Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Mr2

Pages1
#1
Virtual private networks / Re: Issues starting OpenVPN in client Auth mode
March 14, 2021, 03:11:49 PM
Ahh, you're right - sort of, it seems this functionality was introduced in OpenVPN 2.5_beta1 (allow usage of --server-ipv6 even when no --server is specified) and was actually requested 9(!) years ago and fixed in time for the 2.5 release  :)

I'm going to go ahead and assume that Opnsense probably doesn't run OpenVPN 2.5 (cant check right now) but hopefully it will be an option in the future.

For anyone interested, this was the link with the request https://community.openvpn.net/openvpn/ticket/208
#2
Virtual private networks / Issues starting OpenVPN in client Auth mode
March 14, 2021, 09:15:23 AM
Hi there,

I am trying to configure the OpenVPN server in client Authentication mode with TLS+Password login.

On both 20.7 and 21.1 the server simply exits with no errors, if I try to start this manually on the command line it also simply exits with no output, even when verbosity is set to 11.

If I select the server mode as "Peer to peer" rather than "Remote access" then it all starts and is happy, although, obviously not the desired mode.

Selecting any of the Remote access" modes also produces the same result. The backend authentication is always set as "Local Database" in these cases.

Below is a copy of my config if that helps..

Let me know if you'd like a copy of the working config (peer-to-peer) and I can paste that

(Update: I am trying to run an IPv6 only network, and so had left out the IPv4 tunnel network, adding this back in added the parameters
server 10.0.0.0 255.255.255.0
server-ipv6 2001:dead:beef:0000::/64

And OpenVPN is now starting, is this a bug maybe?)

-- Start config --
dev ovpns1
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-256-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 1.2.3.4
client-disconnect "/usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh server1"
tls-server
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'clients.mydomain.com' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 100
push "dhcp-option DNS 2001:dead:beef:0100::1010"
push "dhcp-option DNS 2001:dead:beef:0100::1011"
push "dhcp-option NTP 2001:dead:beef:0100::1010"
push "dhcp-option NTP 2001:dead:beef:0100::1011"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.2048.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float
topology subnet
Pages1