pfSense

Pull Request https://github.com/pfsense/pfsense/pull/3537

Actually I think it could be done just by cherry-picking https://github.com/pfsense/pfsense/commit/6f17547aaa073ca460c8bbd8dc1dc5c12922b76d which updated the code that parses this stuff, so it knows the field order that comes from the new OpenVPN output.

At the moment the field is displaying one of the byte counts, so it will be completely misleading to leave it like that. I think this should have higher priority than "low" and should be fixed between RC1 and RC2 or RELEASE.

I didn't test architecture 'all' but likely yes.. As for priority, its a display issue, actual functionality of the openvpn works okay so i chose 'low' there. It really doesn't matter much but would be nice to have fixed which is why i did set 2.3.3 as a target. Feel free to modify fields as deemed appropriate.

I didn't notice that OpenVPN 2.4 was on pfSense 2.3.3. That means there are probably more OpenVPN 2.4-isms to account for than just this, like the fact that NCP will be on by default and syntax changes like #7073 and #7062

I'd say step it down to OpenVPN 2.3 but in the FreeBSD ports tree they have the OpenVPN 2.3 port marked as deprecated and scheduled for expiration next month so that's probably not a good long-term plan.

We're moving 2.3.3 back to OpenVPN 2.3 since it appears to be the path of least disruption.

so if someones on 2.3.3 with opnvpn 2.4 will change back to 2.3 have ramifications ??

No, it will work fine for everyone (Well, 99.999%). OpenVPN won't have any compatibility issues between the two. It will actually be better since pfSense 2.3.3 snapshots do not have any code to handle changes in OpenVPN 2.4 like deprecated syntax, status output changes (like this), NCP would make your connecting cipher selection unpredictable, etc, etc.

It's a good move in this case to back it down.

Only someone who manually put OpenVPN 2.4-specific directives in the advanced options on a 2.3.3 snapshot would have a problem.