Upgrade OpenVPN 2.3.1 server >> OpenVPN 2.4.1 server produces an write to TUN/TAP : Address family not supported error

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrade OpenVPN 2.3.1 server >> OpenVPN 2.4.1 server produces an write to TUN/TAP : Address family not supported error

Denis Lapshin-2
Hi All,

Have working setup with OpenVPN 2.3.1 on 54amd64 as a server side. As a
client side supposedly using hardcoded OpenVPN 2.1.2. I can't affect to
that version, just added ovpn.cnf to it to have it working. All work
fine on OpenBSD54 amd64 for years...

#openvpn --version

OpenVPN 2.3.1 x86_64-unknown-openbsd5.4 [SSL (OpenSSL)] [LZO] [eurephia]
[MH] [IPv6] built on Jul 23 2013
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <[hidden email]>
Compile time defines: enable_crypto=yes enable_debug=yes
enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown
enable_dlopen_self_static=unknown enable_eurephia=yes
enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes
enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes
enable_lzo_stub=no enable_management=yes enable_multi=yes
enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes
enable_pedantic=no enable_pf=yes enable_pkcs11=no
enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes
enable_port_share=yes enable_selinux=no enable_server=yes
enable_shared=yes enable_shared_with_static_runtimes=no
enable_silent_rules=no enable_small=no enable_socks=yes enable_ssl=yes
enable_static=yes enable_strict=no enable_strict_options=no
enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no
with_crypto_library=openssl with_gnu_ld=no with_mem_check=no
with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no

Here is fully working server's config

#cat /etc/server.conf
---------------------------------------------
local 127.0.0.1
proto udp
port 1000
dev tun0
dev-type tap

tun-mtu 1500
fragment 1500
mssfix 1500

keys section is removed...
dh...
ca...
crl-verify...
...end of removed section

tls-version-min 1.2    # since 2.3.3
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-exit

auth SHA512
cipher AES-256-CBC

ifconfig 192.168.8.6 192.168.8.254 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt 10
mode server
tls-server
key-method 2

client-to-client
comp-lzo
keepalive 5 60
user _openvpn
group _openvpn
daemon openvpn

persist-key
persist-tun
persist-local-ip
persist-remote-ip

push-peer-info

some pushes...
...end of some pushes

pid...
logs....

verb 4
------------------------------------------

...all working perfectly fine before upgrading to prepackaged OpenVPN
2.4.1 on OpenBSD 6.1amd64

#openvpn --version

OpenVPN 2.4.1 x86_64-unknown-openbsd6.1 [SSL (OpenSSL)] [LZO] [LZ4]
[MH/RECVDA] [AEAD] built on Apr 1 2017
library versions: LibreSSL 2.5.2, LZO 2.10
Originally developed by James Yonan....

I have connection problem appeared as an error code 47 in openvpn.log:

Eliminating the error from openvpn.log: Thu Nov 9 12:31:02 2017 US=XXXX
user/192.168.1.16:1035 MULTI: Learn: MA:CX:XX:XX:XX:XX ->
user/192.168.1.16:1035
Eliminating the error from openvpn.log: Thu Nov 9 12:31:02 2017 US=XXXX
user/192.168.1.16:1035 write to TUN/TAP : Address family not supported
by protocol family (code=47)

Does it have IPv6 problem as various maillists says or what?

Please give some recommendations how to resolve the issue.

Thank you for answer in advance

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade OpenVPN 2.3.1 server >> OpenVPN 2.4.1 server produces an write to TUN/TAP : Address family not supported error

Stuart Henderson
On 2017-11-09, Denis <[hidden email]> wrote:
> dev tun0
> dev-type tap

See https://www.openbsd.org/faq/upgrade59.html - switch to "dev tap0" and
move across associated config (PF rules, etc).

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade OpenVPN 2.3.1 server >> OpenVPN 2.4.1 server produces an write to TUN/TAP : Address family not supported error

Denis Lapshin-2
Thanks to Stuart,

When changed config '/etc/hostname.tun0' -> '/etc/hostname.tap0' plus
'/etc/openvpn/server.conf' dev tun0 -> dev tap0, and make some cosmetic
modifications in 'pf.conf' all works pretty fine since than.

On 11/10/2017 11:19 AM, Stuart Henderson wrote:
> On 2017-11-09, Denis <[hidden email]> wrote:
>> dev tun0
>> dev-type tap
> See https://www.openbsd.org/faq/upgrade59.html - switch to "dev tap0" and
> move across associated config (PF rules, etc).
>