Version 3.4 breaks config (option_error: sorry, unsupported options present in configuration: UNKNOWN/UNSUPPORTED OPTION

[KisukeCZE]

For me these options generates error:
ping-timer-rem
pull

But after removing them connection just does not work...

Would be good to post the log that shows the connection problem. It may be that it won't work because of some other things like not being able to reach the server due to firewall or such.

Kind regards,
Johan

You are right. My bad. After removing those options it worked for me.
But last week I've tested it on some stupid network which was blocking UDP

I believe that pull option should not generate this error.
It would be also useful to have some manual for 3.X VPN, like it's available for 2.X: https://openvpn.net/community-resources ... ed-options

[jlotech]

I went back to 3.3.7 for now to get around this.

[superkingkong]

Hi,

After upgrading to 3.4, it broke my connection.
As suggested in the earlier posts, I commented out all the unsupported options.

After all that, I tried to reconnect.
No more unsupported options though, but now I met with another issue.

"Peer certificate verification failure"

I tried the same ovpn on my other laptop with 3.3.7, no issue with the certificate.

[vroby67]

Hello there,
I'm experiencing something similar, but in my case the error seems to be in [dh] section...
This the extract from the log:

[Jul 31, 2023, 19:35:25] OpenVPN core 3.8connect1 win x86_64 64-bit OVPN-DCO built on Jun 26 2023 16:08:41
⏎[Jul 31, 2023, 19:35:25] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Jul 31, 2023, 19:35:25] NOTE: This configuration contains options that were not used:
⏎[Jul 31, 2023, 19:35:25] Server only option
⏎[Jul 31, 2023, 19:35:25] 3 [dh] [-----BEGIN DH PARAMETERS----- MIIBCAKCAQEA0oJ0ubR+jmWiam51lrH3xu...]

Any suggestion?

[vroby67]

Hello there,
I'm experiencing something similar, but in my case the error seems to be in [dh] section...
This the extract from the log:

omissis

Any suggestion?

Temporarily solved commenting out the line

#dh dh2048.pem

[chilinux]

The way this was handled may unintentionally increase novice user distrust for upgrading the client in the future.

There should have been two options given to users of OpenVPN Connect to maintain a high level of trust:

(1) A prompt explaining what the client needs to remove from the configuration file to proceed. It should then offer to automatically perform the removal unsupported options at the click of a button. It could also offer to collect the email address of the OpenVPN server administrator to send a report/nastygram about what changes were needed.

(2) As a second option, there should be an easy method to choose to fall-back to the previous version of the client. Currently the upgrade process doesn't leave anything of the previous version and the download page does not provide any archive of the previous versions either.

While the error log is well worded and make sense of what is needed for anyone familiar with working with OpenVPN logs that is not how this reads to a novice.

Instead, the process that 3.4.0 introduces is that upgrading the client should only take place when a OpenVPN server administrator is available at a moments notice to address if/when OpenVPN Connect's upgrade process just breaks something. A novices only concern is getting the green connected circle and now the upgrade process means that is no longer possible. This says to a novice that things like fixing CVE-2022-3761 should take a back seat to checking with the local VPN administrator for confirming each and every upgrade is "safe" beforehand. The end effect will be that client-side zero-days get addressed MUCH slower.

For a process flow that requires manually modifying and re-importing OpenVPN profiles to proceed there should be a major version number change (3.3.7 -> 4.0.0) rather than a minor one (3.3.7 -> 3.4.0) to better signal to expect possible incompatibility and breaking of the normal process of upgrading.

[muralireddy]

Hello,

Thx it work for me, i juste putted an # before the pull -> #pull.

And i deleted the profil, reimported the file .ovpn, recreated the profil and it worked.

Bye !

Hi pls help with this same error I'm getting

[muralireddy]

I'm getting same error when I'm Sophos ssl file I will upload pls any one help me

[fabiovalverde]

Hello OpenVPN Community,

we faced the same issues after updating to Version 3.4.
The most problems we are facing are connected to Sophos UTM Appliances.

In the OpenVPN Logs:

[Jul 14, 2023, 08:28:29] NOTE: This configuration contains options that were not used:
⏎[Jul 14, 2023, 08:28:29] Unsupported option (ignored)
⏎[Jul 14, 2023, 08:28:29] 0 [ip-win32] [dynamic]
⏎[Jul 14, 2023, 08:28:29] 7 [resolv-retry] [infinite]
⏎[Jul 14, 2023, 08:28:29] 9 [persist-key]
⏎[Jul 14, 2023, 08:28:29] 10 [persist-tun]
⏎[Jul 14, 2023, 08:28:29] UNKNOWN/UNSUPPORTED OPTIONS
⏎[Jul 14, 2023, 08:28:29] 15 [route-delay] [4]

After editing the .ovpn config and deleting the entry for "route-delay 4", the configs started to function again.

After some research it seems to be an automatic config from the sophos UTM ovpn template itself, that can be changed via ssh.
The problem is, that after every update on the appliance, the config needs to be changed manually again.

Here is a community thread regarding this topic:
https://community.sophos.com/utm-firewa ... by-updates

Hope this helps somebody.

Kind Regards
PS

Thank you, Working fine here.

[lazp]

route-delay is not in the deprecated options(https://community.openvpn.net/openvpn/w ... tedOptions).
It looks like it is a valid argument in OpenVPN 2.6.x releases.

Why does OpenVPN core 3.8/ OpenVPN connect 3.4 not support this field?
Am I missing anything here?

[wey]

This is how to fix it.

1. check your logs, find the last line of config parsing that's before the error, note that it's not the next one, maybe a couple of lines before that.

2. comment that line out and retry.

For example.

Code: Select all

[Aug 23, 2023, 18:32:10] 8 [pull]                           #----------------------------------------here 
[Aug 23, 2023, 18:32:12J Raw stats on disconnect:
[Aug 23, 2023, 18:32:12] Performance stats on disconnect:
CPU usage (microseconds): 1431036
Network bytes per CPU second: 0
Tunnel bytes per CPU second: O
[Aug 23, 2023, 18:32:13] OpenPN core 3.8
mac arm64 64-bit built on Jul 26 2023
03:55:50
[Aug 23, 2023, 18:32:13]
Frame=512/2112/512 mssfix-ctri=1250
[Aug 23, 2023, 18:32:13] NOTE: This configuration contains options that were not used:  #---------------------- the first line of the issue