OpenVPN Client Peer To Peer Shared Key Error w/RC1

AhnHEL

If I set a unique local port, the tunnel completes with

Initialization Sequence Completed

If I place a 0 in local port in order to get a dynamic port, I get the following:

Feb 14 01:59:29 openvpn[62233]: Use –help for more information.
Feb 14 01:59:29 openvpn[62233]: Options error: Bad local port number: 0

This is for the client side of a Site to Site Tunnel/Shared Key on the latest RC1 snap

2.0-RC1 (amd64)
built on Sun Feb 13 23:53:14 EST 2011

jimp

What if you just leave it blank?

What does the config file in /etc/openvpn/ look like?

jimp

Actually it looks like we backed down to OpenVPN 2.1.x last week to fix another issue, but that breaks lport 0, since that was added on the -devel branch where we were before. I'll see what we can do.

jimp

Give one of these a try:

32-bit (i386)

pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/32/openvpn-beta-2.2.b5.tbz

64-bit (amd64)

pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/64/openvpn-beta-2.2.b5.tbz

See if it works with the port blank or set to 0, connects ok, etc.

clarknova

pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/64/openvpn-beta-2.2.b5.tbz
Fetching http://cvs.pfsense.org/~jimp/ovpn/64/openvpn-beta-2.2.b5.tbz... Done.
Error: Unable to get http://cvs.pfsense.org/~jimp/ovpn/All/lzo2-2.04.tbz: Not Found
pkg_add: can't open dependency file '/var/db/pkg/lzo2-2.04/+REQUIRED_BY'!
dependency registration is incomplete

### ------------------------------------------------------------------------
###  Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
###  startup. See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
###  For compatibility notes when interoperating with older OpenVPN
###  versions, please, see <http: openvpn.net="" relnotes.html="">### ------------------------------------------------------------------------
###  NOTE THIS IS AN UNSTABLE BETA VERSION UNDER DEVELOPMENT!
###  It may or may not be suitable for production. Use at your own risk.
### ------------------------------------------------------------------------</http:> 

jimp

Hmm, odd, try doing a pkg_add -r http://cvs.pfsense.org/~jimp/ovpn/64/lzo2-2.04.tbz

clarknova

That worked with a blank port value.

jimp

ok… I had another report that it didn't work with someone's road warrior vpn server setup, so it may not be a good switch overall.

jimp

Hopefully this should be better on the current snapshot.

AhnHEL

Yes, working as before, thank you.