OpenVPN problems

podilarius · Jun 6, 2012, 11:49 AM

With a latest build and gitsync, I am getting the following error for my OpenVPNs. They are failing to connect.

Jun 6 07:44:55 openvpn[49428]: Use –help for more information.
Jun 6 07:44:55 openvpn[49428]: Options error: –client-connect requires --mode server

I don't know if it is related to the last couple of commits:
Import OpenVPN cisco style radius attributes applying policy to logge...

I found an old post from 2010 for version 2.0 Dev builds, but doing what it suggest to get it going is not working. Please let me know if there is something I can do to correct the issue.

Cino · Jun 6, 2012, 4:18 PM

i can't connect with my client either,

from the client side:


Wed Jun 06 12:19:00 2012 AUTH: Received control message: AUTH_FAILED
Wed Jun 06 12:19:00 2012 SIGTERM[soft,auth-failure] received, process exiting

both my roadwarrior and my p2p wont connect

mikesamo · Jun 6, 2012, 8:14 PM

same issue here.

jimp · Jun 6, 2012, 8:25 PM

What shows up in the actual openvpn server config in /var/etc/openvpn?

And are these clients or servers in each of these cases?

mikesamo · Jun 6, 2012, 8:30 PM

Client for me

getting same message

Jun 6 07:44:55 openvpn[49428]: Use –help for more information.
Jun 6 07:44:55 openvpn[49428]: Options error: –client-connect requires --mode server

podilarius · Jun 6, 2012, 8:33 PM

It is a client for me as well.

Here is the config on client1.conf …. client2 is exactly the same only with different IPs.

dev ovpnc1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xx.xx.xx.xx
lport 0
management /var/etc/openvpn/client1.sock unix
remote yy.yy.yy.yy 1194
ifconfig zz.zz.zz.zz zz.zz.zz.aa
route cc.cc.cc.cc 255.255.255.0
secret /var/etc/openvpn/client1.secret 
comp-lzo

mikesamo · Jun 6, 2012, 8:34 PM

dev ovpnc2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 4.3.2.1
engine padlock
tls-client
client
lport 0
management /var/etc/openvpn/client2.sock unix
remote 1.2.3.4 1234
ca /var/etc/openvpn/client2.ca
cert /var/etc/openvpn/client2.cert
key /var/etc/openvpn/client2.key
tls-auth /var/etc/openvpn/client2.tls-auth 1
comp-lzo
resolv-retry infinite
verb 5
tun-mtu 1500
keysize 128
persist-key
fragment 1389
mssfix 1389

mikesamo · Jun 6, 2012, 8:42 PM

Ok I got it with comment theses 2 lines from the conf files

#client-connect /usr/local/sbin/openvpn.attributes.sh
#client-disconnect /usr/local/sbin/openvpn.attributes.sh

mikesamo · Jun 6, 2012, 8:44 PM

theses line are only for server config.

jimp · Jun 6, 2012, 8:46 PM

ok that's probably from the radius acl import that happened yesterday.

podilarius · Jun 6, 2012, 8:49 PM

Commented the lines out myself and the VPN connects. Was there a commit that put those in there?

podilarius · Jun 6, 2012, 8:51 PM

commit 1492e02 does this.

mikesamo · Jun 6, 2012, 8:53 PM

https://github.com/bsdperimeter/pfsense/commit/5b4ee05e58777606c988c099139adb25633b50c3

jimp · Jun 6, 2012, 8:58 PM

Fix commited, gitsync and it should be ok

mikesamo · Jun 6, 2012, 9:08 PM

seem to work after reboot thx!

podilarius · Jun 6, 2012, 9:12 PM

Thanks for fixing that. :-D

Cino · Jun 7, 2012, 1:28 AM

Thanks Jim!