us=221106 TCP connection established with [AF_INET]x.x.x.x:
Sat Jan  8 22:31:06 2022 us=221266 TCPv4_CLIENT link local (bound): [AF_INET]192.168.x.x:0
Sat Jan  8 22:31:06 2022 us=221288 TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:
Sat Jan  8 22:31:06 2022 us=533897 TLS: Initial packet from [AF_INET]x.x.x.x:, sid=97f7edc7 dce3573b
Sat Jan  8 22:31:06 2022 us=534056 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan  8 22:31:06 2022 us=635584 VERIFY OK: depth=1, O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN (SN xxx 2017-06-26 09:50:59 UTC) CA
Sat Jan  8 22:31:06 2022 us=635731 Validating certificate extended key usage
Sat Jan  8 22:31:06 2022 us=635743 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan  8 22:31:06 2022 us=635759 VERIFY EKU OK
Sat Jan  8 22:31:06 2022 us=635768 VERIFY OK: depth=0, O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN Server
Sat Jan  8 22:31:06 2022 us=761626 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1551'
Sat Jan  8 22:31:06 2022 us=761650 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Sat Jan  8 22:31:06 2022 us=761661 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
Sat Jan  8 22:31:06 2022 us=761763 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan  8 22:31:06 2022 us=761781 [Fireware SSLVPN Server] Peer Connection Initiated with [AF_INET]x.x.x.x:
Sat Jan  8 22:31:07 2022 us=965947 SENT CONTROL [Fireware SSLVPN Server]: 'PUSH_REQUEST' (status=1)
Sat Jan  8 22:31:08 2022 us=10119 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,block-outside-dns,dhcp-option DOMAIN x.com,dhcp-option DNS x.x.x.x,dhcp-option DNS x.x.x.x,route-gateway 192.168.x.x,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.x.x 255.255.255.0,peer-id 0'
Sat Jan  8 22:31:08 2022 us=10157 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Sat Jan  8 22:31:08 2022 us=10174 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: block-outside-dns (2.4.4)
Sat Jan  8 22:31:08 2022 us=10185 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Sat Jan  8 22:31:08 2022 us=10195 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Sat Jan  8 22:31:08 2022 us=10205 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Sat Jan  8 22:31:08 2022 us=10238 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan  8 22:31:08 2022 us=10247 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan  8 22:31:08 2022 us=10256 OPTIONS IMPORT: route-related options modified
Sat Jan  8 22:31:08 2022 us=10266 OPTIONS IMPORT: peer-id set
Sat Jan  8 22:31:08 2022 us=10275 OPTIONS IMPORT: adjusting link_mtu to 1626
Sat Jan  8 22:31:08 2022 us=10285 Using peer cipher 'AES-256-GCM'
Sat Jan  8 22:31:08 2022 us=10294 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jan  8 22:31:08 2022 us=10308 Data Channel MTU parms [ L:1554 D:1450 EF:54 EB:406 ET:0 EL:3 ]
Sat Jan  8 22:31:08 2022 us=10377 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jan  8 22:31:08 2022 us=10389 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jan  8 22:31:08 2022 us=10501 ROUTE_GATEWAY 192.168.x.x/255.255.255.0 IFACE=em0 HWADDR=00:0c:29:xx:xx:xx
Sat Jan  8 22:31:08 2022 us=10532 TUN/TAP device ovpnc1 exists previously, keep at program end
Sat Jan  8 22:31:08 2022 us=10576 TUN/TAP device /dev/tun1 opened
Sat Jan  8 22:31:08 2022 us=10589 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan  8 22:31:08 2022 us=10608 /sbin/ifconfig ovpnc1 192.168.x.x 192.168.x.x mtu 1500 netmask 255.255.255.0 up
Sat Jan  8 22:31:08 2022 us=14014 /sbin/route add -net 192.168.x.x 192.168.x.x 255.255.255.0
add net 192.168.x.x : gateway 192.168.x.x
Sat Jan  8 22:31:08 2022 us=14869 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1554 192.168.x.x 255.255.255.0 init
OK

