Can't delete or edit OpenVPN connection!



  • I reistalled pfSense 1.2.3 on my server and restored configuration without package settings. Everything seems to work allright but not OpenVPN.
    I had an OpenVPN server configured before reinstallation and now when I restored all setting I can see this connection, but it has only port and protocol setup without any keys. As I tried to edit it a got another connection, which doesnt't work as it uses the same port as the initial one. Alsow I tried to delete the wrong "restored" connection but it simply doesn't disappear!

    Solved. I removed entries in <openvpnclient>and <openvpnserver>sections in /cf/conf/config.xml
    Then reloaded (http://doc.pfsense.com/index.php/How_can_I_reload_the_config_after_manually_editing_config.xml%3F) config and wrong enties have gone. Now my OpenVPN server accepts connections correctly.

    Still I don't know why there were errors in config.xml. Hope developers would check it out</openvpnserver></openvpnclient>


  • Rebel Alliance Developer Netgate

    I've seen that bug before but I've never been able to reliably reproduce it. It's usually a <config>tag in there somewhere that can't be removed.

    It's something particular to the package code, and in 1.2.3 OpenVPN is handled internally as a package (though it is permanently installed).

    In 2.0 this is a moot point as the handling of OpenVPN has changed completely.</config>



  • I found this thread after searching for issues similar to mine.

    I just made a completely fresh install and more or less immediately got similar problems(!).

    I made a fresh install of 1.2.3-RELEASE, added a few the necessary packages, like OpenVPN enhancements.

    In OpenVPN there was this one tunnel I hadn't created, that was not possible to remove.

    One of the problems I saw was that the weird tunnel I haven't set up was also not possible to remove. Moreover, I actually see another analogue entry in 'clients' tab that I haven't created either.

    I hadn't done anything, apart from maybe pressing the "+" and looking at the options and then moving withour pressing save anywhere.

    Also, when looking in config files of the one tunnel I did later add, it was NOT complete, at first. After having made some bogues additions to special config a lot of standard settings were suddenly added. The whole thing looked very weird. This is a decent hw, 2 GB RAM and a new install.

    What's up with this?

    Also, about the same time I got this weird error in Ffox that there was something wrong with the certificate for the web GUI, do know about that one, it worked a few hours earlier..

    Any file openvpn_* in /var/etc can be removed right? Also, why are the files there anyway, since having them there (like now after config reset) doesn't make them reappear in OpenVPN settings, since they are not added to config xml. AFAICT the certs etc are added in the xml?

    It might be handy to be able to copy files too, I have no objections really, I just want to be sure I undertand the setup well enough.

    I mean, one could get the idea that by directly putting tweaked files openvpn_* in /var/etc tunnels are added, but that't obviously not the case.

    TIA,


  • Rebel Alliance Developer Netgate

    The files in /var/etc should not be touched. They are created by the system from the data in the config, and those are what openvpn uses while it's running.

    As for the config entries that can't be deleted, there is a bug in 1.2.x that sometimes causes a stray "<config>" tag in certain areas. If the blank entries are a problem, just make a backup of the config, find the "<config>" tag under the openvpn server and client settings, remove that tag, and restore the edited config.</config></config>



  • @jimp:

    The files in /var/etc should not be touched. They are created by the system from the data in the config, and those are what openvpn uses while it's running.

    As for the config entries that can't be deleted, there is a bug in 1.2.x that sometimes causes a stray "<config>" tag in certain areas. If the blank entries are a problem, just make a backup of the config, find the "<config>" tag under the openvpn server and client settings, and restore the edited config.</config></config>

    Ok, thanks, will make a note of this.


Locked