OpenVPN Site2Site tunnel not working after upgrade tp 21.7.1

Started by evilgenius, August 18, 2021, 09:57:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2021, 09:57:51 PM
Hi together,

after I upgrade my main firewall from 21.7 to 21.7.1 the site2site VPN's aren't working. It is a problem in the server config of openvpn.

Working config in 21.7:
Code Select
dev ovpns5
verb 3
dev-type tun
dev-node /dev/tun5
writepid /var/run/openvpn_server5.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.181.20
tls-server
ifconfig 10.100.5.1 10.100.5.2
tls-verify "deleted"
lport 1198
management /var/etc/openvpn/server5.sock unix
push "route 10.100.0.0 255.255.255.0"


This part in 21.7 "ifconfig 10.100.5.1 10.100.5.2" show up in the WebUI as IPv4 Tunnel Network 10.100.5.0/30.
After the Upgrade to 21.7.1 the subnetmask /30 prevent the tunnel to be started... /28 /27 /26 and so on are working but breaking the routing...

Error message in the WebUI: openvpn Unable to contact daemon

Is this a known bug?

BR Andreas

August 23, 2021, 04:55:49 AM #1
I am having the same issue, its a "backup OOB" VPN so wasn't noticed, but I see in the logs

Code Select
2021-08-22T22:44:11 openvpn[17914] Use --help for more information.
2021-08-22T22:44:11 openvpn[17914] Options error: --client-config-dir/--ccd-exclusive requires --mode server
2021-08-22T22:44:11 openvpn[17914] Cipher negotiation is disabled since neither P2MP client nor server mode is enabled

September 03, 2021, 12:58:03 PM #2
I am facing the same issue. I had to rollback to 21.7
September 25, 2021, 05:00:00 PM #3
Seems this is fixed in 21.7.3, I made no changes and just happened to notice the VPN lin k was back up after upgrading.
Print
Go Up Pages1
User actions