Sat Jan  8 22:31:08 2022 us=17714 /sbin/route add -net 10.0.0.0 192.168.x.x 255.255.255.0
add net 10.0.0.0: gateway 192.168.x.x
Sat Jan  8 22:31:08 2022 us=18490 Initialization Sequence Completed

Now the new not working Client:

Code: Select all

openvpn --version
OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021
library versions: OpenSSL 1.1.1k-freebsd  25 Mar 2021, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_unit_tests=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
the config
Server Config

dev ovpnc1
verb 4
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
#daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp4-client
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.x.x
tls-client
client
lport 0
management /var/etc/openvpn/client1/sock unix
remote xx.xx.xx.xx tcp4-client
route 10.0.0.0 255.255.255.0
capath /var/etc/openvpn/client1/ca
cert /var/etc/openvpn/client1/cert
key /var/etc/openvpn/client1/key
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
resolv-retry infinite
auth-user-pass /conf/endpoint/endpoint_login.conf
remote-cert-eku "TLS Web Server Authentication"
route-nopull



the log

Code: Select all

2022-01-08 22:45:16 us=34759 Current Parameter Settings:
2022-01-08 22:45:16 us=34851   config = '/var/etc/openvpn/client1/config.ovpn'
2022-01-08 22:45:16 us=34859   mode = 0
2022-01-08 22:45:16 us=34866   show_ciphers = DISABLED
2022-01-08 22:45:16 us=34873   show_digests = DISABLED
2022-01-08 22:45:16 us=34880   show_engines = DISABLED
2022-01-08 22:45:16 us=34887   genkey = DISABLED
2022-01-08 22:45:16 us=34894   genkey_filename = '[UNDEF]'
2022-01-08 22:45:16 us=34901   key_pass_file = '[UNDEF]'
2022-01-08 22:45:16 us=34909   show_tls_ciphers = DISABLED
2022-01-08 22:45:16 us=34915   connect_retry_max = 0
2022-01-08 22:45:16 us=34922 Connection profiles [0]:
2022-01-08 22:45:16 us=34929   proto = tcp4-client
2022-01-08 22:45:16 us=34936   local = '192.168.x.x'
2022-01-08 22:45:16 us=34943   local_port = '0'
2022-01-08 22:45:16 us=34951   remote = 'x.x.x.x'
2022-01-08 22:45:16 us=34958   remote_port = ''
2022-01-08 22:45:16 us=34965   remote_float = DISABLED
2022-01-08 22:45:16 us=34972   bind_defined = DISABLED
2022-01-08 22:45:16 us=34978   bind_local = ENABLED
2022-01-08 22:45:16 us=34985   bind_ipv6_only = DISABLED
2022-01-08 22:45:16 us=34992   connect_retry_seconds = 5
2022-01-08 22:45:16 us=34999   connect_timeout = 120
2022-01-08 22:45:16 us=35006   socks_proxy_server = '[UNDEF]'
2022-01-08 22:45:16 us=35013   socks_proxy_port = '[UNDEF]'
2022-01-08 22:45:16 us=35082   tun_mtu = 1500
2022-01-08 22:45:16 us=35101   tun_mtu_defined = ENABLED
2022-01-08 22:45:16 us=35109   link_mtu = 1500
2022-01-08 22:45:16 us=35116   link_mtu_defined = DISABLED
2022-01-08 22:45:16 us=35123   tun_mtu_extra = 0
2022-01-08 22:45:16 us=35130   tun_mtu_extra_defined = DISABLED
2022-01-08 22:45:16 us=35137   mtu_discover_type = -1
2022-01-08 22:45:16 us=35144   fragment = 0
2022-01-08 22:45:16 us=35151   mssfix = 1450
2022-01-08 22:45:16 us=35159   explicit_exit_notification = 0
2022-01-08 22:45:16 us=35166   tls_auth_file = '[UNDEF]'
2022-01-08 22:45:16 us=35173   key_direction = not set
2022-01-08 22:45:16 us=35180   tls_crypt_file = '[UNDEF]'
2022-01-08 22:45:16 us=35187   tls_crypt_v2_file = '[UNDEF]'
2022-01-08 22:45:16 us=35194 Connection profiles END
