OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: Free_Norway on November 16, 2016, 11:47:24 pm

Title: 16.7.8 update broke Openvpn setup
Post by: Free_Norway on November 16, 2016, 11:47:24 pm

Hi

Has anybody experienced problems with openvpn client setups after the 16.7.8 update?
My client vpn's are not working anymore.
The log showes they(3 seperate vpn)connect but after some seconds the log shows different failures.
When disabling 2 of the clients i get the active client to reconnect, but it failes again after some seconds.
The log almost always shows these 3 lines or line 1 and 3
MANAGEMENT:Client disconnected
MANAGEMENT:CMD 'status 2'
MANAGEMENT:CMD 'state 1'
after that it reconnects again

Does anybody has an idea whats wrong?

Title: Re: 16.7.8 update broke Openvpn setup
Post by: Free_Norway on November 21, 2016, 04:10:46 pm

UPDATE:
A complete new install fixed the problem.
One thing i noticed was that i was not able to reinstall and use the old config.
All the interfaces where assiged different, so they had to be assigned manually before parts of the old config could be applied.

Regards
Sebastian

Title: Re: 16.7.8 update broke Openvpn setup
Post by: franco on November 21, 2016, 05:24:20 pm

Hi Sebastian,

Sorry for the late reply. How exactly did "interfaces where assigned different" manifest in terms of the setup?


Cheers,
Franco

Title: Re: 16.7.8 update broke Openvpn setup
Post by: Free_Norway on November 23, 2016, 12:42:36 am

Hi Franco

Thanks for the reply.
Short a explanation about the interfaces on the motherboard:
It has 2x SFP Intel i350 interfaces(igb0 and igb1) and 6 gigabit lan(em0-em5).
I use right now em0 as WAN and em1 as LAN. All the other em interfaces are disabled in the BIOS(the igb interfaces can not be disabled in the BIOS).
When reinstalling i assign the em0 and em1 interface manually throught the com consol on the motherboard.
After the initial setup i tried to restore the last configuration, but after the reboot none of the em interfaces are assigned.
When i then again reassign the interfaces as they should be, some of the settings that depend on the interface have to be altered ->firewall rules/NAT Port Forward/NAT Outbound
Do you have any tip what i do wrong?
...or is it the fundamental changes in FreeBSD that make the restoring of the config after upgrades difficult?

Still, thanks for a great product and all the good work
Regards
Sebastian

Title: Re: 16.7.8 update broke Openvpn setup
Post by: franco on November 23, 2016, 08:48:55 am

Hi Sebastian,

On an interface mismatch in the config, the system will attempt to reassign ports, I guess in your case igb0 and igb1? Which devices are embedded in the config -- em0 and em1?

The boot will print if it reverts back to a default configuration. Can you maybe check there after a restore?

Worst case, the config.xml should be edited for <interfaces> receiving the correct devices before import. It only does a text match, unless the devices take time to appear in the sytem...


Cheers,
Franco