Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Data Channel Offload (DCO) failure, service does not start after upgrade to version 22.05-RELEASE (amd64)

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gdpG
      gdp
      last edited by

      I've recently upgraded to version 22.05-RELEASE (amd64).
      The system is a Netgate/pfsense 5100

      After that, I can't start OpenVPN service anymore.
      In system logs, I found this:

      Process: php-fpm
      Message: /status_services.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/server1/config.ovpn'' returned exit code '1', the output was 'Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/server1/config.ovpn:2: disable-dco (2.5.4) Use --help for more information.'

      I've found this documentation https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html
      So, how can I get a workaround to this matter.

      Thanks in advance. Kind Regards

      gdpG 1 Reply Last reply Reply Quote 1
      • gdpG
        gdp @gdp
        last edited by

        @gdp

        Workaround 1st step.

        I've deleted the line disable-dco in /var/etc/openvpn/server1/config.ovpn. After that I can start the service from WebGUI/Command Prompt with the following command: /usr/local/sbin/openvpn --config '/var/etc/openvpn/server1/config.ovpn'. So, how can I prevent the system to write this line in config.ovpn?

        gdpG 1 Reply Last reply Reply Quote 1
        • gdpG
          gdp @gdp
          last edited by

          @gdp

          I've edited the file /etc/inc/openvpn.inc, and I've commented the instructions set between lines 950 and 952. This prevents the creation of the line disable-dco in config.ovpn and the service start without problem.

          Another thing I've found is that after upgrade, Data Encryption Algorithms in OpenVPN/Servers are changed too.

          1 Reply Last reply Reply Quote 2
          • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
          • gdpG gdp referenced this topic on
          • gdpG gdp referenced this topic on
          • gdpG gdp referenced this topic on
          • gdpG gdp referenced this topic on
          • F
            FlavienR
            last edited by

            Thank you gdp, you saved my evening !

            1 Reply Last reply Reply Quote 2
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              If you see this, your system did not fully complete the upgrade to 22.05. You should run pfSense-upgrade -dy from an SSH or serial console shell prompt.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              gdpG E 2 Replies Last reply Reply Quote 1
              • gdpG
                gdp @jimp
                last edited by gdp

                @jimp Hi,

                Thanks for your answer!

                1 Reply Last reply Reply Quote 0
                • E
                  Eyedol-X @jimp
                  last edited by

                  @jimp said in OpenVPN Data Channel Offload (DCO) failure, service does not start after upgrade to version 22.05-RELEASE (amd64):

                  If you see this, your system did not fully complete the upgrade to 22.05. You should run pfSense-upgrade -dy from an SSH or serial console shell prompt.

                  I had a fresh install from 2.6.0 > 22.01 > 22.05 and this issue appeared.

                  This was the solution to the issue.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.