Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN 2.4 update task, or pull-filter ignore

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dragoangelD
      dragoangel
      last edited by

      I have a question, when is planning to updating to OpenVPN 2.4 version?
      And the second part of post:
      Why I need 2.4 => I need use option for client connection:

      pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

      But now it not start client and shows error:

      Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn/client2.conf:31: pull-filter (2.3.17)

      Maybe somebody know another way to do this, because I don't. I know another way that work on OpenVPN 2.3.*:```
      route-nopull

      Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
      Unifi AP-AC-LR with EAP RADIUS, US-24

      1 Reply Last reply Reply Quote 0
      • dragoangelD
        dragoangel
        last edited by

        Maybe you can add functionality to add to static routes "Aliases" with multiple subnets in them? It can help me too… I'we then can create pfBlockerNG native list with whois domains that all time I need to route to VPN.

        Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
        Unifi AP-AC-LR with EAP RADIUS, US-24

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          OpenVPN 2.4 is in pfSense 2.4. (Both being 2.4 is simply a coincidence.)

          BETA snapshots

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • dragoangelD
            dragoangel
            last edited by

            Ok, thx. But I better wait for stable release. And what about alises in static routes? It would be nice function too.

            Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
            Unifi AP-AC-LR with EAP RADIUS, US-24

            1 Reply Last reply Reply Quote 0
            • B
              bPsdTZpW
              last edited by

              I also have encountered this issue. What occurs is that pfSense sometimes gloms the options together when OpenVPN is restarted, causing a syntax error. So

              pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

              becomes

              pull-filter ignore "ifconfig-ipv6"pull-filter ignore "route-ipv6"

              You can workaround this problem by adding a comment marker at the end of each affected line, like:

              pull-filter ignore "ifconfig-ipv6" #
pull-filter ignore "route-ipv6" #
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.