pfSense

When trying to use a 3072-bit Diffie-Hellman parameter with the OpenVPN server, the following error is logged and the OpenVPN service fails to start:

Nov 24 14:05:55    openvpn    75899    Options error: --dh fails with '/etc/dh-parameters.3072': No such file or directory

It appears that pfSense fails to generate non-standard Diffie-Hellman parameters, even when they are selected for use by OpenVPN and shown in the OpenVPN Diffie-Hellman options dropdown menu.

Restarting pfSense or OpenVPN does not resolve the error.

Manually generating the missing parameter file resolves the issue:

/usr/bin/openssl dhparam 3072 > /etc/dh-parameters.3072

Tested on 2.3.2-RELEASE-p1, but likely present in other versions as well.

Is this the expected behavior or a bug? Having OpenVPN crash when certain dropdown options are selected seem non-ideal.