2022-01-08 22:45:16 us=35200   remote_random = DISABLED
2022-01-08 22:45:16 us=35207   ipchange = '[UNDEF]'
2022-01-08 22:45:16 us=35214   dev = 'ovpnc1'
2022-01-08 22:45:16 us=35221   dev_type = 'tun'
2022-01-08 22:45:16 us=35228   dev_node = '/dev/tun1'
2022-01-08 22:45:16 us=35235   lladdr = '[UNDEF]'
2022-01-08 22:45:16 us=35242   topology = 1
2022-01-08 22:45:16 us=35249   ifconfig_local = '[UNDEF]'
2022-01-08 22:45:16 us=35256   ifconfig_remote_netmask = '[UNDEF]'
2022-01-08 22:45:16 us=35263   ifconfig_noexec = DISABLED
2022-01-08 22:45:16 us=35270   ifconfig_nowarn = DISABLED
2022-01-08 22:45:16 us=35277   ifconfig_ipv6_local = '[UNDEF]'
2022-01-08 22:45:16 us=35283   ifconfig_ipv6_netbits = 0
2022-01-08 22:45:16 us=35290   ifconfig_ipv6_remote = '[UNDEF]'
2022-01-08 22:45:16 us=35297   shaper = 0
2022-01-08 22:45:16 us=35304   mtu_test = 0
2022-01-08 22:45:16 us=35311   mlock = DISABLED
2022-01-08 22:45:16 us=35318   keepalive_ping = 10
2022-01-08 22:45:16 us=35325   keepalive_timeout = 60
2022-01-08 22:45:16 us=35332   inactivity_timeout = 0
2022-01-08 22:45:16 us=35338   ping_send_timeout = 10
2022-01-08 22:45:16 us=35345   ping_rec_timeout = 60
2022-01-08 22:45:16 us=35352   ping_rec_timeout_action = 2
2022-01-08 22:45:16 us=35359   ping_timer_remote = ENABLED
2022-01-08 22:45:16 us=35366   remap_sigusr1 = 0
2022-01-08 22:45:16 us=35373   persist_tun = ENABLED
2022-01-08 22:45:16 us=35380   persist_local_ip = DISABLED
2022-01-08 22:45:16 us=35387   persist_remote_ip = DISABLED
2022-01-08 22:45:16 us=35394   persist_key = ENABLED
2022-01-08 22:45:16 us=35400   passtos = DISABLED
2022-01-08 22:45:16 us=35407   resolve_retry_seconds = 1000000000
2022-01-08 22:45:16 us=35414   resolve_in_advance = DISABLED
2022-01-08 22:45:16 us=35421   username = '[UNDEF]'
2022-01-08 22:45:16 us=35428   groupname = '[UNDEF]'
2022-01-08 22:45:16 us=35435   chroot_dir = '[UNDEF]'
2022-01-08 22:45:16 us=35442   cd_dir = '[UNDEF]'
2022-01-08 22:45:16 us=35449   writepid = '/var/run/openvpn_client1.pid'
2022-01-08 22:45:16 us=35456   up_script = '/usr/local/sbin/ovpn-linkup'
2022-01-08 22:45:16 us=35463   down_script = '/usr/local/sbin/ovpn-linkdown'
2022-01-08 22:45:16 us=35470   down_pre = DISABLED
2022-01-08 22:45:16 us=35477   up_restart = DISABLED
2022-01-08 22:45:16 us=35484   up_delay = DISABLED
2022-01-08 22:45:16 us=35491   daemon = DISABLED
2022-01-08 22:45:16 us=35497   inetd = 0
2022-01-08 22:45:16 us=35504   log = DISABLED
2022-01-08 22:45:16 us=35511   suppress_timestamps = DISABLED
2022-01-08 22:45:16 us=35518   machine_readable_output = DISABLED
2022-01-08 22:45:16 us=35525   nice = 0
2022-01-08 22:45:16 us=35532   verbosity = 4
2022-01-08 22:45:16 us=35539   mute = 0
2022-01-08 22:45:16 us=35546   gremlin = 0
2022-01-08 22:45:16 us=35553   status_file = '[UNDEF]'
2022-01-08 22:45:16 us=35559   status_file_version = 1
2022-01-08 22:45:16 us=35566   status_file_update_freq = 60
2022-01-08 22:45:16 us=35573   occ = ENABLED
2022-01-08 22:45:16 us=35580   rcvbuf = 0
2022-01-08 22:45:16 us=35587   sndbuf = 0
2022-01-08 22:45:16 us=35593   sockflags = 0
2022-01-08 22:45:16 us=35600   fast_io = DISABLED
2022-01-08 22:45:16 us=35607   comp.alg = 0
2022-01-08 22:45:16 us=35614   comp.flags = 0
2022-01-08 22:45:16 us=35621   route_script = '[UNDEF]'
2022-01-08 22:45:16 us=35628   route_default_gateway = '[UNDEF]'
