Project

General

Profile

Bug #10369

Remote OpenVPN server protocol definition

Added by Viktor Gurov 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN Client Export
Target version:
-
Start date:
03/23/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

An exact definition of the OpenVPN remote server protocol must be present,
Otherwise, it may try to establish a connection with the wrong version of IP protocol.

see https://redmine.pfsense.org/issues/10368

from openvpn(8):

--remote host [port] [proto]
              Remote host name or IP address.  On the client, multiple --remote options may be specified for redundancy,  each  re‐
              ferring  to  a  different OpenVPN server.  Specifying multiple --remote options for this purpose is a special case of
              the more general connection-profile feature.  See the <connection> documentation below.

              The OpenVPN client will try to connect to a server at host:port in the order specified by the list  of  --remote  op‐
              tions.

              proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp".

              For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.

History

#2 Updated by Jim Pingle 2 months ago

  • Status changed from New to Pull Request Review

#3 Updated by Renato Botelho about 2 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#4 Updated by Viktor Gurov about 2 months ago

  • Status changed from Feedback to Resolved

openvpn-client-export 1.4.21
IPv4/IPv6 tested
works as expected

#5 Updated by Viktor Gurov about 2 months ago

OpenVPN < 2.4 doesn't support remote IPv4/IPv6 protocol definition (udp4/udp6/tcp4/tcp6),
If checkbox Legacy Client is set, it must generate compatible config (udp/tcp).
see https://forum.netgate.com/topic/152577/pfsense-openvpn-client-export-problem

PR:
https://github.com/pfsense/FreeBSD-ports/pull/842

#6 Updated by Jim Pingle about 2 months ago

  • Status changed from Resolved to Pull Request Review

#7 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

#8 Updated by Viktor Gurov about 1 month ago

  • Status changed from Feedback to Resolved

1.4.22 - legacy client export is OK now

Also available in: Atom PDF