Bug #16428
closed
OpenVPN does not add "Inter-client communication" to configuration for Peer-to-Peer SSL/TLS servers
100%
Description
The Inter-client communication option in the OpenVPN server configuration does not function properly .
The XML file shows yes if it's checked, but does not add the line client-to-client to the server config file at /var/etc/openvpn/server1.conf.
But, if I add "client-to-client" in the Advanced Configuration/Custom Options, the communication between clients works fine!
OS.: Similar bug had been reported at https://redmine.pfsense.org/issues/572)
Files
Updated by aleksei prokofiev about 1 month ago
Tested on
2.8.0-RELEASE (amd64)
built on Thu May 22 3:12:00 +04 2025
FreeBSD 15.0-CURRENT
25.07.1-RELEASE (amd64)
built on Wed Aug 20 16:17:00 +04 2025
FreeBSD 15.0-CURRENT
I can't reproduce the issue, as soon as I enable the "Inter-client communication" option it appears in the configuration.
Updated by Afonso Turcato about 1 month ago
- File clipboard-202509160810-0jgmk.png clipboard-202509160810-0jgmk.png added
- File clipboard-202509160810-jfvgi.png clipboard-202509160810-jfvgi.png added
- File clipboard-202509160811-ztiuj.png clipboard-202509160811-ztiuj.png added
- File clipboard-202509160814-6jm8k.png clipboard-202509160814-6jm8k.png added
- File clipboard-202509160815-c9iiw.png clipboard-202509160815-c9iiw.png added
- File clipboard-202509160816-g7cfh.png clipboard-202509160816-g7cfh.png added
- File clipboard-202509160818-bijwm.png clipboard-202509160818-bijwm.png added
- File clipboard-202509160819-zven3.png clipboard-202509160819-zven3.png added
- File clipboard-202509160821-cwtnk.png clipboard-202509160821-cwtnk.png added
aleksei prokofiev wrote in #note-1:
Tested on
2.8.0-RELEASE (amd64)
built on Thu May 22 3:12:00 +04 2025
FreeBSD 15.0-CURRENT25.07.1-RELEASE (amd64)
built on Wed Aug 20 16:17:00 +04 2025
FreeBSD 15.0-CURRENTI can't reproduce the issue, as soon as I enable the "Inter-client communication" option it appears in the configuration.
Tested ON
2.7.2 RELEASE (amd64)
I CAN reproduce the issue.
See the SCENARIOS below.
---------------------------------------------------------------------------------------------
SCENARIO 1 - communication between clients DOES NOT WORK
---------------------------------------------------------------------------------------------
SCENARIO 2 - communication between clients DOES NOT WORK
---------------------------------------------------------------------------------------------
SCENARIO 3 - communication between clients WORKS
---------------------------------------------------------------------------------------------
P.S: The same occurs with 2.8.0 version!
Updated by Jim Pingle about 1 month ago
What mode is the server set to use?
Can you share the contents of the server instance configuration in XML (you can redact/hide private info, but don't remove any tags completely)?
Looking at the code, it appears that the GUI offers that option when the mode is set to "Peer to Peer (SSL/TLS)" but the backend code doesn't add it when the server mode is set to that value.
If that is the case, this change should correct the behavior.
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index f4f1be71bb..7b5c9c3329 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -1146,6 +1146,7 @@ function openvpn_reconfigure($mode, $settings) {
}
switch ($settings['mode']) {
+ case 'p2p_tls':
case 'server_tls':
case 'server_user':
case 'server_tls_user':
Updated by Afonso Turcato about 1 month ago
- File OpenVPN_Server.xml OpenVPN_Server.xml added
Jim Pingle wrote in #note-3:
What mode is the server set to use?
Can you share the contents of the server instance configuration in XML (you can redact/hide private info, but don't remove any tags completely)?
Looking at the code, it appears that the GUI offers that option when the mode is set to "Peer to Peer (SSL/TLS)" but the backend code doesn't add it when the server mode is set to that value.
If that is the case, this change should correct the behavior.
[...]
See the attached file OpenVPN_Server.xml
Updated by Jim Pingle about 1 month ago
- Subject changed from OpenVPN Inter-client communication option doesn't work to OpenVPN does not add "Inter-client communication" to configuration for Peer-to-Peer SSL/TLS servers
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version set to 2.9.0
- Plus Target Version set to 25.11
- Affected Version changed from 2.8.0 to 2.8.x
Looks like that matches my suspicion, it isn't added to the configuration for Peer-to-Peer SSL/TLS servers. I was able to reproduce it here using that mode, and also confirmed that the patch I posted fixes it. I'll commit that momentarily.
Updated by Jim Pingle about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset f234af29d5105f4e034c6250772c8c2099fb2884.
Updated by Jim Pingle about 1 month ago
Now that the fix has been committed, you can install the System Patches package and then create an entry for f234af29d5105f4e034c6250772c8c2099fb2884 to apply the fix.
Updated by Georgiy Tyutyunnik about 1 month ago
- Status changed from Feedback to Resolved
changeset fixes the issue
tested on:
25.11-DEVELOPMENT (amd64)
built on Thu Sep 18 18:57:00 UTC 2025
FreeBSD 15.0-PRERELEASE