Project

General

Profile

Bug #11368

OpenVPN Remote Access (User Auth)

Added by Danilo Zrenjanin 2 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
OpenVPN
Target version:
Start date:
02/04/2021
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:
Release Notes:
Default

Description

The OpenVPN service won't start if I choose Remote Access (User Auth) server mode.

Status>OpenVPN:

Unable to contact daemon


Status>System Logs>OpenVPN
Feb 4 09:08:26     openvpn     9667     WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Feb 4 09:08:26     openvpn     9667     Options error: --capath fails with '/var/etc/openvpn/server1/ca': No such file or directory (errno=2)
Feb 4 09:08:26     openvpn     9667     Options error: Please correct these errors.
Feb 4 09:08:26     openvpn     9667     Use --help for more information. 

Associated revisions

Revision 729a4540 (diff)
Added by Viktor Gurov 2 months ago

OpenVPN User Auth fix. Issue #11368

History

#1 Updated by Viktor Gurov 2 months ago

  • Priority changed from Normal to High

TLS parameters "dh, capath, cert, key" etc, is a mandatory for all modes except p2p_shared_key ('client')

revert #11272 and #11362 but keep #11336:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/121

#2 Updated by Renato Botelho 2 months ago

  • Assignee set to Viktor Gurov
  • Target version set to 2.5.0

PR has been merged. Thanks!

#3 Updated by Renato Botelho 2 months ago

  • Status changed from New to Feedback

#4 Updated by Max Leighton 2 months ago

  • Status changed from Feedback to Resolved

Tested with

2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE

Remote Access (User Auth) has the required options and the service is able to start. Seems the issue is resolved.

Also available in: Atom PDF