Dear support forum & Teltonika team,
since the latest firmware version RUT9XX_R_00.06.07_WEBUI it is not possible anymore for us to get a working OpenVPN Client connection from RUT950 to or servers. After doing the same setup as always (we sell preconfigured RUT950 to our customers since 2016), I get the following error:
Thu Oct 29 14:07:47 2020 daemon.err openvpn(client_ixsvpnip)[9712]: Options error: --pull cannot be used with --mode server
Thu Oct 29 14:07:47 2020 daemon.warn openvpn(client_ixsvpnip)[9712]: Use --help for more information.
However, we do not specify either "pull" nor "server".
I assume that those uptions are auto generated during OpenVPN client configuration.
root@ixs:~# cat /tmp/etc/openvpn-client_ixsvpnip.conf
client
nobind
persist-key
auth none
auth-user-pass /etc/openvpn/auth_client_ixsvpnip
ca /lib/uci/upload/cbid.openvpn.client_ixsvpnip.ca
cipher none
dev tap
keepalive 20 120
mode server
port 1194
proto udp
remote XXX.XXX.XXX.XXX
resolv-retry infinite
verb 5
dev tun_ixsvpnip
dev-type tap
sndbuf 0
rcvbuf 0
tun-mtu 1500
explicit-exit-notify
persist-key
persist-tun
reneg-sec 0
reneg-bytes 0
setenv CLIENT_CERT 0
remote-cert-tls server
fast-io
auth-nocache
remote-cert-tls server
script-security 2
down /etc/openvpn/updown_dns
up /etc/openvpn/updown_dns
root@ixs:~# cat /etc/config/openvpn
config openvpn 'teltonika_auth_service'
option persist_key '1'
option persist_tun '1'
option port '5002'
option proto 'udp'
option verb '4'
option nobind '1'
option enable '0'
option remote 'rms.teltonika.lt'
option resolv_retry 'infinite'
option keepalive '10 120'
option auth_user_pass '/etc/openvpn/auth'
option ca '/etc/openvpn/tlt_ca.crt'
option ns_cert_type 'server'
option comp_lzo 'yes'
option client '1'
option dev 'tun_rms'
option script_security '2'
option up '"/etc/init.d/rms_uhttpd start"'
option down '"/etc/init.d/rms_uhttpd rms_stop"'
config webui 'webui'
option _auth 'tls'
config openvpn 'client_ixsvpnip'
option persist_key '1'
option port '1194'
option _role 'client'
option verb '5'
option nobind '1'
option proto 'udp'
option enable '1'
option dev 'tap'
option remote 'XXX.XXX.XXX.XXX'
option resolv_retry 'infinite'
option keepalive '20 120'
option _auth 'pass'
option cipher 'none'
option _tls_cipher 'all'
option auth 'none'
option _tls_auth 'none'
option ca '/lib/uci/upload/cbid.openvpn.client_ixsvpnip.ca'
option client '1'
option auth_user_pass '/etc/openvpn/auth_client_ixsvpnip'
list _extra 'dev tun_ixsvpnip'
list _extra 'dev-type tap'
list _extra 'sndbuf 0'
list _extra 'rcvbuf 0'
list _extra 'tun-mtu 1500'
list _extra 'explicit-exit-notify'
list _extra 'persist-key'
list _extra 'persist-tun'
list _extra 'reneg-sec 0'
list _extra 'reneg-bytes 0'
list _extra 'setenv CLIENT_CERT 0'
list _extra 'remote-cert-tls server'
list _extra 'fast-io'
option mode 'server'
If I remove the last "option mode 'server'" from /etc/config/openvpn manually (SSH) everything works as always. After saving the OpenVPN client configuration via Web UI again, the "option mode 'server'" appears again also.
After downgrading to RUT9XX_R_00.06.06.1_WEBUI.bin, everything works.