CC100 and OpenVPN

Hello

Trying to connect my CC100 to OpenVPN. I have followed this guide: https://www.youtube.com/watch?v=H4c7NQiCalk and modified the configuration file as is shown in the guide. However, when starting the service I get the following error, and the service is stopped.

Tue Aug 30 13:10:31 2022 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:13: remote-cache-lifetime (2.4.6)
Tue Aug 30 13:10:31 2022 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:14: block-outside-dns (2.4.6)
Tue Aug 30 13:10:31 2022 Pushed option removed by filter: ‘route-ipv6 fd:0:0:8000::/49’
Tue Aug 30 13:10:31 2022 Pushed option removed by filter: ‘route-ipv6 fd:0:0:4000::/50’
Tue Aug 30 13:10:31 2022 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:21: auth-token-user (2.4.6)
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: compression parms modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: route options modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: route-related options modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: peer-id set
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: adjusting link_mtu to 1624
Tue Aug 30 13:10:31 2022 OPTIONS IMPORT: data channel crypto options modified
Tue Aug 30 13:10:31 2022 Data Channel: using negotiated cipher ‘AES-256-GCM’
Tue Aug 30 13:10:31 2022 Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Aug 30 13:10:31 2022 Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Aug 30 13:10:31 2022 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Tue Aug 30 13:10:31 2022 Exiting due to fatal error

What have I done wrong?

I can add that the CC100 initialy shows as Active when logging in to the OpenVPN service and looking under Status and Users > Devices. However, after approximatly 1 minute is shows as “Completed: User Disconnected”.

Looking in the WBM of the CC100 > Security > OpenVPN/IPsec says “Current State: stopped”

Hello,
Is it logs from the server, or OpenVPN Connect ?
Could you take a look to the logs on the PFC side ?
Does the Date/time on the PFC is correctly set ? Or NTP configured ?
This is mandatory for the SSL communication, otherwise certificates could be considered as outdated or not yet valid.

The log is from the Wago CC100 (Diagnostic > Source > openvpn.log

The NTP Client is enabled and pointing at 194.58.200.20, the clock is showing the right time.

Pay attention to 4’36’’ in the video.
You need to add the following option in the ovpn config file in the CC100 :

pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
pull-filter ignore 'redirect-gateway ipv6'

This is because CC100 doesn’t support ipv6.
Optionnaly add log /var/log/openvpn.log to have a dedicated log file.
It works on my side.

I have added exactly those options in my config-file that is loaded on the CC100

pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
pull-filter ignore 'redirect-gateway ipv6'
log /var/log/openvpn.log

I can add that my CC100 is running firmware 03.08.07(20)

OK…
I am running FW21, but this is the same OpenVPN version (2.4.6).
If it’s easy for you, you can maybe try to update it first ?

I don’t know how to do a firmware update on the CC100, only familiar with the e!cockpit-compatible controllers. Do you have a guide?

For an update using µSD card, here is the Image file (installation guide included)
For an update over Ethernet, here is the WUP file (installation guide and link to WAGOupload included)

That did the trick. The service is now up and running after upgrading to firmware 03.09.07(21)