Bug #16617
closed
OpenVPN Site to Site broken in 25.11
0%
Description
OpenVPN S2S configuration does not work in 25.11 and provides an error in logs of "Error: --client-to-client requires --mode server"
https://forum.netgate.com/topic/199646/upgrading-2100-to-25.11-breaks-openvpn-service-not-running
Files
Updated by Kris Phillips about 2 months ago
- File S2SServer.png S2SServer.png added
- File S2SClient.png S2SClient.png added
- Status changed from New to Not a Bug
I'm unable to reproduce this. Setting up a /30 S2S OpenVPN with TLS and Cert works fine between two 25.11 appliances. Screenshots showing a successful connection attached in my lab environment.
This issue is likely a configuration problem. I would recommend opening a TAC ticket, if you have support, to dig into your issue.
Updated by Jim Pingle about 2 months ago
Based on the forum thread the tunnels are set to Peer to Peer SSL/TLS but with a /30 tunnel network which as the error indicates does not include "mode server" because it is not a server style mode that can accommodate multiple clients.
If you are seeing that error you also have "Inter-client communication" checked which makes no sense for that configuration as there cannot be multiple clients per tunnel.
When we fixed #16428 it likely exposed that particular misconfiguration that had been working by sheer luck.