Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Issues starting OpenVPN in client Auth mode
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issues starting OpenVPN in client Auth mode (Read 1788 times)
Mr2
Newbie
Posts: 2
Karma: 0
Issues starting OpenVPN in client Auth mode
«
on:
March 14, 2021, 09:15:23 am »
Hi there,
I am trying to configure the OpenVPN server in client Authentication mode with TLS+Password login.
On both 20.7 and 21.1 the server simply exits with no errors, if I try to start this manually on the command line it also simply exits with no output, even when verbosity is set to 11.
If I select the server mode as "Peer to peer" rather than "Remote access" then it all starts and is happy, although, obviously not the desired mode.
Selecting any of the Remote access" modes also produces the same result. The backend authentication is always set as "Local Database" in these cases.
Below is a copy of my config if that helps..
Let me know if you'd like a copy of the working config (peer-to-peer) and I can paste that
(Update: I am trying to run an IPv6 only network, and so had left out the IPv4 tunnel network, adding this back in added the parameters
server 10.0.0.0 255.255.255.0
server-ipv6 2001:dead:beef:0000::/64
And OpenVPN is now starting, is this a bug maybe?)
-- Start config --
dev ovpns1
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-256-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 1.2.3.4
client-disconnect "/usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh server1"
tls-server
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'clients.mydomain.com' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 100
push "dhcp-option DNS 2001:dead:beef:0100::1010"
push "dhcp-option DNS 2001:dead:beef:0100::1011"
push "dhcp-option NTP 2001:dead:beef:0100::1010"
push "dhcp-option NTP 2001:dead:beef:0100::1011"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.2048.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float
topology subnet
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Issues starting OpenVPN in client Auth mode
«
Reply #1 on:
March 14, 2021, 02:28:33 pm »
afaik opnsense add v6-server directive only after v4
(
https://github.com/opnsense/core/blob/73016fdaf3814a3534385112519b8769e4387ca4/src/etc/inc/plugins.inc.d/openvpn.inc#L682-L689
)
but afaik this is a requirement of the openvpn itself. is there references that openvpn began to maintain a pure ipv6-tunnel?
Logged
Mr2
Newbie
Posts: 2
Karma: 0
Re: Issues starting OpenVPN in client Auth mode
«
Reply #2 on:
March 14, 2021, 03:11:49 pm »
Ahh, you're right - sort of, it seems this functionality was introduced in OpenVPN 2.5_beta1 (allow usage of --server-ipv6 even when no --server is specified) and was actually requested 9(!) years ago and fixed in time for the 2.5 release
I'm going to go ahead and assume that Opnsense probably doesn't run OpenVPN 2.5 (cant check right now) but hopefully it will be an option in the future.
For anyone interested, this was the link with the request
https://community.openvpn.net/openvpn/ticket/208
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Issues starting OpenVPN in client Auth mode
«
Reply #3 on:
March 14, 2021, 03:21:13 pm »
no date set for 2.5 milestone
https://community.openvpn.net/openvpn/milestone/release%202.5
OPN is on 2.4.9_3
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Issues starting OpenVPN in client Auth mode