Incompatible OpenVPN versions in site to site pre-share key?

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
OpenVPNfanatic
OpenVpn Newbie
Posts: 2
Joined: Sat Sep 11, 2021 6:27 pm

Incompatible OpenVPN versions in site to site pre-share key?

Post by OpenVPNfanatic » Sat Sep 11, 2021 7:01 pm

I'm running OpenVPN on pfSense boxes which runs FreeBSD.

Server is running OpenVPN 2.4.9
Client is running OpenVPN 2.5.2

The client is unable to connect to the server. I have another ovpn server on the server box and a different client box that is running OpenVPN 2.4.9 has no issues what-so-ever.

It isn't a firewall or routing issue. I am running into this after swapping hardware on the client side that WAS running OpenVPN 2.4.9 and got new equipment on client side that is running OpenVPN 2.5.2. I even went through creating a new server and client config files as well as tried running the server on the 2.5.2 side and client on the 2.4.9 side and no dice.

I assume it has something to with cipher options as there was a change between 2.4.9 and 2.5.2 but i'm not positive. Any experience in this? Here are the configs as setup right now:

SERVER running 2.4.9
SERVER

dev ovpns3
verb 1
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local <public-ip-redacted>
ifconfig 10.1.101.1 10.1.101.2
lport <public-port-redacted>
management /var/etc/openvpn/server3.sock unix
max-clients 1
route 192.168.222.0 255.255.255.0
secret /var/etc/openvpn/server3.secret
compress


CLIENT running 2.5.2
CLIENT

dev ovpnc2
verb 1
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.1.10.93
engine rdrand
lport 0
management /var/etc/openvpn/client2/sock unix
remote <public-ip-of-remote-redacted> <remote-port-redacted> udp4
ifconfig 10.1.101.2 10.1.101.1
route 192.168.111.0 255.255.255.0
secret /var/etc/openvpn/client2/secret
data-ciphers AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
resolv-retry infinite
explicit-exit-notify 1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Incompatible OpenVPN versions in site to site pre-share key?

Post by TinCanTech » Sat Sep 11, 2021 7:46 pm


OpenVPNfanatic
OpenVpn Newbie
Posts: 2
Joined: Sat Sep 11, 2021 6:27 pm

Re: Incompatible OpenVPN versions in site to site pre-share key?

Post by OpenVPNfanatic » Sun Sep 12, 2021 10:30 pm

This worked. Thank you.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Incompatible OpenVPN versions in site to site pre-share key?

Post by TinCanTech » Sun Sep 12, 2021 10:49 pm

Would you be able to share the nature of your fix ?

Which option was it that worked for you ?

farhn
OpenVpn Newbie
Posts: 2
Joined: Sun Sep 26, 2021 10:23 am

Re: Incompatible OpenVPN versions in site to site pre-share key?

Post by farhn » Sun Sep 26, 2021 10:33 am

Nothing is working perfectly in freebsd 13 .I am getting this error in

root@ost102:~ # service openvpn_udp start
Starting openvpn_udp.
/usr/local/etc/rc.d/openvpn_udp: WARNING: failed to start openvpn_udp

Everything working fine before in older version Freebsd 11.3 .

Note here Openvpn 2.5 version here

Post Reply