Project

General

Profile

Actions

Bug #10287

closed

OpenVPN TLS key direction value added to existing tunnels is 0.

Added by Steve Wheeler about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
02/24/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5
Affected Architecture:
All

Description

Resaving an existing OpenVPN client in 2.4.5 adds additional values to the config.
The key direction value is set to 0 rather than the default "Use default direction" which can break the tunnel.

Config diff after changing just the logging level:

--- /conf/backup/config-1582578464.xml    2020-02-24 21:13:43.736529000 +0000
+++ /conf/config.xml    2020-02-24 21:13:43.741334000 +0000
@@ -140,7 +140,7 @@
             <descr><![CDATA[Allow all ipv4+ipv6 via pfSsh.php]]></descr>
             <created>
                 <time>1582577816</time>
-                <username>pfSsh.php added allow all wan rule</username>
+                <username><![CDATA[pfSsh.php added allow all wan rule]]></username>
             </created>
         </rule>
     </filter>
@@ -256,8 +256,8 @@
     </widgets>
     <openvpn>
         <openvpn-client>
-            <auth_user>Test</auth_user>
-            <auth_pass>Test</auth_pass>
+            <auth_user><![CDATA[Test]]></auth_user>
+            <auth_pass><![CDATA[Test]]></auth_pass>
             <vpnid>1</vpnid>
             <protocol>UDP4</protocol>
             <dev_mode>tun</dev_mode>
@@ -280,6 +280,7 @@
             <crlref></crlref>
             <tls>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjZhNWIyNGJhNjBjZjcyYWRmODYzYzRmZDhmNjNhYmQyDQo3MmFiZThlYTNhMWE2NmNjZDY0MmEyZjE0Njk2NDY5Yw0KNjJlMDVhNmU4NmI5NjEzYjEwOTI1ZWQwYjRkMDcwNjUNCjdjZmQ5MTA0NDU1MjNmZmE4OGQyNzMyMjA3OWMyOTc1DQozMTRmNDMzNzU5YTFmYTRiZDg5ZTYxNDgzYTQ4ZjY4YQ0KZGZmYjRiYzUwZmE0ZTk1YzYyYjQ0ZTVjNTI2ODVmMTUNCjY0MmQyMzJjMGJiYzU5MzY2OWI2MTIxZjE2OTlhNTUyDQpmMWZiOTc3YzlmZjNkMzhmNWRiZGYxOWY1Y2Y2YTM2Mg0KNjUxYWVkOTcwMWM4OTllOTM0ZThiMDAzOWFhOGUwZGUNCmYwNWYwZTQ2MTMyNzFmOGFmY2I2N2ZmMjE0MWY1Y2FhDQpkNzhhZTUxYzFjNTU4YjRhYmIwOGIxN2Y3ZDExY2YyMQ0KMzg4MjlkODNhMDdlNWI1YzQ2YjczMDhlMTU4MjNiM2ENCjc2YmQ3OGQwMzE5ZWM0NTgyNDBlY2Y1YjYwZDkwOTIwDQoyZWQyNGRhNmE3NTNhZGI2OTlkOTAwOWU5OTU0N2UxZA0KZWJkODRlMmZkM2UwM2YyYjc1MDk4ZTg5MGU3YjU0ODcNCmI1ZTBhZTJlODgxODU2NGQ3NjdiM2YwMzZlZmU3MGEzDQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</tls>
             <tls_type>auth</tls_type>
+            <tlsauth_keydir>0</tlsauth_keydir>
             <crypto>AES-128-CBC</crypto>
             <digest>SHA256</digest>
             <engine>none</engine>
@@ -292,13 +293,21 @@
             <auth-retry-none></auth-retry-none>
             <passtos></passtos>
             <udp_fast_io></udp_fast_io>
+            <exit_notify>none</exit_notify>
             <sndrcvbuf></sndrcvbuf>
             <route_no_pull></route_no_pull>
             <route_no_exec></route_no_exec>
-            <verbosity_level>3</verbosity_level>
+            <verbosity_level>1</verbosity_level>
             <create_gw></create_gw>
             <ncp-ciphers>AES-128-GCM</ncp-ciphers>
             <ncp_enable>enabled</ncp_enable>
+            <ping_method>keepalive</ping_method>
+            <keepalive_interval>10</keepalive_interval>
+            <keepalive_timeout>60</keepalive_timeout>
+            <ping_seconds>10</ping_seconds>
+            <ping_action>ping_restart</ping_action>
+            <ping_action_seconds>60</ping_action_seconds>
+            <inactive_seconds>0</inactive_seconds>
         </openvpn-client>
     </openvpn>
     <dnshaper></dnshaper>
@@ -313,9 +322,9 @@
         <dnssecstripped></dnssecstripped>
     </unbound>
     <revision>
-        <time>1582578464</time>
-        <description><![CDATA[admin@172.21.16.5 (Local Database): Creating restore point before upgrade.]]></description>
-        <username>admin@172.21.16.5 (Local Database)</username>
+        <time>1582578823</time>
+        <description><![CDATA[admin@172.21.16.5 (Local Database): Updated OpenVPN client to server 172.21.16.86:1194 Test]]></description>
+        <username><![CDATA[admin@172.21.16.5 (Local Database)]]></username>
     </revision>
     <shaper></shaper>
     <cert>

Actions

Also available in: Atom PDF