Project

General

Profile

Actions

Bug #7214

closed

OpenVPN dh parameters above 4096 are not in /etc/

Added by Anonymous about 7 years ago. Updated about 7 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
02/04/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:

Description

In 2.3.2 (didn't check earlier versions) there is an option to select the dh parameter length when configuring a new server. This option includes values like 8192, which don't exist on the file system in /etc/.

According to this post from 2010 the options are only supposed to show up when the file is present.

https://forum.pfsense.org/index.php?topic=31156.0

The OpenVPN does not start properly since this file is missing when one of the higher parameters is specified.

Actions #1

Updated by Jim Pingle about 7 years ago

  • Status changed from New to Not a Bug

You have to make them yourself if you want to use the larger ones.

Non-existing entries are hidden on 3.Here is what shows on 2.4 once you click the "i" for more info:

And if the file doesn't exist, the number is not shown

Actions #2

Updated by Anonymous about 7 years ago

Sorry if I wasn't clear, and this very well could have been fixed already in 2.4.

The main issue on 2.3 is not that OpenVPN won't start, or that the files don't exist. On 2.3 all the values are available in the drop down, even the ones that don't exist, which is confusing for the user since it means that the service won't start and goes against what the documentation says.

The info added in 2.4 is definitely helpful, but again only if the non-existent values are actually hidden. I am going to be setting up my 2.4 box soon, I'll check it out when setting up my VPN config.

Thanks again,

Robbert

Actions #3

Updated by Kill Bill about 7 years ago

Duplicate of Bug #6962 and fixed in 2.4 as noted above. Move on.

Actions

Also available in: Atom PDF