OpenVPN settings changed to default after upgrade 2.2.4

  • Does anyone have this issue? After the upgrade to 2.2.4, the altered settings from my OpenVPN server were changed backed to default:

    cipher AES-256-CBC > AES-128-CBC
    auth SHA256 > SHA1
    DH parameter Length 2048 > 1024

    It's no biggie to change it back, but this has never happend to me in any upgrade from PfSense.

  • No problems here, I've done 6 systems so far all with OpenVPN and no issues to report.

    My biggest OpenVPN system has 27 Clients and 7 Servers on one pfSense bare metal box - upgraded with no OpenVPN issues at all.

  • LAYER 8 Global Moderator

    no issues here as well..  It makes no sense to alter those settings to default on an upgrade, but keep all your other settings??

  • Banned

    Nothing changed here either.

  • Nothing in the OpenVPN config is touched on upgrade.

    Go to Diag>Backup/restore, Config History tab, and check your revision history. If it goes back far enough, you'll see where it was changed and by whom.

  • Well, that's weird then. Like I said, it's changed within a minute, but I found it very strange that this happend. Never happend with all the upgrades I did since 1.xx

    @chris, checked the history. My change to put the settings back is there, but no other change on OpenVPN is logged here. I'll blame my Minions for this ;)

  • Can download the oldest config available in the history and see how it was set in there if you haven't already. That's likely before the upgrade, so you'll at least see it's been that way since before.


    I'll blame my Minions for this ;)

    Pretty much a certainty. :) Every time we've had a "my config settings changed after upgrade!" support case along these lines, that's been the ultimate root cause. Show them their config history and that username@ <ip>actually made that change at X time on Y date, pre-dating the upgrade. Sometimes it was so long before the upgrade that the change isn't there, but the oldest revision proves it was set that way well before the upgrade.</ip>

Log in to reply