1
24.1 Legacy Series / Re: OpenVPN TAP Instance fails if server address not defined
« on: March 16, 2024, 06:53:24 pm »
Worked perfectly. Thank you!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.1 Legacy Series / Re: OpenVPN TAP Instance fails if server address not defined
« on: March 11, 2024, 05:34:36 pm »
I'll try it out this weekend when our traffic is low. Crossing fingers
3
24.1 Legacy Series / Re: OpenVPN TAP Instance fails if server address not defined
« on: March 08, 2024, 12:32:51 am »
Thank you so much for posting this on github. You were able to dig much deeper into this than I was. I'll follow the thread there and post any feedback if the updates don't fix things.
4
24.1 Legacy Series / OpenVPN TAP Instance fails if server address not defined
« on: February 24, 2024, 07:20:25 pm »
I see that the old client/server OpenVPN configuration is deprecated in 24.1.2_1, so I tested out migrating my existing OpenVPN servers to the new Instance configuration. I run TAP connections between sites.
When converting over my old settings, the server would not start. It complained: "Options error: Parameter ca_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified."
This seems to be due to leaving the "Server (IPv4)" setting blank. When I provide a value (e.g., 10.0.47.0/24) it works.
My understanding is a Server IP is not required for TAP connections. My old configuration did not use a Server IP and worked. Perhaps my understanding is wrong here, and if so, perhaps Server IP should be a require setting so others don't get flummoxed.
On a side note, when I created the new OpenVPN instance, I went into Interface -> Assignments, and attempted to change the old OpenVPN interface to the new one, by changing the device in the drop down and pressing the save button. This gave me the following error: "You cannot set device bridge0 to interface opt5 because it cannot be a member of itself.". Is this related to the fact that in my bridge settings, I have the bridge device as a member of the bridge? Is this not a good thing to do?
When converting over my old settings, the server would not start. It complained: "Options error: Parameter ca_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified."
This seems to be due to leaving the "Server (IPv4)" setting blank. When I provide a value (e.g., 10.0.47.0/24) it works.
My understanding is a Server IP is not required for TAP connections. My old configuration did not use a Server IP and worked. Perhaps my understanding is wrong here, and if so, perhaps Server IP should be a require setting so others don't get flummoxed.
On a side note, when I created the new OpenVPN instance, I went into Interface -> Assignments, and attempted to change the old OpenVPN interface to the new one, by changing the device in the drop down and pressing the save button. This gave me the following error: "You cannot set device bridge0 to interface opt5 because it cannot be a member of itself.". Is this related to the fact that in my bridge settings, I have the bridge device as a member of the bridge? Is this not a good thing to do?
Pages: [1]