Hi together,
after I upgrade my main firewall from 21.7 to 21.7.1 the site2site VPN's aren't working. It is a problem in the server config of openvpn.
Working config in 21.7:
dev ovpns5
verb 3
dev-type tun
dev-node /dev/tun5
writepid /var/run/openvpn_server5.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.181.20
tls-server
ifconfig 10.100.5.1 10.100.5.2
tls-verify "deleted"
lport 1198
management /var/etc/openvpn/server5.sock unix
push "route 10.100.0.0 255.255.255.0"
This part in 21.7 "ifconfig 10.100.5.1 10.100.5.2" show up in the WebUI as IPv4 Tunnel Network 10.100.5.0/30.
After the Upgrade to 21.7.1 the subnetmask /30 prevent the tunnel to be started... /28 /27 /26 and so on are working but breaking the routing...
Error message in the WebUI: openvpn Unable to contact daemon
Is this a known bug?
BR Andreas
I am having the same issue, its a "backup OOB" VPN so wasn't noticed, but I see in the logs
2021-08-22T22:44:11 openvpn[17914] Use --help for more information.
2021-08-22T22:44:11 openvpn[17914] Options error: --client-config-dir/--ccd-exclusive requires --mode server
2021-08-22T22:44:11 openvpn[17914] Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
I am facing the same issue. I had to rollback to 21.7
Seems this is fixed in 21.7.3, I made no changes and just happened to notice the VPN lin k was back up after upgrading.