• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot save Interface settings (PPPoE Password and confirmed password must match)

Scheduled Pinned Locked Moved General pfSense Questions
20 Posts 3 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    Taz79
    last edited by Taz79 Apr 4, 2019, 7:58 AM Apr 4, 2019, 7:56 AM

    Hardware: Netgate SG-1100

    When trying to save settings for a new interface for a VPN tunnel i get the following error:

    The following input errors were detected:
    PPPoE Password and confirmed password must match!

    There is no settings for this.. Is there a quick workaround for this error?

    06d14349-3db7-4c88-9b9d-95d5e59a16f4-image.png

    1 Reply Last reply Reply Quote 0
    • G
      Grimson Banned
      last edited by Apr 4, 2019, 9:47 AM

      https://forum.netgate.com/topic/140917/interface-assignment-error-openvpn-or-gree-interface-type next time don't be lazy and use the search page yourself.

      1 Reply Last reply Reply Quote 0
      • T
        Taz79
        last edited by Apr 4, 2019, 2:44 PM

        I did search for a solution but only found another thread that did not work for me, i used google search though since normal forum search engines normally suck.

        I googled a long time for the error so you cannot blame me for being lazy 🐷

        Infact it might have been the auto logon feature that somehow interfeared with it.. Strange.. And very strange error message? How come it complain about PPPoE when there is no configuration for it?

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by stephenw10 Apr 4, 2019, 3:11 PM Apr 4, 2019, 3:10 PM

          Have you ever configured a PPPoE connection there? Or any PPP?

          I suspect it may have some setting remaining in the config against OPT1. Try looking in the config file directly in /conf/config.xml at the OPT1 settings.

          But yeah it could also be your browser auto filling a form field that is usually hidden unless you select PPPoE as the connection type.

          Steve

          1 Reply Last reply Reply Quote 0
          • T
            Taz79
            last edited by Taz79 Apr 5, 2019, 6:31 PM Apr 5, 2019, 6:26 PM

            @stephenw10
            No I have never ever used or configured a PPPoE connection :)

            Yes, no idea to put more effort into this. I guess it was the auto fill feature. I have turned it off now to be sure. It wanted to fill the MAC address field with my login name i noticed but i always removed it before i saved the settings. But maybe it filled some hidden field as you said.

            Here is what the config.xml say about my OPT1 interface

            <opt1>
            <descr><![CDATA[VPN]]></descr>
            <if>ovpnc3</if>
            <blockpriv></blockpriv>
            <blockbogons></blockbogons>
            <spoofmac></spoofmac>
            <enable></enable>
            </opt1>

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by Apr 5, 2019, 6:31 PM

              That looks fine. Looks like it was a browser autofill issue.

              I've been caught out by that from the LastPass browser plugin before.

              Steve

              T 1 Reply Last reply Apr 5, 2019, 6:32 PM Reply Quote 0
              • T
                Taz79 @stephenw10
                last edited by Taz79 Apr 5, 2019, 6:33 PM Apr 5, 2019, 6:32 PM

                @stephenw10 Ok. Thanks for the help! :) I have learned something new :)

                Now i have to try to fix my VPN port forward that goes back out over my WAN link instead. Reading pfsense documentations and threads about the issue for 2 days now :)

                1 Reply Last reply Reply Quote 0
                • S
                  stephenw10 Netgate Administrator
                  last edited by stephenw10 Apr 5, 2019, 6:43 PM Apr 5, 2019, 6:43 PM

                  I don't see a thread about that but I'd guess it's because you either don't have the OpenVPN interface assigned or you do but have pass rules on the main OpenVPN tab rather than the new interface tab. You need to pass the traffic on the assigned interface to get the required 'reply-to' tag on the rule. Otherwise replies will use the default system route.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • T
                    Taz79
                    last edited by Apr 5, 2019, 6:48 PM

                    @stephenw10
                    I have not created a thread about it since there is so many already. But none match my issue so i think i will. I must have missed something.. but i have gone over it so many times now..

                    I have a interface assigned (OPT1 renamed to VPN). I had a pass rule there and when i did a port forward it seems to add the rules in there also..

                    a2de459e-8043-4b17-88b4-3c1b0b8d2fd3-image.png

                    1 Reply Last reply Reply Quote 0
                    • S
                      stephenw10 Netgate Administrator
                      last edited by Apr 5, 2019, 6:51 PM

                      Be sure there are no rules that will pass it on the OpenVPN tab as they are applied first and will not add the reply-to tag.

                      Also make sure to clear any open states between tests as it may not be using the new rules otherwise.

