plugins OpenConnect plugin is in a broken state

OpenConnect plugin is in a broken state

Open Clifra-Jones opened this issue 1 year ago • 2 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
[x] The title contains the plugin to which this issue belongs

Describe the bug At startup openconnect executes and connect successfully. Then it is shutdown and the interface link state is changed to down. This is recorded in the logs.

ocvpn0: link state changed to DOWN

If you go to System->Diagnostics->Services and start OpenConnect service it works.

Something is shutting down OpenConnect. Is this by design? I say that because it you select 11) Reload All Services from the console menu the system hangs after loading OpenConnect. Is there something shutting it down in order to get to the menu?

As OpenConnect is primarily a client VPN it would make sense to not start OpenConnect at system startup and allow the user to start it manually. This would work fine for my uses. OpenConnect probably should not be used for am always on site-to-site vpn. Is there a way to stop the plugin from trying to load at startup?

Expected behavior One of 2 solutions.

OpenConnect starts at system startup and stays connected.
OpenConnect does not start at system startup and the user can manually start the service. (preferred option)

Relevant log files commented out the >/dev/null to show more info in the log

<13>1 2023-12-08T14:19:04+00:00 OPNsense.localdomain kernel - - [meta sequenceId="248"] <118>starting openconnect
<13>1 2023-12-08T14:19:25+00:00 OPNsense.localdomain kernel - - [meta sequenceId="249"] <118>DTLS handshake failed: 2
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="250"] <118>ifconfig: interface tun30000 does not exist
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="251"] <6>tun30000: link state changed to UP
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="252"] <118>add host 44.207.187.204: gateway 10.0.0.1
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="253"] [fib_algo] inet.0 (bsearch4#22) rebuild_fd_flm: switching algo to radix4_lockless
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="254"] <118>add net 10.7.92.215: gateway 10.7.92.215 fib 0: route already in table
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="255"] <118>add net 172.16.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="256"] <118>add net 172.16.40.128: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="257"] <118>add net 192.168.29.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="258"] <118>add net 192.168.28.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="259"] <118>add net 10.72.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="260"] <118>add net 10.60.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="261"] <118>add net 10.50.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="262"] <118>add net 10.45.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="263"] <118>add net 10.150.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="264"] <118>add net 10.128.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="265"] <118>add net 10.124.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="266"] <118>add net 10.120.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="267"] <118>add net 10.116.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="268"] <118>add net 10.103.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="269"] <118>add net 172.20.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="270"] <118>add net 10.46.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="271"] <118>add net 10.12.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="272"] <118>add net 10.7.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="273"] <118>add net 10.6.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:27+00:00 OPNsense.localdomain kernel - - [meta sequenceId="274"] <118>add net 10.3.0.0: gateway 10.7.92.215
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="275"] <6>tun30000: changing name to 'ocvpn0'
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="276"] <118>ocvpn0
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="277"] <118>>>> Invoking start script 'syslog'
<45>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain syslog-ng 1817 - [meta sequenceId="1"] Configuration reload request received, reloading configuration;
<45>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain syslog-ng 1817 - [meta sequenceId="2"] Configuration reload finished;
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="3"] <118>>>> Invoking start script 'virtualbox'
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="4"] <118>Starting vboxservice.
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="5"] <118>14:19:38.593839 main     VBoxService 6.1.48 r159471 (verbosity: 0) freebsd.amd64 (Nov 22 2023 01:49:03) release log
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="6"] <118>14:19:38.593845 main     Log opened 2023-12-08T14:19:38.593832000Z
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="7"] <118>14:19:38.593900 main     OS Product: FreeBSD
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="8"] <118>14:19:38.593909 main     OS Release: 13.2-RELEASE-p5
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="9"] <118>14:19:38.593919 main     OS Version: FreeBSD 13.2-RELEASE-p5 stable/23.7-n254837-8806e8fefb1 SMP
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="10"] <118>14:19:38.593929 main     Executable: /usr/local/sbin/VBoxService
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="11"] <118>14:19:38.593929 main     Process ID: 61910
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="12"] <118>14:19:38.593930 main     Package type: BSD_64BITS_GENERIC (OSE)
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="13"] <118>14:19:38.594798 main     6.1.48 r159471 started. Verbose level = 0
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="14"] <118>>>> Invoking start script 'carp'
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="15"] <118>>>> Invoking start script 'cron'
<13>1 2023-12-08T14:19:38+00:00 OPNsense.localdomain kernel - - [meta sequenceId="16"] <118>Starting Cron: OK
<13>1 2023-12-08T14:19:39+00:00 OPNsense.localdomain kernel - - [meta sequenceId="17"] <118>>>> Invoking start script 'openvpn'
<13>1 2023-12-08T14:19:39+00:00 OPNsense.localdomain kernel - - [meta sequenceId="18"] <118>>>> Invoking start script 'sysctl'
<13>1 2023-12-08T14:19:39+00:00 OPNsense.localdomain opnsense 72316 - [meta sequenceId="19"] /usr/local/sbin/pluginctl: plugins_configure crl (1)
<13>1 2023-12-08T14:19:39+00:00 OPNsense.localdomain opnsense 72316 - [meta sequenceId="20"] /usr/local/sbin/pluginctl: plugins_configure crl (execute task : openvpn_refresh_crls(1))
<13>1 2023-12-08T14:19:39+00:00 OPNsense.localdomain kernel - - [meta sequenceId="21"] <118>Service `sysctl' has been restarted.
<13>1 2023-12-08T14:19:39+00:00 OPNsense.localdomain kernel - - [meta sequenceId="22"] <118>>>> Invoking start script 'beep'
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="23"] <118>Root file system: /dev/gpt/rootfs
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="24"] <118>Fri Dec  8 14:19:40 UTC 2023
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="25"] <118>
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="26"] <118>*** OPNsense.localdomain: OPNsense 23.7.9 ***
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="27"] <118>
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="28"] <118> LAN (em1)       -> v4: 192.168.57.3/24
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="29"] <118> WAN (em0)       -> v4/DHCP4: 10.0.0.251/24
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="30"] <118>
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="31"] <118> SSH:   SHA256 HLVaXDxr0wPLNuwpWOEnbiTDd6nrBCuzGEAJfOR9CGo (ECDSA)
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="32"] <118> SSH:   SHA256 CncBwWsWZ/LPSeqvW8E+yChzJtZJibWIfAeVfGqFpzc (ED25519)
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="33"] <118> SSH:   SHA256 bqB5NyxQaGSvQya0YcWg3XCqIcYmMdilewatGu2UTRw (RSA)
<13>1 2023-12-08T14:19:40+00:00 OPNsense.localdomain kernel - - [meta sequenceId="34"] <6>ocvpn0: link state changed to DOWN

Environment OPNsense 23.7.9-amd64 FreeBSD 13.2-RELEASE-p5 OpenSSL 1.1.1w

VirtualBox VM VirtualBox Version 7.0.12

Dec 08 '23 14:12 Clifra-Jones

Same problem.

OPNsense 23.7.11-amd64 FreeBSD 13.2-RELEASE-p7 OpenSSL 1.1.1w

Jan 16 '24 23:01 tribalRu

plugins plugins copied to clipboard

OpenConnect plugin is in a broken state

plugins
plugins copied to clipboard