Bug #16617
closed
OpenVPN Site to Site broken in 25.11
0%
Description
OpenVPN S2S configuration does not work in 25.11 and provides an error in logs of "Error: --client-to-client requires --mode server"
https://forum.netgate.com/topic/199646/upgrading-2100-to-25.11-breaks-openvpn-service-not-running
Files
Updated by Kris Phillips 28 days ago
- File S2SServer.png S2SServer.png added
- File S2SClient.png S2SClient.png added
- Status changed from New to Not a Bug
I'm unable to reproduce this. Setting up a /30 S2S OpenVPN with TLS and Cert works fine between two 25.11 appliances. Screenshots showing a successful connection attached in my lab environment.
This issue is likely a configuration problem. I would recommend opening a TAC ticket, if you have support, to dig into your issue.
Updated by Jim Pingle 27 days ago
Based on the forum thread the tunnels are set to Peer to Peer SSL/TLS but with a /30 tunnel network which as the error indicates does not include "mode server" because it is not a server style mode that can accommodate multiple clients.
If you are seeing that error you also have "Inter-client communication" checked which makes no sense for that configuration as there cannot be multiple clients per tunnel.
When we fixed #16428 it likely exposed that particular misconfiguration that had been working by sheer luck.