Unable to make a change to an existing (and running) openvpn client setup

jason0

Hello,

I have a running site to site vpn using openvpn. My main site is the Server, and the remote site is the Client. I just added a second CIDR block in the "IPv4 Remote Network(s)" on the remote fw, tried to save, and got the error "Password and confirmation must match." With only the Description field highlighted yellow.

Why would it be complaining of a password when there is no field for a password?

I should add that the present site-to-site connection functions correctly: I am connected to the remote fw via the vpn.

Settings: pfsense 2.4.4-RELEASE-p2
peer to peer (shared key)
udp on ipv4 only
tun mode
interface LAN (it's only a vpn gateway, there's no other connection)

Thank you for your time...

--jason

Rico

Post configuration screenshots and your client1.conf in /var/etc/openvpn

-Rico

jason0

contents of /var/etc/openvpn/client1.conf:

dev ovpnc1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.88.16
lport 0
management /var/etc/openvpn/client1.sock unix
remote fw.pedantia.ytivarg-hq.com 1194
ifconfig 192.168.90.2 192.168.90.1
route 192.168.92.0 255.255.254.0
secret /var/etc/openvpn/client1.secret
compress
resolv-retry infinite

The only changed line goes from "192.168.92.0/23" to "192.168.92.0/23, 192.168.90.16/28":

Which then produces the error screen, whereupon there was never a password requested, (nor its subsequent confirmation)

Derelict

The only thing I can think of is those password fields were somehow populated.

Try setting the VPN to Peer to Peer (SSL/TLS)

That should expose the username and password fields.

Clear them out and set it back to Peer to Peer (Shared Key) and save.

Might work.