2022-01-08 22:45:16 us=35635   route_default_metric = 0
2022-01-08 22:45:16 us=35642   route_noexec = DISABLED
2022-01-08 22:45:16 us=35649   route_delay = 0
2022-01-08 22:45:16 us=35656   route_delay_window = 30
2022-01-08 22:45:16 us=35662   route_delay_defined = DISABLED
2022-01-08 22:45:16 us=35669   route_nopull = ENABLED
2022-01-08 22:45:16 us=35676   route_gateway_via_dhcp = DISABLED
2022-01-08 22:45:16 us=35683   allow_pull_fqdn = DISABLED
2022-01-08 22:45:16 us=35691   route 10.0.0.0/255.255.255.0/default (not set)/default (not set)
2022-01-08 22:45:16 us=35705   management_addr = '/var/etc/openvpn/client1/sock'
2022-01-08 22:45:16 us=35712   management_port = 'unix'
2022-01-08 22:45:16 us=35719   management_user_pass = '[UNDEF]'
2022-01-08 22:45:16 us=35726   management_log_history_cache = 250
2022-01-08 22:45:16 us=35733   management_echo_buffer_size = 100
2022-01-08 22:45:16 us=35740   management_write_peer_info_file = '[UNDEF]'
2022-01-08 22:45:16 us=35747   management_client_user = '[UNDEF]'
2022-01-08 22:45:16 us=35754   management_client_group = '[UNDEF]'
2022-01-08 22:45:16 us=35761   management_flags = 256
2022-01-08 22:45:16 us=35768   shared_secret_file = '[UNDEF]'
2022-01-08 22:45:16 us=35775   key_direction = not set
2022-01-08 22:45:16 us=35782   ciphername = 'AES-256-CBC'
2022-01-08 22:45:16 us=35788   ncp_enabled = ENABLED
2022-01-08 22:45:16 us=35795   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC'
2022-01-08 22:45:16 us=35802   authname = 'SHA1'
2022-01-08 22:45:16 us=35809   prng_hash = 'SHA1'
2022-01-08 22:45:16 us=35816   prng_nonce_secret_len = 16
2022-01-08 22:45:16 us=35823   keysize = 0
2022-01-08 22:45:16 us=35830   engine = DISABLED
2022-01-08 22:45:16 us=35837   replay = ENABLED
2022-01-08 22:45:16 us=35844   mute_replay_warnings = DISABLED
2022-01-08 22:45:16 us=35851   replay_window = 64
2022-01-08 22:45:16 us=35857   replay_time = 15
2022-01-08 22:45:16 us=36150   packet_id_file = '[UNDEF]'
2022-01-08 22:45:16 us=36161   test_crypto = DISABLED
2022-01-08 22:45:16 us=36168   tls_server = DISABLED
2022-01-08 22:45:16 us=36175   tls_client = ENABLED
2022-01-08 22:45:16 us=36182   ca_file = '[UNDEF]'
2022-01-08 22:45:16 us=36189   ca_path = '/var/etc/openvpn/client1/ca'
2022-01-08 22:45:16 us=36196   dh_file = '[UNDEF]'
2022-01-08 22:45:16 us=36203   cert_file = '/var/etc/openvpn/client1/cert'
2022-01-08 22:45:16 us=36210   extra_certs_file = '[UNDEF]'
2022-01-08 22:45:16 us=36217   priv_key_file = '/var/etc/openvpn/client1/key'
2022-01-08 22:45:16 us=36223   pkcs12_file = '[UNDEF]'
2022-01-08 22:45:16 us=36230   cipher_list = '[UNDEF]'
2022-01-08 22:45:16 us=36239   cipher_list_tls13 = '[UNDEF]'
2022-01-08 22:45:16 us=36246   tls_cert_profile = '[UNDEF]'
2022-01-08 22:45:16 us=36252   tls_verify = '[UNDEF]'
2022-01-08 22:45:16 us=36259   tls_export_cert = '[UNDEF]'
2022-01-08 22:45:16 us=36265   verify_x509_type = 0
2022-01-08 22:45:16 us=36272   verify_x509_name = '[UNDEF]'
2022-01-08 22:45:16 us=36279   crl_file = '[UNDEF]'
2022-01-08 22:45:16 us=36285   ns_cert_type = 0
