Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BUG --- PF sense fails to boot when insufficient info provided with OpenVPN Client record

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 631 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattjoy
      last edited by

      I have witnessed several instances where pfsense will not start - system halts when loading the open vpn config on each entry that is incomplete. It took me a while to figure out what was happening but it appears that if you have an openvpn client defined with a username but null passwords the router will fail to reboot without a keystroke at the console.

      Same if you have a client without a certificate selected.

      Seems like the web interface should check for these issues before allowing a save - or the bood sequence should not halt just because it is waiting for openvpn info that wasnt provided through the GUI

      TO reproduce the error - VPN/OPENVPN/CLIENTS/EDIT

      create a client record - add a username but leave the password blank and save.
      OR
      create a record with a user and password but no certificate selected

      THEN reboot -
      During the boot sequence it will halt asking for AUTH Password on each incomplete openvpn client record... the only way to complete the boot is to provide keyboard input.

      Configuring LAN interface...done.
      Configuring CARP settings...done.
      Syncing OpenVPN settings...Enter Auth Password:
      Enter Auth Password:
      Enter Auth Password:
      done.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @mattjoy
        last edited by

        @mattjoy
        Did you set a check at Authentication Retry in the client config?

        1 Reply Last reply Reply Quote 0
        • M
          mattjoy
          last edited by

          The issue is not with clients reconnecting - the problem is that the operating system will not finish booting to where the network can connect if you have an Open VPN client configuration defined wrong.

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by

            https://redmine.pfsense.org/issues/10409

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 1
            • M
              mattjoy
              last edited by

              thank you - I didnt see that post

              1 Reply Last reply Reply Quote 0
              • M
                mattjoy
                last edited by

                I applied the latest patch but have not tested yet since it is a production firewall.

                I do note that the prior version also was allowing a client to be defined without a certificate also caused halts - this alternate way of failing to boot was not mentioned in the bugreport so may still be needed to check certificate is not null on the webform.

                https://redmine.pfsense.org/issues/10409

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Clients may not need a certificate if it's an auth-only setup. The client GUI can't know what the server expects, the user has to configure it properly. There is only so much foot-shooting the GUI can prevent.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.