Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Export error about PKCS#11, auto-adding of explicit exit notify in client conf

    Scheduled Pinned Locked Moved CE 2.6.0 Development Snapshots (Retired)
    3 Posts 2 Posters 559 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      #1
      Error Message:

      9b9c249b-9677-448b-8560-e07a94d96fb6-image.png

      This message pops up with a simple OpenVPN RAS style server configured with User/Pass only(!). So no certificates should be used. But exporting a config throws this error around and fails.

      #2
      Wanted to export a simple user/pass only config to test, if the exported config still has "explicit exit notify" automatically set when it's a UDP server and if that option is disabled if one manually adds another remote statement via custom options.

      If not: that is still a big problem for various customers that are running bigger configurations of OpenVPN with fallback to a TCP-style server. Typical scenario: default dial in is UDP/1194, fallback is TCP/443. As the bigwigs don't like multiple VPN connections to choose from, put both / multiple remote statements in it to do an automatic fallback it the initial one fails (in bad hotel Wifis that block UDP). That worked up until 2.4.x and changed with the introduction of the auto added "explicit-exit-notify" for UDP servers in 2.5.x.

      Please consider adding an option to disable the auto-addiction! We have multiple customers with hundreds(!) of Client configs, that have to manually edit each and every file to remove the line so the users doesn't end up with an error message after their VPN deployment.

      Cheers
      \jens

      Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If there aren't already redmine entries for those, create them. A bug report for the first one, a feature request for the second.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        jimpJ 1 Reply Last reply Reply Quote 1
        • jimpJ
          jimp Rebel Alliance Developer Netgate @jimp
          last edited by

          The error appears to have been caused by the changes made to fix https://redmine.pfsense.org/issues/12475, and that issue was still open, so I will reuse that and commit a fix shortly.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.