Tls-auth [direction]



  • I'm trying to configure an OpenVPN client for a site-to-site VPN using pfSense 2.0.1. I've selected TLS Authentication and provided a static TLS key. The configuration file generated by pfSense (/var/etc/openvpn/client1.conf) contains the line:

    tls-auth /var/etc/openvpn/client1.tls-auth 1
    

    Where '1' specifies the 'direction'. Unfortunately, with a direction specified the tunnel fails to initialize (the server doesn't respond). If I stop the OpenVPN service, remove the '1' from the above configuration directive and restart the service, I'm up and running no problem (except for a bunch of 'write UDPv4: No buffer space available (code=55)' log entries - is that normal?).

    This workaround is poor solution, because if I use the GUI to update the client configuration or restart pfSense, the change I've made gets overwritten.

    Unfortunately, I have no control over the other end of the connection.

    Is there a way to remove the 'direction' from the tls-auth directive more… formally (or even just effectively)?


Log in to reply