OpenVPN CSO what happened to custom_options

[franco]

Yes, but you need to put the correct subnet size.


Cheers,
Franco

[teo88]

Hello,

had the following directives under OpenVPN - Clients - Advanced:

Code Select Expand


pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"


and under OpenVPN - Servers - Advanced:

Code Select Expand


allow-compression no


How to get now the directives after the Update again as the custom options are missing?

[franco]

@teo88

Please use the old GUI for backwards compatibility.

@muchacha_grande

https://github.com/opnsense/core/commit/605042ada8
https://github.com/opnsense/core/commit/0a4eacfb6ab

# opnsense-patch 605042ada8 0a4eacfb6ab

(mssfix latches on to fragment if set as per OpenVPN documentation)

@broesel68

After going through the documentation, bug reports and performance guides I think the server side should not matter on modern FreeBSD. So you might look at push requirements only. Can you try to verify? The goal is to remove obsolete/defunct things and sndbuf/rcvbuf looks a bit like it (at least from the OPNsense side).


Cheers,
Franco

[teo88]

Thanks, Franco

What is the Command to revert back to 23.1.11 Gui?

Code Select Expand


opnsense-revert -r


[franco]

Reverting is not possible between major versions.


Cheers,
Franco

[teo88]

Thx, i was understanding to revert back, as you mentioned "use old GUI for backwards compatibility"

How do i do that?

[franco]

Reinstall with config import.


Cheers,
Franco

[muchacha_grande]

@franco, I tried patch 0a4eacfb6ab, but when I use the command opnsense-patch 0a4eacfb6ab it shows:

root@router:~ # opnsense-patch 0a4eacfb6ab
Fetched 0a4eacfb6ab via https://github.com/opnsense/core
1 out of 3 hunks failed while patching opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php

It appears to haven't been applied.

Also can't find the intended options on the gui.

Cheers

[franco]

Sorry, another fix was preventing it to apply. Try these two:

# opnsense-patch 605042ada8 0a4eacfb6ab

Added options are at the bottom under "Advanced".


Cheers,
Franco

[teo88]

Reinstall with config import.


Cheers,
Franco

Is there no possibility to install a patch to get the fields back, without complete reinstall?

[franco]

No, the whole component was replaced to provide API capabilities.

We are discussing file-based overrides that fit our advanced configuration policy at the moment. But that tends to be messy since common name and server combinations can cause quite a number of files to be added (users alone could be many and it's quite dynamic compared to just changing configuration options on an instance).


Cheers,
Franco

[gdur]

Yes, but you need to put the correct subnet size.


Cheers,
Franco

Assuming you meant to modify "IPv4 Tunnel Network" setting in the clients option I have changed it to 192.168.x.x but it has no effect even after restarting the instance. I got connected though but with a different IP address.

[franco]

Hmm, I'm not aware that it doesn't work all the time so I'm unable to help directly in this particular case.


Cheers,
Franco

[gdur]

Has anyone found a solution to get pre-defined fixed IP addresses?

[PIv0]

Yes, but you need to put the correct subnet size.


Cheers,
Franco

If on version 23.1.11 we used the line

ifconfig-push 192.168.yyy.xxx 255.255.255.0

Now in the IPv4 Tunnel Network field, you need to set the value

192.168.yyyy.xxx/24 ?

Did I understand correctly?