04-10-2017 12:11 PM
I recently patched my Fedora 25 system and the patch upgraded OpenVPN to openvpn-2.4.1-2.fc25.x86_64. This patch caused the following error message to be displayed when starting up openvpn:
Options error: Unrecognized option or missing or extra parameter(s) in openvpn.conf:79: plugin (2.4.1)
Line 79 in my openvpn.conf file is:
plugin /opt/duo/duo_openvpn.so <auth data>
The duo_openvpn.so configuration worked perfectly before I upgraded openvpn. I tried rebuilding and reinstalling the duosecurity openvpn plugin using the steps in Two-Factor Authentication for OpenVPN | Duo Security, but this did not resolve the problem. Is there a known solution for this problem, or is a patch needed for the duosecurity openvpn plugin?
Solved! Go to Solution.
05-04-2017 06:01 AM
Just to close the loop on this, after further investigation by our Engineering Team, we’ve updated our documentation at https://duo.com/docs/openvpn#configure-the-server to show that OpenVPN version 2.4 and later requires the format:
plugin /opt/duo/duo_openvpn.so 'IKEY SKEY HOST'
Versions 2.3 and earlier do not need the single quotes. Further discussion on GitHub here: https://github.com/duosecurity/duo_openvpn/issues/19. Thanks again for reporting this!
04-14-2017 07:52 AM
Hi Chris,
I checked with our Support Team and this error is most often caused by incorrect IKEY, SKEY, and/or API hostname values on that line per the documentation here: https://duo.com/docs/openvpn#configure-the-server. If you’ve created a new application the Duo Admin Panel, those values would be new, so please confirm they exactly match the values specified in the application’s details in the admin panel.
If you have verified and re-entered those values and are still unable to resolve the error, please contact our Support Team so they can troubleshoot with you further. Thanks!
04-14-2017 08:55 AM
Thanks Dooley. The only thing I did was update openvpn which caused the
duo security plugin for openvpn fail when starting the openvpn daemon. The
IKEY, SKEY, and API hostname match the values in my Duo Admin Panel. I
will plan to contact the Support Team.
My last option is to just revert back to the previous openvpn version. I
am pretty sure this will work.
Thanks,
Chris
05-04-2017 06:01 AM
Just to close the loop on this, after further investigation by our Engineering Team, we’ve updated our documentation at https://duo.com/docs/openvpn#configure-the-server to show that OpenVPN version 2.4 and later requires the format:
plugin /opt/duo/duo_openvpn.so 'IKEY SKEY HOST'
Versions 2.3 and earlier do not need the single quotes. Further discussion on GitHub here: https://github.com/duosecurity/duo_openvpn/issues/19. Thanks again for reporting this!
05-04-2017 06:54 AM
Thanks… that worked! I gave up on using DuoSecurity so I am glad I can
go back to using it again.
Regards,
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide