Bug #13380
closed
OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
0%
Description
Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
remote server.domain.com 443 tcp
after upgrade to 22.05 or 22.09(DEV) you get
Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client
Pretty similar to https://redmine.pfsense.org/issues/10650
In the 22.01 such I didn't observe such behavior.
Can be solved by set tcp-client
remote server.domain.com 443 tcp-client
Updated by Kris Phillips over 1 year ago
Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead defines just tcp, tcp6 or tcp4.
Updated by Jim Pingle over 1 year ago
- Status changed from New to Feedback
- Plus Target Version deleted (
22.01)
Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), but I can't reproduce it in a client in base. The code in the linked issue is still in place and working, the resulting configuration file ends up with the correct tcp-client string in the remote directive.
If it's a problem in exported clients, as the comment seems to indicate, the issue needs moved to packages and the category updated to be the export package.
This may be a setting that needs to be tcp if the "legacy" option is ticked when exporting but "tcp-client" otherwise, or maybe the versions that allow "tcp" are so old we don't care about them, that's open for debate.
Updated by Danilo Zrenjanin over 1 year ago
Tested on the:
2.7.0-DEVELOPMENT (amd64) built on Fri Jul 29 06:15:24 UTC 2022 FreeBSD 12.3-STABLE
It seems to be an issue with the OpenVPN Export Utility. After exporting a client config file, the resulting configuration file ends up with tcp4,tcp6, or tcp in the remote directive.
remote 192.168.33.20 1194 tcp4
I haven't had any issues connecting to the server with tcp4 or tcp remote directive using Viscosity.
A client in the base ends up with tcp4-client in the remote directive.
remote 192.168.33.10 1194 tcp4-client
Updated by Jim Pingle over 1 year ago
- Project changed from pfSense to pfSense Packages
- Category changed from OpenVPN to OpenVPN Client Export
- Release Notes deleted (
Default)
Which version(s) of the OpenVPN binary are in place on the clients when they have problems / when they do not have problems?
Windows should be whatever version is installed, Viscosity sometimes has multiple you can select, either way check the client log and see what versions are when it works and when it doesn't.
Updated by Lev Prokofev over 1 year ago
In origin, the config was imported to 22.01.
With problems:
OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] [DCO] built on Jun 4 2022
library versions: OpenSSL 1.1.1n-freebsd 15 Mar 2022, LZO 2.10
Without problems:
OpenVPN 2.5.4 amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 13 2022
library versions: OpenSSL 1.1.1l-freebsd 24 Aug 2021, LZO 2.10
It's about only custom options for client and not about import utility
Seems the syntax is incorrect for OVPN 2.6.
Updated by Danilo Zrenjanin over 1 year ago
It's not a bug, then. The correct syntax must be manually entered in the Custom Options field in the OpenVPN base client configuration.
Updated by Danilo Zrenjanin over 1 year ago
- Status changed from Feedback to Not a Bug
pfSense has no impact on the entries defined in the custom options. Custom options must be updated manually. Not a bug.
Updated by Marcos M over 1 year ago
For reference, the option needs to be changes as follows:
22.01
remote <ip> <port> tcp
22.05 acting as client
remote <ip> <port> tcp-client