Bug #7214
closedOpenVPN dh parameters above 4096 are not in /etc/
0%
Description
In 2.3.2 (didn't check earlier versions) there is an option to select the dh parameter length when configuring a new server. This option includes values like 8192, which don't exist on the file system in /etc/.
According to this post from 2010 the options are only supposed to show up when the file is present.
https://forum.pfsense.org/index.php?topic=31156.0
The OpenVPN does not start properly since this file is missing when one of the higher parameters is specified.
Updated by Jim Pingle about 7 years ago
- Status changed from New to Not a Bug
You have to make them yourself if you want to use the larger ones.
Non-existing entries are hidden on 3.Here is what shows on 2.4 once you click the "i" for more info:
And if the file doesn't exist, the number is not shown
Updated by Anonymous about 7 years ago
Sorry if I wasn't clear, and this very well could have been fixed already in 2.4.
The main issue on 2.3 is not that OpenVPN won't start, or that the files don't exist. On 2.3 all the values are available in the drop down, even the ones that don't exist, which is confusing for the user since it means that the service won't start and goes against what the documentation says.
The info added in 2.4 is definitely helpful, but again only if the non-existent values are actually hidden. I am going to be setting up my 2.4 box soon, I'll check it out when setting up my VPN config.
Thanks again,
Robbert
Updated by Kill Bill about 7 years ago
Duplicate of Bug #6962 and fixed in 2.4 as noted above. Move on.