2022-01-08 22:45:16 us=36292   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36298   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36305   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36311   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36318   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36324   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36331   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36337   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36344   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36350   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36357   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36363   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36370   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36376   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36383   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36389   remote_cert_ku[i] = 0
2022-01-08 22:45:16 us=36396   remote_cert_eku = 'TLS Web Server Authentication'
2022-01-08 22:45:16 us=36402   ssl_flags = 0
2022-01-08 22:45:16 us=36409   tls_timeout = 2
2022-01-08 22:45:16 us=36416   renegotiate_bytes = -1
2022-01-08 22:45:16 us=36422   renegotiate_packets = 0
2022-01-08 22:45:16 us=36429   renegotiate_seconds = 3600
2022-01-08 22:45:16 us=36436   handshake_window = 60
2022-01-08 22:45:16 us=36442   transition_window = 3600
2022-01-08 22:45:16 us=36449   single_session = DISABLED
2022-01-08 22:45:16 us=36455   push_peer_info = DISABLED
2022-01-08 22:45:16 us=36462   tls_exit = DISABLED
2022-01-08 22:45:16 us=36469   tls_crypt_v2_metadata = '[UNDEF]'
2022-01-08 22:45:16 us=36480   server_network = 0.0.0.0
2022-01-08 22:45:16 us=36487   server_netmask = 0.0.0.0
2022-01-08 22:45:16 us=36495   server_network_ipv6 = ::
2022-01-08 22:45:16 us=36502   server_netbits_ipv6 = 0
2022-01-08 22:45:16 us=36509   server_bridge_ip = 0.0.0.0
2022-01-08 22:45:16 us=36516   server_bridge_netmask = 0.0.0.0
2022-01-08 22:45:16 us=36522   server_bridge_pool_start = 0.0.0.0
2022-01-08 22:45:16 us=36530   server_bridge_pool_end = 0.0.0.0
2022-01-08 22:45:16 us=36536   ifconfig_pool_defined = DISABLED
2022-01-08 22:45:16 us=36543   ifconfig_pool_start = 0.0.0.0
2022-01-08 22:45:16 us=36550   ifconfig_pool_end = 0.0.0.0
2022-01-08 22:45:16 us=36557   ifconfig_pool_netmask = 0.0.0.0
2022-01-08 22:45:16 us=36563   ifconfig_pool_persist_filename = '[UNDEF]'
2022-01-08 22:45:16 us=36570   ifconfig_pool_persist_refresh_freq = 600
2022-01-08 22:45:16 us=36577   ifconfig_ipv6_pool_defined = DISABLED
2022-01-08 22:45:16 us=36583   ifconfig_ipv6_pool_base = ::
2022-01-08 22:45:16 us=36590   ifconfig_ipv6_pool_netbits = 0
2022-01-08 22:45:16 us=36597   n_bcast_buf = 256
2022-01-08 22:45:16 us=36603   tcp_queue_limit = 64
2022-01-08 22:45:16 us=36610   real_hash_size = 256
2022-01-08 22:45:16 us=36617   virtual_hash_size = 256
2022-01-08 22:45:16 us=36623   client_connect_script = '[UNDEF]'
2022-01-08 22:45:16 us=36630   learn_address_script = '[UNDEF]'
2022-01-08 22:45:16 us=36636   client_disconnect_script = '[UNDEF]'
2022-01-08 22:45:16 us=36643   client_config_dir = '[UNDEF]'
2022-01-08 22:45:16 us=36650   ccd_exclusive = DISABLED
2022-01-08 22:45:16 us=36656   tmp_dir = '/tmp'
2022-01-08 22:45:16 us=36663   push_ifconfig_defined = DISABLED
2022-01-08 22:45:16 us=36670   push_ifconfig_local = 0.0.0.0
2022-01-08 22:45:16 us=36677   push_ifconfig_remote_netmask = 0.0.0.0
2022-01-08 22:45:16 us=36683   push_ifconfig_ipv6_defined = DISABLED
2022-01-08 22:45:16 us=36690   push_ifconfig_ipv6_local = ::/0
2022-01-08 22:45:16 us=36697   push_ifconfig_ipv6_remote = ::
