Tom Davison
Firewall Upgrade - Image of wall and fire escape ladders

OpenVPN Fix after upgrading to pfSense 23.01

Posted on by Tom Davison

As with all systems it’s important to keep them up to date and this is especially true with firewalls even if they are just playing a part in a home lab. Recently, there was an upgrade available for pfSense which brought in a whole host of great new features in version 23.01. These included upgrading the version of PHP, some fixes to OpenVPN and improving the captive portal and also upgrading the version of PFBlocker (by the way PFBlocker is a really good package and worth checking in more detail if you don’t already use it!).

However, while Netgate (the company who maintain pfSense), usually do a great job of testing everything before it goes out the door, I did stumble across a bug with OpenVPN failing to start after the upgrade to 23.01. After reading through some forum posts it would appear to only affect the SG-3100 and other ‘older’ Netgate devices. This did provide a little fun for me on a Sunday afternoon.

I found the bug when I restarted the firewall and noticed that the OpenVPN service was failing to start. I did the usual things of manually restarting the service, waiting a few moments, but ultimately ended at going to check the logs and found the following error message;

Cannot open TUN/TAP dev /dev/tun1: No such file or directory (errno=2)
Cannot open TUN/TAP dev /dev/tun1: No such file or directory (errno=2)

OpenVPN TUN/TAP dev Fix

  1. After validating that you are experiencing the same issue and you are running pfSense 23.01, click on Diagnostics from the top menu bar.
  2. In the drop down menu, click on Command Prompt
  3. You will then see the following screen. You will need to enter the following command in the “Execute Shell Command box”

kldxref /boot/kernel

  1. Then click Execute
  2. You should then be able to restart your OpenVPN service Services option under the Status drop down on the menu bar at the top of the screen.
Command Promt to Fix OpenVPN

Important Takeaways

Prior to any upgrade it is important to test it before putting it on a production environment so you are fully aware of the caveats that may come as part of the roll out. Testing in a lab is absolutely key, alongside a well thought through back out plan. Consider these two elements in particular before any production change. I would also suggest using tools such as Ansible to automate changes and make them as predictable as possible.

Netgate have already accepted this bug and implemented a fix ready for the next release.

DISCLAIMER

Leave a Reply