lanbert 1 Posted ... I have a working OpenVPN connection in pfSense that I setup using the awesome set up guide as well as a WireGuard connection. I currently am using WireGuard for performance reasons but I'd like to utilize OpenVPN with Data Channel Offload that is new to the recent 22.05 release. As I understand it all you need to do is tick the 'Enable Data Channel Offload (DCO) for this instance' box and it should work, but when I enable it my connection stops working. I will see a session listed on the website, but no data is flowing. If anyone has gotten this working I'd appreciate any advice Quote Share this post Link to post
OpenSourcerer 1441 Posted ... Logs. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lanbert 1 Posted ... 2 hours ago, OpenSourcerer said: Logs. Sure, OpenVPN logs from pfSense: Jul 9 08:02:55 openvpn 53514 SIGUSR1[soft,server_poll] received, process restarting Jul 9 08:02:55 openvpn 53514 Server poll timeout, restarting Jul 9 08:02:45 openvpn 53514 UDPv4 link remote: [AF_INET]184.75.221.197:443 Jul 9 08:02:45 openvpn 53514 UDPv4 link local (bound): [AF_INET]x.x.x.x:0 Jul 9 08:02:45 openvpn 53514 Socket Buffers: R=[42080->42080] S=[57344->57344] Jul 9 08:02:45 openvpn 53514 TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.197:443 Jul 9 08:02:41 openvpn 9902 Initialization Sequence Completed Jul 9 08:02:41 openvpn 9902 OPTIONS IMPORT: data channel crypto options modified Jul 9 08:02:41 openvpn 9902 OPTIONS IMPORT: peer-id set Jul 9 08:02:41 openvpn 9902 OPTIONS IMPORT: route-related options modified Jul 9 08:02:41 openvpn 9902 OPTIONS IMPORT: --ifconfig/up options modified Jul 9 08:02:41 openvpn 9902 OPTIONS IMPORT: compression parms modified Jul 9 08:02:41 openvpn 9902 OPTIONS IMPORT: timers and/or timeouts modified Jul 9 08:02:41 openvpn 9902 /usr/local/sbin/ovpn-linkup ovpnc3 1500 0 10.31.98.67 255.255.255.0 init Jul 9 08:02:41 openvpn 9902 /sbin/route add -net 10.31.98.0 10.31.98.1 255.255.255.0 Jul 9 08:02:41 openvpn 9902 /sbin/ifconfig ovpnc3 10.31.98.67 10.31.98.1 mtu 1500 netmask 255.255.255.0 up Jul 9 08:02:41 openvpn 9902 TUN/TAP device /dev/tun3 opened Jul 9 08:02:41 openvpn 9902 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jul 9 08:02:41 openvpn 9902 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Jul 9 08:02:41 openvpn 9902 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.31.98.1,route-gateway 10.31.98.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.31.98.67 255.255.255.0,peer-id 4,cipher AES-256-GCM' Jul 9 08:02:41 openvpn 9902 SENT CONTROL [Tejat]: 'PUSH_REQUEST' (status=1) Jul 9 08:02:40 openvpn 9902 [Tejat] Peer Connection Initiated with [AF_INET]184.75.221.197:443 Jul 9 08:02:40 openvpn 9902 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 Jul 9 08:02:40 openvpn 9902 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' Jul 9 08:02:40 openvpn 9902 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512' Jul 9 08:02:40 openvpn 9902 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1602' Jul 9 08:02:40 openvpn 53514 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Jul 9 08:02:40 openvpn 53514 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jul 9 08:02:40 openvpn 53514 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Jul 9 08:02:40 openvpn 53514 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jul 9 08:02:40 openvpn 53514 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 9 08:02:40 openvpn 53514 SIGUSR1[soft,server_poll] received, process restarting Jul 9 08:02:40 openvpn 53514 Server poll timeout, restarting Jul 9 08:02:40 openvpn 9902 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Tejat, emailAddress=info@airvpn.org Jul 9 08:02:40 openvpn 9902 VERIFY EKU OK Jul 9 08:02:40 openvpn 9902 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jul 9 08:02:40 openvpn 9902 Validating certificate extended key usage Jul 9 08:02:40 openvpn 9902 VERIFY KU OK Jul 9 08:02:40 openvpn 9902 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jul 9 08:02:40 openvpn 9902 VERIFY WARNING: depth=1, unable to get certificate CRL: C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jul 9 08:02:40 openvpn 9902 VERIFY WARNING: depth=0, unable to get certificate CRL: C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Tejat, emailAddress=info@airvpn.org Jul 9 08:02:40 openvpn 9902 TLS: Initial packet from [AF_INET]184.75.221.197:443, sid=127fe5b2 f3ded40c Jul 9 08:02:40 openvpn 9902 UDPv4 link remote: [AF_INET]184.75.221.197:443 Jul 9 08:02:40 openvpn 9902 UDPv4 link local (bound): [AF_INET]x.x.x.x:0 Jul 9 08:02:40 openvpn 9902 Socket Buffers: R=[42080->42080] S=[57344->57344] Jul 9 08:02:40 openvpn 9902 TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.197:443 Jul 9 08:02:40 openvpn 9902 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Jul 9 08:02:40 openvpn 9902 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jul 9 08:02:40 openvpn 9902 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Jul 9 08:02:40 openvpn 9902 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jul 9 08:02:40 openvpn 9902 WARNING: experimental option --capath /var/etc/openvpn/client3/ca Jul 9 08:02:40 openvpn 9902 Initializing OpenSSL support for engine 'rdrand' Jul 9 08:02:40 openvpn 9902 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 9 08:02:40 openvpn 9902 mlockall call succeeded Jul 9 08:02:40 openvpn 9902 mlock: MEMLOCK limit: soft=131072 KB, hard=131072 KB Jul 9 08:02:40 openvpn 9902 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3/sock Jul 9 08:02:40 openvpn 9846 library versions: OpenSSL 1.1.1n-freebsd 15 Mar 2022, LZO 2.10 Jul 9 08:02:40 openvpn 9846 OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] [DCO] built on Jun 4 2022 Some hopefully relevant documentation I've stumbled upon, especially the limitations part which I'm thinking might require toggling a setting or two:https://github.com/OpenVPN/ovpn-dcohttps://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html Quote Share this post Link to post
fysh 3 Posted ... It's only supported on OpenVPN 2.6.0 which is not released yet, and is not in use by AirVPN. Says under limitations on the second link you posted: DCO support is only present in OpenVPN 2.6.0 which is still in development. 1 OpenSourcerer reacted to this Quote Share this post Link to post
OpenSourcerer 1441 Posted ... In addition to that, the logs outline a server poll timeout, possibly hinting at something the client tries to negotiate which the server doesn't support. 1 fysh reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
DashWBlask 0 Posted ... If you have fifechan compiled, its looks like it isn't set up within your PATH correctly. Kili Edit: What tutorial you are talking about? Quote Share this post Link to post
dIecbasC 38 Posted ... There’s a redmine issue described on pfSense forums I was reading last night, TL;DR it will require a patch/update to resolve the issue. Quote Share this post Link to post