2022-01-08 22:45:16 us=36704   enable_c2c = DISABLED
2022-01-08 22:45:16 us=36710   duplicate_cn = DISABLED
2022-01-08 22:45:16 us=36717   cf_max = 0
2022-01-08 22:45:16 us=36723   cf_per = 0
2022-01-08 22:45:16 us=36730   max_clients = 1024
2022-01-08 22:45:16 us=36736   max_routes_per_client = 256
2022-01-08 22:45:16 us=36743   auth_user_pass_verify_script = '[UNDEF]'
2022-01-08 22:45:16 us=36750   auth_user_pass_verify_script_via_file = DISABLED
2022-01-08 22:45:16 us=36756   auth_token_generate = DISABLED
2022-01-08 22:45:16 us=36763   auth_token_lifetime = 0
2022-01-08 22:45:16 us=36769   auth_token_secret_file = '[UNDEF]'
2022-01-08 22:45:16 us=36776   port_share_host = '[UNDEF]'
2022-01-08 22:45:16 us=36783   port_share_port = '[UNDEF]'
2022-01-08 22:45:16 us=36790   vlan_tagging = DISABLED
2022-01-08 22:45:16 us=36796   vlan_accept = all
2022-01-08 22:45:16 us=36803   vlan_pvid = 1
2022-01-08 22:45:16 us=36810   client = ENABLED
2022-01-08 22:45:16 us=36816   pull = ENABLED
2022-01-08 22:45:16 us=36823   auth_user_pass_file = '/conf/endpoint/endpoint_login.conf'
2022-01-08 22:45:16 us=36830 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021
2022-01-08 22:45:16 us=36840 library versions: OpenSSL 1.1.1k-freebsd  25 Mar 2021, LZO 2.10
2022-01-08 22:45:16 us=37108 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1/sock
2022-01-08 22:45:16 us=37161 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-01-08 22:45:16 us=37955 WARNING: experimental option --capath /var/etc/openvpn/client1/ca
2022-01-08 22:45:16 us=38112 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2022-01-08 22:45:16 us=38137 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2022-01-08 22:45:16 us=38160 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-01-08 22:45:16 us=38168 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-01-08 22:45:16 us=38181 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x
2022-01-08 22:45:16 us=38197 Socket Buffers: R=[65228->65228] S=[65228->65228]
2022-01-08 22:45:16 us=38212 Attempting to establish TCP connection with [AF_INET]x.x.x.x [nonblock]
2022-01-08 22:45:16 us=63463 TCP connection established with [AF_INET]x.x.x.x
2022-01-08 22:45:16 us=63484 TCPv4_CLIENT link local (bound): [AF_INET]192.168.x.x:0
2022-01-08 22:45:16 us=63493 TCPv4_CLIENT link remote: [AF_INET]x.x.x.x
2022-01-08 22:45:27 us=562254 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
2022-01-08 22:45:27 us=562427 MANAGEMENT: CMD 'state 1'
2022-01-08 22:45:27 us=562528 MANAGEMENT: Client disconnected
2022-01-08 22:45:47 us=752020 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
2022-01-08 22:45:47 us=752265 MANAGEMENT: CMD 'state 1'
2022-01-08 22:45:47 us=752400 MANAGEMENT: Client disconnected
2022-01-08 22:46:07 us=915511 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
2022-01-08 22:46:07 us=915690 MANAGEMENT: CMD 'state 1'
2022-01-08 22:46:07 us=915785 MANAGEMENT: Client disconnected
2022-01-08 22:46:16 us=535889 [UNDEF] Inactivity timeout (--ping-restart), restarting
2022-01-08 22:46:16 us=535966 TCP/UDP: Closing socket
2022-01-08 22:46:16 us=536033 SIGUSR1[soft,ping-restart] received, process restarting
2022-01-08 22:46:16 us=536058 Restart pause, 5 second(s)
^C2022-01-08 22:46:18 us=164396 SIGINT[hard,init_instance] received, process exiting  <-- i quit ctrl+c

