OpenVPN problems

jimp · Jun 6, 2012, 8:25 PM

What shows up in the actual openvpn server config in /var/etc/openvpn?

And are these clients or servers in each of these cases?

mikesamo · Jun 6, 2012, 8:30 PM

Client for me

getting same message

Jun 6 07:44:55 openvpn[49428]: Use –help for more information.
Jun 6 07:44:55 openvpn[49428]: Options error: –client-connect requires --mode server

podilarius · Jun 6, 2012, 8:33 PM

It is a client for me as well.

Here is the config on client1.conf …. client2 is exactly the same only with different IPs.

dev ovpnc1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xx.xx.xx.xx
lport 0
management /var/etc/openvpn/client1.sock unix
remote yy.yy.yy.yy 1194
ifconfig zz.zz.zz.zz zz.zz.zz.aa
route cc.cc.cc.cc 255.255.255.0
secret /var/etc/openvpn/client1.secret 
comp-lzo

mikesamo · Jun 6, 2012, 8:34 PM

dev ovpnc2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 4.3.2.1
engine padlock
tls-client
client
lport 0
management /var/etc/openvpn/client2.sock unix
remote 1.2.3.4 1234
ca /var/etc/openvpn/client2.ca
cert /var/etc/openvpn/client2.cert
key /var/etc/openvpn/client2.key
tls-auth /var/etc/openvpn/client2.tls-auth 1
comp-lzo
resolv-retry infinite
verb 5
tun-mtu 1500
keysize 128
persist-key
fragment 1389
mssfix 1389

mikesamo · Jun 6, 2012, 8:42 PM

Ok I got it with comment theses 2 lines from the conf files

#client-connect /usr/local/sbin/openvpn.attributes.sh
#client-disconnect /usr/local/sbin/openvpn.attributes.sh

mikesamo · Jun 6, 2012, 8:44 PM

theses line are only for server config.

jimp · Jun 6, 2012, 8:46 PM

ok that's probably from the radius acl import that happened yesterday.

podilarius · Jun 6, 2012, 8:49 PM

Commented the lines out myself and the VPN connects. Was there a commit that put those in there?

podilarius · Jun 6, 2012, 8:51 PM

commit 1492e02 does this.

mikesamo · Jun 6, 2012, 8:53 PM

https://github.com/bsdperimeter/pfsense/commit/5b4ee05e58777606c988c099139adb25633b50c3

jimp · Jun 6, 2012, 8:58 PM

Fix commited, gitsync and it should be ok

mikesamo · Jun 6, 2012, 9:08 PM

seem to work after reboot thx!

podilarius · Jun 6, 2012, 9:12 PM

Thanks for fixing that. :-D

Cino · Jun 7, 2012, 1:28 AM

Thanks Jim!