Openvpn wont start



  • I upgrade from 1.2.3 to 2.0beta and now openvpn wont start.  I get the following error in the logs

    Dec 29 09:14:46 openvpn[28771]: NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
    Dec 29 09:14:46 openvpn[28771]: OpenVPN 2.1_rc20 i386-portbld-freebsd8.0 [SSL] [LZO2] built on Dec 27 2009
    Dec 29 08:58:57 openvpn[24939]: Exiting
    Dec 29 08:58:57 openvpn[24939]: script failed: external program fork failed
    Dec 29 08:58:57 openvpn[24939]: openvpn_execve: external program may not be called unless '–script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info.



  • In the upgrade a newer version of openvpn is included so you have to add the following line to the advanced configuration box in order for it to run.

    script-security 2

    Also, if you happened to use LZO compression in 1.2.3, that setting does not transfer over to 2.0 so double check to make sure that if you require it that it is indeed checked.

    ![Screen shot 2009-12-29 at 1.20.54 PM.png](/public/imported_attachments/1/Screen shot 2009-12-29 at 1.20.54 PM.png)
    ![Screen shot 2009-12-29 at 1.20.54 PM.png_thumb](/public/imported_attachments/1/Screen shot 2009-12-29 at 1.20.54 PM.png_thumb)



  • thanks, I knew it was something simple, but I just didn't know where the setting needed to be applied.  That seems to have fixed it.

    Xz


  • Rebel Alliance Developer Netgate

    I committed a fix for this just now, so it should be ok in future snapshots.

    https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/c221e54917e074e399428067031f920c112ff6a7


  • Rebel Alliance Developer Netgate

    @onhel:

    Also, if you happened to use LZO compression in 1.2.3, that setting does not transfer over to 2.0 so double check to make sure that if you require it that it is indeed checked.

    That should be entered into a ticket on http://redmine.pfsense.org if you have more details about that.

    Definitely a bug, all settings should carry over.


Log in to reply