No encryption algorithm visible under OpenVPN Server setting.
-
That list is populated based on the output of an openvpn command:
/usr/local/sbin/openvpn --show-ciphers
If the GUI list is empty, that command must be failing. Try to run it from a console or ssh shell prompt and see what it returns. It's possible your installation has a more fundamental problem with the files on the filesystem or mismatched package versions.
-
I do get some error message when i check installed packages.
Result of Openvpn command from console.
[2.3.3-RELEASE][admin@spartan.alpinelan.local]/root: /usr/local/sbin/openvpn –show-ciphers
The following ciphers and cipher modes are available
for use with OpenVPN. Each cipher shown below may be
used as a parameter to the --cipher option. The default
key size is shown as well as whether or not it can be
changed with the --keysize directive. Using a CBC mode
is recommended. In static key mode only CBC mode is allowed.DES-CFB 64 bit default key (fixed) (TLS client/server mode)
DES-CBC 64 bit default key (fixed)
IDEA-CBC 128 bit default key (fixed)
IDEA-CFB 128 bit default key (fixed) (TLS client/server mode)
RC2-CBC 128 bit default key (variable)
RC2-CFB 128 bit default key (variable) (TLS client/server mode)
RC2-OFB 128 bit default key (variable) (TLS client/server mode)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DES-OFB 64 bit default key (fixed) (TLS client/server mode)
IDEA-OFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE-CFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB 192 bit default key (fixed) (TLS client/server mode)
DES-EDE-OFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE3-OFB 192 bit default key (fixed) (TLS client/server mode)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
BF-CFB 128 bit default key (variable) (TLS client/server mode)
BF-OFB 128 bit default key (variable) (TLS client/server mode)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
CAST5-CFB 128 bit default key (variable) (TLS client/server mode)
CAST5-OFB 128 bit default key (variable) (TLS client/server mode)
RC5-CBC 128 bit default key (variable)
RC5-CFB 128 bit default key (variable) (TLS client/server mode)
RC5-OFB 128 bit default key (variable) (TLS client/server mode)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-128-OFB 128 bit default key (fixed) (TLS client/server mode)
AES-128-CFB 128 bit default key (fixed) (TLS client/server mode)
AES-192-CBC 192 bit default key (fixed)
AES-192-OFB 192 bit default key (fixed) (TLS client/server mode)
AES-192-CFB 192 bit default key (fixed) (TLS client/server mode)
AES-256-CBC 256 bit default key (fixed)
AES-256-OFB 256 bit default key (fixed) (TLS client/server mode)
AES-256-CFB 256 bit default key (fixed) (TLS client/server mode)
AES-128-CFB1 128 bit default key (fixed) (TLS client/server mode)
AES-192-CFB1 192 bit default key (fixed) (TLS client/server mode)
AES-256-CFB1 256 bit default key (fixed) (TLS client/server mode)
AES-128-CFB8 128 bit default key (fixed) (TLS client/server mode)
AES-192-CFB8 192 bit default key (fixed) (TLS client/server mode)
AES-256-CFB8 256 bit default key (fixed) (TLS client/server mode)
DES-CFB1 64 bit default key (fixed) (TLS client/server mode)
DES-CFB8 64 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB1 192 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB8 192 bit default key (fixed) (TLS client/server mode)
CAMELLIA-128-CBC 128 bit default key (fixed)
CAMELLIA-192-CBC 192 bit default key (fixed)
CAMELLIA-256-CBC 256 bit default key (fixed)
CAMELLIA-128-CFB 128 bit default key (fixed) (TLS client/server mode)
CAMELLIA-192-CFB 192 bit default key (fixed) (TLS client/server mode)
CAMELLIA-256-CFB 256 bit default key (fixed) (TLS client/server mode)
CAMELLIA-128-CFB1 128 bit default key (fixed) (TLS client/server mode)
CAMELLIA-192-CFB1 192 bit default key (fixed) (TLS client/server mode)
CAMELLIA-256-CFB1 256 bit default key (fixed) (TLS client/server mode)
CAMELLIA-128-CFB8 128 bit default key (fixed) (TLS client/server mode)
CAMELLIA-192-CFB8 192 bit default key (fixed) (TLS client/server mode)
CAMELLIA-256-CFB8 256 bit default key (fixed) (TLS client/server mode)
CAMELLIA-128-OFB 128 bit default key (fixed) (TLS client/server mode)
CAMELLIA-192-OFB 192 bit default key (fixed) (TLS client/server mode)
CAMELLIA-256-OFB 256 bit default key (fixed) (TLS client/server mode)
SEED-CBC 128 bit default key (fixed)
SEED-OFB 128 bit default key (fixed) (TLS client/server mode)
SEED-CFB 128 bit default key (fixed) (TLS client/server mode)
-
What version of OpenVPN is on there? The output from that command on 2.3.3 should be different than what you show.
