Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Custom options looses formating

    OpenVPN
    2
    6
    616
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michaellacroix
      last edited by

      Hello All,

      When creating an openvpn client on pfsense the "Custom Options" section looses its formatting and so you are unable to restart the client if need be. To get around this issue you need to go back into the openvpn client settings and fix the formatting in the "Custom Options" section. I have verified this behavior on my pfsense box 23.01. Below is an example:
      Before stopping or disabling the openvpn service:
      <tls-crypt>

      2048 bit OpenVPN static key (Server Agent)

      -----BEGIN OpenVPN Static key V1-----
      b59441d3e3bbd727b426502cc2adfc19
      f9877862739c1fdad01092c4802c5f93
      555eac5bc87a328e221b5fbe9c4c88c3
      a75f217ccce98272e320d22e159a51c4
      87e007d7ed3e07bc967a0b3ca4b709f2
      7b3b9a71d2588a4c0a37a8c7bdcd04d3
      d852ad703d98ded62ab2fc9cadf2126e
      58332ab85a4694af76f4d4b785512fc0
      ec570cb19fab5a6130372bc086a2ca7f
      -----END OpenVPN Static key V1-----
      </tls-crypt>

      And after:

      <tls-crypt>#

      2048 bit OpenVPN static key (Server Agent)

      -----BEGIN OpenVPN Static key V1-----
      b59441d3e3bbd727b426502cc2adfc19
      ee473bc2f145a374b793bde97bc5d93f
      e19ff8e87f6b6bcc8703425ecbf74261
      a36bb5d931765746e820978aa899ea51
      cad100f207043ae47dbcccd68f78dac4
      8a2509251ecfae65a167fc1941797d79
      97a80bb16e7db7a5831c8a3c8284a0b5
      a75f217ccce98272e320d22e159a51c4
      d852ad703d98ded62ab2fc9cadf2126e
      58332ab85a4694af76f4d4b785512fc0
      ec570cb19fab5a6130372bc086a2ca7f
      -----END OpenVPN Static key V1-----</tls-crypt>

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @michaellacroix
        last edited by

        @michaellacroix

        Mine don't change ...

        bd10ff26-ad69-4491-9c3c-2e1d5a1dd63b-image.png

        Btw : what do you mean ? Are you really adding key info into de custom block ?
        And the fun/bonus question : why ?? "who told you to do that" ? ;)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • M
          michaellacroix @Gertjan
          last edited by

          @gertjan
          Thanks for getting back to me. Its for testing purposes using the openvpn client import package. It places this info into the custom options section. But even if I create the openvpn client manually this behavior still persist.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @michaellacroix
            last edited by Gertjan

            @michaellacroix said in OpenVPN Client Custom options looses formating:

            openvpn client import package

            I've never used that pfSense package.
            OpenVPN ovpn files : to much is in there, there are many "openvpn" versions out there, so allowed commands can vary.

            For exampe, my OpenVPN client has been set up 'manually' from a opvn file that came from Expr*ssVPN.

            @michaellacroix said in OpenVPN Client Custom options looses formating:

            It places this info into the custom options section

            It shouldn't.

            It shoud create an entry in the resulting OpenVPN client file with a line (line 4) like this :

            ...
            remote-cert-tls server
            capath /var/etc/openvpn/client3/ca
            cert /var/etc/openvpn/client3/cert 
            key /var/etc/openvpn/client3/key 
            tls-auth /var/etc/openvpn/client3/tls-auth 1
            ....
            

            These 4 lines indicate the file names with the needed certificates / keys.

            edit :

            The file "/var/etc/openvpn/client3/tls-auth" contains :

            -----BEGIN OpenVPN Static key V1-----
            48d9999bd71095b10649c7cb471c1051
            b1afdece597cea06909b99303a18c674
            ...
            

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • M
              michaellacroix
              last edited by

              Thanks so much Gertjan,

              Your response made the lightbulb go off in my head and the proper place for the TLS key and where the client import package should have placed it is here:

              3f731402-abe3-4fb4-8182-a708ef0bbdc9-image.png

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @michaellacroix
                last edited by

                @michaellacroix
                Exact 👍

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.