                      Steve

                      T 1 Reply Last reply Apr 5, 2019, 6:56 PM Reply Quote 0
                      • T
                        Taz79 @stephenw10
                        last edited by Taz79 Apr 5, 2019, 6:57 PM Apr 5, 2019, 6:56 PM

                        @stephenw10
                        Ahh! Open states! That one i did forgot! Thanks! will test otherwise i will create a thread about it.
                        OpenVPN tab is used for another VPN tunnel though. On that one i have specified 2 remote (internal) networks that traffic will be routed too. That one has a "allow all" rule also.

                        1 Reply Last reply Reply Quote 0
                        • S
                          stephenw10 Netgate Administrator
                          last edited by Apr 5, 2019, 6:58 PM

                          Yeah, you can't have an 'allow all' style open rule on the OpenVPN tab. If you have unassigned other OpenVPN instances just make sure to specify source subnets there so it doen't match traffic that needs to be passed on the assigned interface tab.

                          Steve

                          T 1 Reply Last reply Apr 5, 2019, 7:29 PM Reply Quote 0
                          • T
                            Taz79 @stephenw10
                            last edited by Apr 5, 2019, 7:29 PM

                            @stephenw10

                            Ohhh.. i had to read your comment several times to understand it.. So if i have 2 OpenVPN tunnels the openvpn tab will match traffic for both tunnels even if one openvpn tunnel is assigned to an interface (VPN)?

                            I also noticed i had a allow all on the VPN tab, and removed that now.

                            So i have 2 OpenVPN tunnels.

                            1 tunnel goes to a LAB environment at my work (Network there is 10.52.0.0 and 10.51.0.0)
                            1 tunnel goes to "internet" via a VPN provider.. This tunnel is assigned an interface called VPN.

                            Are you saying the "internet" VPN tunnel will also use rules on the "OpenVPN" tab even if i assigned it an interface (VPN) ?

                            My OpenVPN tunnel to the LAB has this settings:
                            7867c537-7b4f-4f9b-9382-216c95f101eb-image.png

                            G 1 Reply Last reply Apr 5, 2019, 7:32 PM Reply Quote 0
                            • G
                              Grimson Banned @Taz79
                              last edited by Apr 5, 2019, 7:32 PM

                              @Taz79 said in Cannot save Interface settings (PPPoE Password and confirmed password must match):

                              Are you saying the "internet" VPN tunnel will also use rules on the "OpenVPN" tab even if i assigned it an interface (VPN) ?

                              https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-traffic-filtering.html

                              T 1 Reply Last reply Apr 5, 2019, 7:33 PM Reply Quote 0
                              • T
                                Taz79 @Grimson
                                last edited by Taz79 Apr 5, 2019, 7:34 PM Apr 5, 2019, 7:33 PM

                                @Grimson
                                ohhhhhhhh :)

                                I like how you instead of typing an answer paste links ;) I will try it by removing all the rules in the OpenVPN tab..

                                G 1 Reply Last reply Apr 5, 2019, 7:35 PM Reply Quote 0
                                • G
                                  Grimson Banned @Taz79
                                  last edited by Apr 5, 2019, 7:35 PM

                                  @Taz79 said in Cannot save Interface settings (PPPoE Password and confirmed password must match):

                                  I like how you instead of typing an answer paste links ;)

                                  Why should I write things again that are already written in the documentation. That would be wasted time.

                                  1 Reply Last reply Reply Quote 1
                                  • T
                                    Taz79
                                    last edited by Taz79 Apr 5, 2019, 7:55 PM Apr 5, 2019, 7:47 PM

                                    WOHO! It's working now! ..
                                    So what was happening if i understand this correctly was that incoming traffic from my "internet" VPN was matched by the OpenVPN rule.. So the forwarded port from my internet VPN, where does that get sent if it encounter an "allow all" rule? Since its coming from the internet it would not know where to go?

                                    @stephenw10 where do i send the beer keg? :D Give me your BTC address :) :)
                                    I have been over the rules, port forwards and LAN rules over and over and could for my life not understand how it could not work... lol ...

                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      Taz79
                                      last edited by Apr 5, 2019, 8:04 PM

                                      @Grimson must thank you also for the link ;)

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        stephenw10 Netgate Administrator
                                        last edited by Apr 5, 2019, 11:02 PM

                                        Yes, rules on the OpenVPN tab get applied to all incoming traffic coming over OpenVPN and they get applied before and specific rules for assigned OpenVPN interfaces. The behaviour is the same as interface groups and the interfaces in those groups but most people never use interface groups so never hit that. 😉

                                        Traffic coming on on the port forward was hitting the allow all rule on the OpenVPN tab and would have been correctly forwarded to the target. But because it does not get tagged 'reply-to' the replies from the target just go back out the system default route, usually the WAN, so the connection fails.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • T
                                          Taz79
                                          last edited by Apr 5, 2019, 11:44 PM

                                          @stephenw10
                                          Ok and that was exactly what i observed :) Thanks again!

                                          1 Reply Last reply Reply Quote 0
                                          1 out of 20
                                          • First post
                                            1/20
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received