Unable to make a change to an existing (and running) openvpn client setup



  • Hello,

    I have a running site to site vpn using openvpn. My main site is the Server, and the remote site is the Client. I just added a second CIDR block in the "IPv4 Remote Network(s)" on the remote fw, tried to save, and got the error "Password and confirmation must match." With only the Description field highlighted yellow.

    Why would it be complaining of a password when there is no field for a password?

    I should add that the present site-to-site connection functions correctly: I am connected to the remote fw via the vpn.

    Settings: pfsense 2.4.4-RELEASE-p2
    peer to peer (shared key)
    udp on ipv4 only
    tun mode
    interface LAN (it's only a vpn gateway, there's no other connection)

    Thank you for your time...

    --jason


  • LAYER 8 Rebel Alliance

    Post configuration screenshots and your client1.conf in /var/etc/openvpn

    -Rico



  • contents of /var/etc/openvpn/client1.conf:

    dev ovpnc1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp4
    cipher AES-128-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.88.16
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote fw.pedantia.ytivarg-hq.com 1194
    ifconfig 192.168.90.2 192.168.90.1
    route 192.168.92.0 255.255.254.0
    secret /var/etc/openvpn/client1.secret
    compress
    resolv-retry infinite

    The only changed line goes from "192.168.92.0/23" to "192.168.92.0/23, 192.168.90.16/28":

    0_1549425899988_Screen Shot 2019-02-05 at 20.03.41.png

    Which then produces the error screen, whereupon there was never a password requested, (nor its subsequent confirmation)

    0_1549425893651_Screen Shot 2019-02-05 at 20.03.57.png


  • LAYER 8 Netgate

    The only thing I can think of is those password fields were somehow populated.

    Try setting the VPN to Peer to Peer (SSL/TLS)

    That should expose the username and password fields.

    Clear them out and set it back to Peer to Peer (Shared Key) and save.

    Might work.