Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to make a change to an existing (and running) openvpn client setup

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 534 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jason0
      last edited by

      Hello,

      I have a running site to site vpn using openvpn. My main site is the Server, and the remote site is the Client. I just added a second CIDR block in the "IPv4 Remote Network(s)" on the remote fw, tried to save, and got the error "Password and confirmation must match." With only the Description field highlighted yellow.

      Why would it be complaining of a password when there is no field for a password?

      I should add that the present site-to-site connection functions correctly: I am connected to the remote fw via the vpn.

      Settings: pfsense 2.4.4-RELEASE-p2
      peer to peer (shared key)
      udp on ipv4 only
      tun mode
      interface LAN (it's only a vpn gateway, there's no other connection)

      Thank you for your time...

      --jason

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Post configuration screenshots and your client1.conf in /var/etc/openvpn

        -Rico

        1 Reply Last reply Reply Quote 0
        • J
          jason0
          last edited by

          contents of /var/etc/openvpn/client1.conf:

          dev ovpnc1
          verb 1
          dev-type tun
          dev-node /dev/tun1
          writepid /var/run/openvpn_client1.pid
          #user nobody
          #group nobody
          script-security 3
          daemon
          keepalive 10 60
          ping-timer-rem
          persist-tun
          persist-key
          proto udp4
          cipher AES-128-CBC
          auth SHA256
          up /usr/local/sbin/ovpn-linkup
          down /usr/local/sbin/ovpn-linkdown
          local 192.168.88.16
          lport 0
          management /var/etc/openvpn/client1.sock unix
          remote fw.pedantia.ytivarg-hq.com 1194
          ifconfig 192.168.90.2 192.168.90.1
          route 192.168.92.0 255.255.254.0
          secret /var/etc/openvpn/client1.secret
          compress
          resolv-retry infinite

          The only changed line goes from "192.168.92.0/23" to "192.168.92.0/23, 192.168.90.16/28":

          0_1549425899988_Screen Shot 2019-02-05 at 20.03.41.png

          Which then produces the error screen, whereupon there was never a password requested, (nor its subsequent confirmation)

          0_1549425893651_Screen Shot 2019-02-05 at 20.03.57.png

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            The only thing I can think of is those password fields were somehow populated.

            Try setting the VPN to Peer to Peer (SSL/TLS)

            That should expose the username and password fields.

            Clear them out and set it back to Peer to Peer (Shared Key) and save.

            Might work.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.