SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002682: global OpenVPN DCHP Options not pushed when using X509 without having accounts - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002682Endian FirewallNetwork related (VPN, uplinks)public2010-02-14 20:002012-07-20 12:00
Reporterfabiana 
Assigned To 
PrioritynormalSeveritytrivialReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.3 
Target VersionfutureFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0002682: global OpenVPN DCHP Options not pushed when using X509 without having accounts
DescriptionPush domain, Push these nameservers options doesn't work.
Would be nice to also have push "dhcp-option WINS a.b.c.d".

Workaround with adding
push "dhcp-option DNS a.b.c.d"
push "dhcp-option DNS a.b.c.d"
push "dhcp-option WINS a.b.c.d"
push "dhcp-option DOMAIN domain.tld"

to
/etc/openvpn/openvpn.conf.tmpl
Steps To Reproduce
Additional Information
Tagspurple
Relationships
has duplicate 0002187closed peter-endian push dns and domain missing in openvpn.conf 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-02-14 20:00fabianaNew Issue
2010-02-15 08:47luca-endianNote Added: 0003785
2010-02-15 08:48fabianaNote Added: 0003786
2010-03-05 00:25peter-endianNote Added: 0003939
2010-03-05 00:25peter-endianStatusnew => feedback
2010-03-05 06:06fabianaNote Added: 0003940
2010-03-20 15:29volkerNote Added: 0004075
2010-03-22 16:51peter-endianNote Added: 0004080
2010-03-22 16:51peter-endianStatusfeedback => confirmed
2010-03-22 16:52peter-endianNote Added: 0004081
2010-03-22 16:53peter-endianNote Edited: 0004080
2010-03-22 16:53peter-endianNote Deleted: 0004081
2010-03-22 16:54peter-endianTarget Version => future
2010-09-23 13:20peter-endianSummaryOpenVPN DCHP Options not pushed => global OpenVPN DCHP Options not pushed when using X509 without having accounts
2010-09-23 13:20peter-endianRelationship addedhas duplicate 0002187
2011-09-18 15:41arno_filterNote Added: 0007420
2012-07-20 11:59luke-endianNote Added: 0007954
2012-07-20 11:59luke-endianNote Edited: 0007954
2012-07-20 12:00luke-endianFile Added: image001.png
2012-07-20 12:01luke-endianNote Edited: 0007954
2012-07-20 12:01luke-endianTag Attached: purple
2012-07-23 14:55luke-endianFile Deleted: image001.png
2012-07-23 14:55luke-endianNote Deleted: 0007954

Notes
(0003785)
luca-endian   
2010-02-15 08:47   
Is that happening with windows clients?
(0003786)
fabiana   
2010-02-15 08:48   
Yes. I only have Windows Clients here. Both XP and Windows7.
(0003939)
peter-endian   
2010-03-05 00:25   
these push values are confgurable for each user, therefore you will not find them within the global openvpn config file.

can you please check if you have the correct values in

/var/openvpn/clients/<ACCOUNTNAME>

the template for the user files is /var/openvpn/user.tmpl

WINS is not configurable right now, but DNS and DOMAIN should be pushed
(0003940)
fabiana   
2010-03-05 06:06   
We use only X.509 certificates for OpenVPN, so there are no users on the firewall itself. "Global push options" don't apply in this case?
(0004075)
volker   
2010-03-20 15:29   
Same here, migrating a fw + openvpn server to Endian.

Using X.509 (ca.crt, vpnserver.crt, vpnserver.key) and ended up messing with /etc/openvpn/openvpn.conf.tmpl
(0004080)
peter-endian   
2010-03-22 16:51   
(edited on: 2010-03-22 16:53)
i understand

well, then it does not set it in the global openvpn configuration.
those values will only be set within the user's configuration.
so those global values really will not be taken in consideration right now with x509 authentication

thank you for bringing this to our attention


you can try to create an account called "DEFAULT", which then will be used as default configuration for those connectinos.
that should work

actually it is asking for a password, but as long as you don't use 2-factor auth it should not be used.
(0007420)
arno_filter   
2011-09-18 15:41   
Hi,

is this bug still existent? I got nearly the same behaviour with the EFW 2.4.1.

Regards Arno