Project

General

Profile

Actions
Copy link

Bug #12620

closed

OpenVPN client custom config options: Stripped newlines corrupt config file

Added by Doobie Brother over 3 years ago. Updated over 3 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

In the OpenVPN client config, in order to use tls-crypt-v2,

I uncheck "Leave TLS Key":
Cryptographic Settings -> TLS Configuration -> [ ] Use a TLS Key

Under Advanced Configuration -> Custom options, I insert the tls-crypt-v2 tag at the end of the custom config section, like so:

#only repeat logged warnings 3x:
mute 3

<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE
KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE
KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>

3) Click "Save"

The VPN goes up, and tls-crypt-v2 works!

HOWEVER, when I restart openvpn service, or restart PFSense, the VPN will not start, because the newline chars around the <tls-crypt-v2> tag have been stripped from the OpenVPN config, like so:

#only repeat logged warnings 3x:
mute 3<tls-crypt-v2>-----BEGIN OpenVPN tls-crypt-v2 client key-----
KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE
KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE
KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE_KEY_GOES_HERE
-----END OpenVPN tls-crypt-v2 client key-----</tls-crypt-v2>

In order to fix it, I have to re-enter the newlines, and re-save the config. This must be done every time I reboot.

Actions
Copy link

Also available in: Atom PDF