pfSense

Starting with OpenVPN 2.7, OpenVPN has further moved to deprecate shared key tunnels. OpenVPN will fail to start with a shared key setup without a new directive acknowledging the deprecation:

allow-deprecated-insecure-static-crypto

Recent development snapshot builds now include OpenVPN 2.7.x, so existing shared key tunnels are failing to start.

This small change works around it and allows it to continue functioning.

diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 23fce38576..7d52119566 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -1319,6 +1319,7 @@ function openvpn_reconfigure($mode, $settings) {
        // Write the settings for the keys
        switch ($settings['mode']) {
                case 'p2p_shared_key':
+                       $conf .= "allow-deprecated-insecure-static-crypto\n";
                        openvpn_add_keyfile($settings['shared_key'], $conf, $mode_id, "secret");
                        break;
                case 'p2p_tls':

Shared Key mode will be completely removed from OpenVPN 2.8, so users should migrate to TLS configurations ASAP.