-
I am on 2.3.3 or atleast thats what shows on pfsense GUI as well as on the console.
[2.3.3-RELEASE][admin@spartan.alpinelan.local]/root:
-
Right but what does it show for OpenVPN?
: openvpn --version
: pkg info -x openvpn
-
[2.3.3-RELEASE][admin@spartan.alpinelan.local]/root: openvpn –version
OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sales@openvpn.netCompile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no[2.3.3-RELEASE][admin@spartan.alpinelan.local]/root: pkg info -x openvpn
openvpn-2.3.11
openvpn-client-export-2.4.1_1
pfSense-pkg-openvpn-client-export-1.4.3/sales@openvpn.net -
That should be OpenVPN 2.3.12 if you're on pfSense 2.3.3
Something must not have completely finished in your upgrade.
Go to System > Update, Update Settings tab. Make sure that 'Stable' is selected and even if you change nothing, save the settings again. Then run "pfSense-upgrade -d" from the console and update the OS to the latest version, which should be 2.3.4.
-
Thanks Jimp!!
I did that and now i can see drop down list for encryption algorithm.
pfsense version:
Version 2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19When i go to System - Package Manager - Installed Packages; it still shows "Package is configured but not (fully) installed. Should i be worried about that?
-
I'd remove (uninstall) the package using the trash can icon there and then install it again from the available packages tab.
-
i am still getting the same message. It says in the message that "Newer Version Available" even though i removed and reinstalled it. Should i remove it again and try to install it using console? if yes, could you please provide me the command line?
-
When you remove it, does it come out of that list?
From the command prompt you could try this:
pkg unlock openvpn-client-export pkg unlock pfSense-pkg-openvpn-client-export pkg delete -f openvpn-client-export pfSense-pkg-openvpn-client-export pkg install pfSense-pkg-openvpn-client-export
-
when i removed it from console, it did get disappear from Installed packages.
So i ran all the commands and reinstall the package but is still gives me the same message "Package is configure but not (fully) installed.
[2.3.4-RELEASE][admin@spartan.alpinelan.local]/root: pkg unlock openvpn-client-export
openvpn-client-export-2.4.2: already unlocked
[2.3.4-RELEASE][admin@spartan.alpinelan.local]/root: pkg unlock pfSense-pkg-openvpn-client-export
pfSense-pkg-openvpn-client-export-1.4.5: already unlocked
[2.3.4-RELEASE][admin@spartan.alpinelan.local]/root: pkg delete -f openvpn-client-export pfSense-pkg-openvpn-client-export
Checking integrity… done (0 conflicting)
Deinstallation has been requested for the following 2 packages (of 0 packages in the universe):Installed packages to be REMOVED:
    openvpn-client-export-2.4.2
    pfSense-pkg-openvpn-client-export-1.4.5Number of packages to be removed: 2
The operation will free 12 MiB.
Proceed with deinstalling packages? [y/N]: y
[1/2] Deinstalling pfSense-pkg-openvpn-client-export-1.4.5…
Removing openvpn-client-export components...
Loading package instructions...
[1/2] Deleting files for pfSense-pkg-openvpn-client-export-1.4.5: 100%
Removing openvpn-client-export components…
Configuration... done.
[2/2] Deinstalling openvpn-client-export-2.4.2…
[2/2] Deleting files for openvpn-client-export-2.4.2: 100%
[2.3.4-RELEASE][admin@spartan.alpinelan.local]/root: pkg install pfSense-pkg-openvpn-client-export
Updating pfSense-core repository catalogue…
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):New packages to be INSTALLED:
    pfSense-pkg-openvpn-client-export: 1.4.5 [pfSense]
    openvpn-client-export: 2.4.2 [pfSense]Number of packages to be installed: 2
The process will require 12 MiB more space.
Proceed with this action? [y/N]: y
[1/2] Installing openvpn-client-export-2.4.2…
[1/2] Extracting openvpn-client-export-2.4.2: 100%
[2/2] Installing pfSense-pkg-openvpn-client-export-1.4.5…
[2/2] Extracting pfSense-pkg-openvpn-client-export-1.4.5: 100%
Saving updated package information…
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Writing configuration... done.
-
So it's actually OK. That bit at the bottom is a legend that explains what various icons/colors mean.
-
Thank You @jimp!!
I really appreciate all your help and prompt replies.