Project

General

Profile

Actions
Copy link

Bug #11368

closed

OpenVPN Remote Access (User Auth)

Added by Danilo Zrenjanin about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Viktor Gurov
Category:
OpenVPN
Target version:
2.5.0
Start date:
02/04/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:

Description

The OpenVPN service won't start if I choose Remote Access (User Auth) server mode.

Status>OpenVPN:

Unable to contact daemon

Status>System Logs>OpenVPN
Feb 4 09:08:26     openvpn     9667     WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Feb 4 09:08:26     openvpn     9667     Options error: --capath fails with '/var/etc/openvpn/server1/ca': No such file or directory (errno=2)
Feb 4 09:08:26     openvpn     9667     Options error: Please correct these errors.
Feb 4 09:08:26     openvpn     9667     Use --help for more information.

Actions
Copy link
 #1

Updated by Viktor Gurov about 3 years ago

  • Priority changed from Normal to High

TLS parameters "dh, capath, cert, key" etc, is a mandatory for all modes except p2p_shared_key ('client')

revert #11272 and #11362 but keep #11336:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/121

Actions
Copy link
 #2

Updated by Renato Botelho about 3 years ago

  • Assignee set to Viktor Gurov
  • Target version set to 2.5.0

PR has been merged. Thanks!

Actions
Copy link
 #3

Updated by Renato Botelho about 3 years ago

  • Status changed from New to Feedback
Actions
Copy link
 #4

Updated by Max Leighton about 3 years ago

  • Status changed from Feedback to Resolved

Tested with

2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE

Remote Access (User Auth) has the required options and the service is able to start. Seems the issue is resolved.

Actions
Copy link

Also available in: Atom PDF