OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: scrensen on September 23, 2021, 12:23:11 pm
-
Hi all,
I just upgraded to 21.7.3 and I see it has tls-crypt support for OpenVPN.
So I headed over to my server config looking to enable tls-crypt and found an option under 'TLS Authentication' called 'enabled - authentication & encryption', which seemed the right option (Although not sure if this was there in a previous version or not).
So I select this option and press 'Save' and go back into the settings. And there I see that the option jumped back to 'Enabled - authentication only', which was the initial value.
Can't find anything in the logs that point in the right direction. Anyone any idea?
-
Exactly the same here for both of my existing servers, that option does not stick.
-
Not only existing servers, just tried a new one. Also does not stick.
-
If I remember correctly the configured options gets written to openvpn config file on the filesystem but next time you make changes the webui loads default value and if you forget to reconfigure it again and apply then the incorrect value will get saved.
I've encountered it for another openvpn option prior to 21.7.3
-
If I remember correctly the configured options gets written to openvpn config file on the filesystem but next time you make changes the webui loads default value and if you forget to reconfigure it again and apply then the incorrect value will get saved.
I've encountered it for another openvpn option prior to 21.7.3
Not here, freshly applied
root@OPNsense:~ # cat /var/etc/openvpn/server*.conf | grep tls
tls-server
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'OpenVPN' 1"
tls-auth /var/etc/openvpn/server1.tls-auth 0
tls-server
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'OpenVPN' 1"
tls-auth /var/etc/openvpn/server2.tls-auth 0
-
Sorry that's https://github.com/opnsense/core/commit/98e6d76d
# opnsense-patch 98e6d76d
Something wrong with the initial merge to master after testing.
Cheers,
Franco
-
Thanks!
Never had to patch before, so nice to finally do this :)
And it works!
-
Thanks for confirming. It's been hotfixed now and available as update to 21.7.3_1.
Cheers,
Franco