Cant install openvpn-client-export on 2.3.5
-
Trying to set up OpenVPN server on a pfsense box running 2.3.5.
Install of the openvpn-client-export package fails with the warning "Current pkg repository has a new PHP major version. pfSense should be upgraded before installing any new package."
That is fair enough - but this box is on nanobsd, so the upgrade to 2.4.x is not trivial. Due to Covid-19 lock-down I can't go onsite, but I have users that need VPN access.
Not familiar with the package system - but is there a way I can force it to install an older version of the package that will run on 2.3.5?
Appreciate any tips to work around this block at a difficult time.
RM
-
2.3.5 is EOL since October 31, 2018
I'm not aware of any way to install online packages to this old versions, sorry.
If you are really in trouble now an not able to replace this box you could create the OpenVPN client configs manually. Very kinky and with a lot of users a nightmare for sure.-Rico
-
@rjmead said in Cant install openvpn-client-export on 2.3.5:
but is there a way I can force it to install an older version of the package that will run on 2.3.5?
Don't force it !!!
The PHP version used is probably 7.2 - and if you import that into your 32 bits pfSense you will break "close to everything".
If your current device can't support 2.4.4, take it out of the network.
Use whatever PC you can put your hands on (should be easy - colleges at work are probably not present anyway, just serve yourself - explain afterwards).
Choose the PC that has the same number of interface as your nanobsd uses - the number of interfaces you need to have.
Now
=> Take out the hard disk. Put in a new one, and install pfSense 2.4.4-p3 bare bone, set up, go home.
or
=> Found a Windows 10 Pro ? If so, activate Hyper-X, create a VM, assign interfaces - install pFsense, set it up. Go home.Most of this can be prepared in advance, although you have to go over to the place where the nanobsd is installed to put in place.
Take note : 2.3.5 uses an old OpenVPN version (probably less secure).
The old, matching client OpenVPN program can be downloaded from the Internet - recent versions will probably not work with your old OpenVPN. So, check that out.The "openvpn-client-export" isn't really needed to set up an OpenVPN to pfSense : all can be done manually.
The client VPN settings have to matche the OpenVPN server settings. That's all. -
@Gertjan - Thanks for the suggestions - but hardware isn't the issue. I have an entire hardware backup available if needed.
But all those things require going onsite - which ignores the reality of a coronavirus lockdown where I cannot travel to the site. Nor can colleagues - but they do need to access files on a shared drive to continue their work under these fairly exceptional circumstances.
What I find frustrating is that my home firewall is the same hardware that happens to be running 2.3.2-RELEASE-p1. That installs the openvpn-client-export package just fine. So the package repository with the compatible version for 2.3.x is out there - but 2.3.5 is configured to point at a repository holding incompatible packages - which just seems like poor branch maintenance (especially when support for nanoBSD was discontinued in 2.4.x).
Incidentally my pfsense is amd64, not 32-bit. So I know it is theoretically possible to upgrade it to 2.4.x - but requires replacing nanoBSD and it doesn't look as though that is a process that can be done safely when you only have remote access.
Yes - I guess I could spend a ton of time trying to configure the OpenVPN client manually. But that wont deliver a process I can roll out to non-technical users stuck in their homes.
RM
-
@rjmead said in Cant install openvpn-client-export on 2.3.5:
but 2.3.5 is configured to point at a repository holding incompatible packages -
I don't recall, but was there not an option for 2.3.5 to be 32 or 64 bits ?
You can't mix them, That's for sure.@rjmead said in Cant install openvpn-client-export on 2.3.5:
.... work under these fairly exceptional circumstances.
I know.
Where I live (France) we have to stay at home.
And because it France, they created as many exceptions as there are French people, which guarantees that this new law applies to every one (better : I'm not joking here - this is France).
So, because our government also doesn't want to kill the economy (=read : so that our phones are still ringing, that we can eat, Netflix still works etc) they allow 'needed' people to go home<-> work But no kisses, no hugs (......)
So, I'm at work, I take care of my pfSense company box, among others. So that other can VPN-in and do their jobs at home (room maids, the kitchen people, waitresses etc - I work at a hotel).The thing is : VPN settings and maintenance can't really be done from the outside. The smallest mistake in a setting and your pfSense shuts down the connecting, locking everybody out.
