OpenVPN Client Peer To Peer Shared Key Error w/RC1



  • If I set a unique local port, the tunnel completes with

    Initialization Sequence Completed

    If I place a 0 in local port in order to get a dynamic port, I get the following:

    Feb 14 01:59:29 openvpn[62233]: Use –help for more information.
    Feb 14 01:59:29 openvpn[62233]: Options error: Bad local port number: 0

    This is for the client side of a Site to Site Tunnel/Shared Key on the latest RC1 snap

    2.0-RC1 (amd64)
    built on Sun Feb 13 23:53:14 EST 2011


  • Rebel Alliance Developer Netgate

    What if you just leave it blank?

    What does the config file in /etc/openvpn/ look like?


  • Rebel Alliance Developer Netgate

    Actually it looks like we backed down to OpenVPN 2.1.x last week to fix another issue, but that breaks lport 0, since that was added on the -devel branch where we were before. I'll see what we can do.


  • Rebel Alliance Developer Netgate

    Give one of these a try:

    32-bit (i386)

    pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/32/openvpn-beta-2.2.b5.tbz
    

    64-bit (amd64)

    pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/64/openvpn-beta-2.2.b5.tbz
    

    See if it works with the port blank or set to 0, connects ok, etc.



  • 
    pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/64/openvpn-beta-2.2.b5.tbz
    Fetching http://cvs.pfsense.org/~jimp/ovpn/64/openvpn-beta-2.2.b5.tbz... Done.
    Error: Unable to get http://cvs.pfsense.org/~jimp/ovpn/All/lzo2-2.04.tbz: Not Found
    pkg_add: can't open dependency file '/var/db/pkg/lzo2-2.04/+REQUIRED_BY'!
    dependency registration is incomplete
    
    ### ------------------------------------------------------------------------
    ###  Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
    ###  startup. See /usr/local/etc/rc.d/openvpn for details.
    ### ------------------------------------------------------------------------
    ###  For compatibility notes when interoperating with older OpenVPN
    ###  versions, please, see <http: openvpn.net="" relnotes.html="">### ------------------------------------------------------------------------
    ###  NOTE THIS IS AN UNSTABLE BETA VERSION UNDER DEVELOPMENT!
    ###  It may or may not be suitable for production. Use at your own risk.
    ### ------------------------------------------------------------------------</http:> 
    

  • Rebel Alliance Developer Netgate

    Hmm, odd, try doing a pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/64/lzo2-2.04.tbz



  • That worked with a blank port value.


  • Rebel Alliance Developer Netgate

    ok… I had another report that it didn't work with someone's road warrior vpn server setup, so it may not be a good switch overall.


  • Rebel Alliance Developer Netgate

    Hopefully this should be better on the current snapshot.



  • Yes, working as before, thank you.


Log in to reply