Hi All,
I have an openvpn tunnel working with a couple warnings. In further investigation I noticed that some of the options don’t seem to be working. Where are the additional options added?
I get the following warning, yes only warning, but I wanted to understand how config is applied.
WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for vtun5, therefore the route installation may fail or may not work as expected.
So I added these rules to tackle the IPv6 warning, but nothing happens.
set interfaces openvpn vtun5 openvpn-option 'pull-filter reject ifconfig-ipv6'
set interfaces openvpn vtun5 openvpn-option 'pull-filter reject ipv6-route'
set interfaces openvpn vtun5 openvpn-option '--block-ipv6'
I then found the configuration file under /run/openvpn/vtun5.conf and it is missing any options I have set. So were are they?
Some of the other options I set which are not visible in the client config.
set interfaces openvpn vtun5 openvpn-option 'remote-cert-tls server'
set interfaces openvpn vtun5 openvpn-option 'pull-filter ignore redirect-gateway'
I also found the “dh” value specified as none, which is causing the first warning, how does one remove this?
### Autogenerated by interfaces_openvpn.py ###
#
# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
# for individual keyword definition
#
# OpenVPN
#
verb 3
dev-type tun
dev vtun5
persist-key
proto udp
rport 1197
remote au.vpn.network
persist-tun
disable-dco
#
# OpenVPN Client mode
#
client
nobind
# TLS options
ca /run/openvpn/vtun5_ca.pem
dh none
# Encryption options
cipher AES-256-CBC
# https://vyos.dev/T5027
# Required to support BF-CBC (default ciphername when none given)
providers legacy default
auth sha256
auth-user-pass /run/openvpn/vtun5.pw
auth-retry nointeract
Regards