Any Idea how i can get this woking?


BR



mode

mode
OpenVpn Newbie
Posts: 2
Joined: Sat Jan 08, 2022 10:05 pm

Re: Client does not connect after updating from 2.4.4 to 2.5.2

Post by mode » Sat Jan 08, 2022 10:54 pm

I just copied the openvpn 2.4.4. executable together with libcrypto.so.8 and libssl.so.8 to from the old pfsense to the new pfsense and tried to start the vpn with the old config file. surprisingly (for me) the error remains the same
I would have expected this to work now, since executable and config file are the same as the old system. But it does not work.
Can it be because of the openssl version?

jon8rfc
OpenVpn Newbie
Posts: 1
Joined: Mon Feb 07, 2022 3:56 am

Re: Client does not connect after updating from 2.4.4 to 2.5.2

Post by jon8rfc » Mon Feb 07, 2022 4:38 am

Did you resolve your issue? I also upgraded to PFSense 2.5.2 and had problems.
I'm trying to find out if the issue is somehow on my end or a bug with PFSense.

After spinning my tires, thinking it was a config issue on my end since I also hadn't used OpenVPN in nearly 2 years and upgraded both sides, I've come to find a workaround being forcing a filter reload on PFSense. Enable the OpenVPN client on PFSense, let it connect, then go to http://pfsense.router.ip.address/status_filter_reload.php

Run that, wait a few seconds until it finishes, then my clients connection are routed through VPN properly. The route-nopull nonsense I've often seen everyone suggest for PFSense seems like it's just been covering up some other type of PFSense issue. I no longer use it. I never need to use that on Windows, Android, or DD-WRT clients...but it was necessary for PFSense clients as a "try this" solution.

Post Reply