Openvpn Server interface: dco_set_ifmode: failed

[GreenMatter]

After upgrading to 24.7 (for test purposes  :D ) openvpn UDP server (legacy) doesn't work anymore and throws following errors:

Code Select Expand

2024-07-25T19:06:21 Warning openvpn_server9 dco_set_ifmode: failed to set ifmode=00008002: Invalid argument (errno=22)
2024-07-25T19:06:21 Warning openvpn_server9 Failed to create interface ovpns9 (SIOCSIFNAME): File exists (errno=17)


Ho to fix it?

[franco]

Meh, OpenVPN tries to kick it into DCO mode... Can you add this to advanced settings and try again?

disable-dco


Cheers,
Franco

[GreenMatter]

disable-dco

Yes, that restored UDP server...
But how to change config to use DCO?

[franco]

Not going to be in legacy client/server, sorry.


Cheers,
Franco

[GreenMatter]

Not going to be in legacy client/server, sorry.

Thus I need to migrate to "instances"?

[franco]

Correct. For better or worse the legacy section is considered "feature complete" and this consistency fix was unfortunately missed.

https://github.com/opnsense/core/commit/89135cdc

In any case thanks for the report. I have a few things I'm going to hotfix until tomorrow.


Cheers,
Franco

[GreenMatter]

Thanks, but what keeps stopping me from migration is missing TLS authentication (TLS Shared Key) in instances config.
Will it be added there?

[franco]

It would be best to raise a feature request for instances as long as the feature is not a deprecated OpenVPN option.


Cheers,
Franco

[GreenMatter]

One more thing.
Openvpn TCP server (legacy) was fully running.
But UDP server (legacy) was running but there was no connectivity. I mean netcat was showing replies from hosts on various ports but nothing could go through browser.
I gave up and restored 24.1.10...

[hansen97124]

Meh, OpenVPN tries to kick it into DCO mode... Can you add this to advanced settings and try again?

disable-dco

This also worked for me.  Thanks for posting.