OpenVPN Client Custom options looses formating
-
Hello All,
When creating an openvpn client on pfsense the "Custom Options" section looses its formatting and so you are unable to restart the client if need be. To get around this issue you need to go back into the openvpn client settings and fix the formatting in the "Custom Options" section. I have verified this behavior on my pfsense box 23.01. Below is an example:
Before stopping or disabling the openvpn service:
<tls-crypt>2048 bit OpenVPN static key (Server Agent)
-----BEGIN OpenVPN Static key V1-----
b59441d3e3bbd727b426502cc2adfc19
f9877862739c1fdad01092c4802c5f93
555eac5bc87a328e221b5fbe9c4c88c3
a75f217ccce98272e320d22e159a51c4
87e007d7ed3e07bc967a0b3ca4b709f2
7b3b9a71d2588a4c0a37a8c7bdcd04d3
d852ad703d98ded62ab2fc9cadf2126e
58332ab85a4694af76f4d4b785512fc0
ec570cb19fab5a6130372bc086a2ca7f
-----END OpenVPN Static key V1-----
</tls-crypt>And after:
<tls-crypt>#
2048 bit OpenVPN static key (Server Agent)
-----BEGIN OpenVPN Static key V1-----
b59441d3e3bbd727b426502cc2adfc19
ee473bc2f145a374b793bde97bc5d93f
e19ff8e87f6b6bcc8703425ecbf74261
a36bb5d931765746e820978aa899ea51
cad100f207043ae47dbcccd68f78dac4
8a2509251ecfae65a167fc1941797d79
97a80bb16e7db7a5831c8a3c8284a0b5
a75f217ccce98272e320d22e159a51c4
d852ad703d98ded62ab2fc9cadf2126e
58332ab85a4694af76f4d4b785512fc0
ec570cb19fab5a6130372bc086a2ca7f
-----END OpenVPN Static key V1-----</tls-crypt> -
Mine don't change ...
Btw : what do you mean ? Are you really adding key info into de custom block ?
And the fun/bonus question : why ?? "who told you to do that" ? ;) -
@gertjan
Thanks for getting back to me. Its for testing purposes using the openvpn client import package. It places this info into the custom options section. But even if I create the openvpn client manually this behavior still persist. -
@michaellacroix said in OpenVPN Client Custom options looses formating:
openvpn client import package
I've never used that pfSense package.
OpenVPN ovpn files : to much is in there, there are many "openvpn" versions out there, so allowed commands can vary.For exampe, my OpenVPN client has been set up 'manually' from a opvn file that came from Expr*ssVPN.
@michaellacroix said in OpenVPN Client Custom options looses formating:
It places this info into the custom options section
It shouldn't.
It shoud create an entry in the resulting OpenVPN client file with a line (line 4) like this :
... remote-cert-tls server capath /var/etc/openvpn/client3/ca cert /var/etc/openvpn/client3/cert key /var/etc/openvpn/client3/key tls-auth /var/etc/openvpn/client3/tls-auth 1 ....These 4 lines indicate the file names with the needed certificates / keys.
edit :
The file "/var/etc/openvpn/client3/tls-auth" contains :
-----BEGIN OpenVPN Static key V1----- 48d9999bd71095b10649c7cb471c1051 b1afdece597cea06909b99303a18c674 ... -
Thanks so much Gertjan,
Your response made the lightbulb go off in my head and the proper place for the TLS key and where the client import package should have placed it is here:
-
@michaellacroix
Exact
