OpenVPN problems

mikesamo

same issue here.

jimp

What shows up in the actual openvpn server config in /var/etc/openvpn?

And are these clients or servers in each of these cases?

mikesamo

Client for me

getting same message

Jun 6 07:44:55  openvpn[49428]: Use –help for more information.
Jun 6 07:44:55  openvpn[49428]: Options error: –client-connect requires --mode server

podilarius

It is a client for me as well.

Here is the config on client1.conf …. client2 is exactly the same only with different IPs.

dev ovpnc1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xx.xx.xx.xx
lport 0
management /var/etc/openvpn/client1.sock unix
remote yy.yy.yy.yy 1194
ifconfig zz.zz.zz.zz zz.zz.zz.aa
route cc.cc.cc.cc 255.255.255.0
secret /var/etc/openvpn/client1.secret 
comp-lzo

mikesamo

dev ovpnc2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 4.3.2.1
engine padlock
tls-client
client
lport 0
management /var/etc/openvpn/client2.sock unix
remote 1.2.3.4 1234
ca /var/etc/openvpn/client2.ca
cert /var/etc/openvpn/client2.cert
key /var/etc/openvpn/client2.key
tls-auth /var/etc/openvpn/client2.tls-auth 1
comp-lzo
resolv-retry infinite
verb 5
tun-mtu 1500
keysize 128
persist-key
fragment 1389
mssfix 1389

mikesamo

Ok I got it with comment theses 2 lines from the conf files

#client-connect /usr/local/sbin/openvpn.attributes.sh
#client-disconnect /usr/local/sbin/openvpn.attributes.sh

mikesamo

theses line are only for server config.

jimp

ok that's probably from the radius acl import that happened yesterday.

podilarius

Commented the lines out myself and the VPN connects. Was there a commit that put those in there?

podilarius

commit 1492e02 does this.

mikesamo

https://github.com/bsdperimeter/pfsense/commit/5b4ee05e58777606c988c099139adb25633b50c3

jimp

Fix commited, gitsync and it should be ok

mikesamo

seem to work after reboot thx!

podilarius

Thanks for fixing that. :-D

Cino

Thanks Jim!