Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get OpenVPN to work

    Scheduled Pinned Locked Moved OpenVPN
    18 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann @pixel24
      last edited by viragomann

      @pixel24 said in Can't get OpenVPN to work:

      What surprises me is that the Client Export field says "No Cert":

      This regards to the user cert.
      So there might no client cert be assigned to that user.

      But not clear, how this should be accepted by the client. When you set up an SSL OpenVPN a client cert is required.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann @pixel24
        last edited by viragomann

        @pixel24
        Just noticed that your server is in "user auth" mode. So it doesn't require any CA and cert at all.
        But I'm wondering why it is providing the CA and server cert stuff in this mode.

        You have to set the server into SSL/TLS (+Auth) mode to use SSL certificates.

        It should include all needed certs.
        If you use PEM style files, you have to combine CA
        and intermediate manually.

        How exactly do I have to proceed here?

        3fc3d38a-9d53-4ef8-913e-df4392727a60-grafik.png

        0373f3fc-bde8-4ff4-8095-b7824f7d2ff1-grafik.png

        P 1 Reply Last reply Reply Quote 0
        • P
          pixel24 @viragomann
          last edited by

          @viragomann said in Can't get OpenVPN to work:

          Just noticed that your server is in "user auth" mode. So it doesn't require any CA and cert at all.
          But I'm wondering why it is providing the CA and server cert stuff in this mode.
          You have to set the server into SSL/TLS (+Auth) mode to use SSL certificates.

          That's how I've always done it so far and never had any problems. However, it was version 2.5. Now I have 2.6.

          I have removed the access on the laptop again, changed the OpenVPN server to "SSL/TLS (+Auth) mode" and activated the password protection for thed pkcs12 file.

          However, the option to download the package for the client is missing under "OpenVPNClient -> Export Utility".

          P V 2 Replies Last reply Reply Quote 0
          • P
            pixel24 @pixel24
            last edited by

            1f1c9b64-9e3a-473f-acf3-9bdb4b52e9b5-image.png

            1 Reply Last reply Reply Quote 0
            • V
              viragomann @pixel24
              last edited by

              @pixel24 said in Can't get OpenVPN to work:

              However, the option to download the package for the client is missing under "OpenVPNClient -> Export Utility".

              This is only available if there is any user on the system who has assigned a certificate from the same CA as the selected server.

              As you upper screeshot shows you're using an external user database. But I don't know how to assign a user certs in this case.

              P 1 Reply Last reply Reply Quote 0
              • P
                pixel24 @viragomann
                last edited by

                @viragomann I have specified the Let's Encrypt CA and the real certificate of the host in the OpenVPN server. This does not work although the certificate has been signed and is valid.

                I have now set up an internal CA for OpenVPN again. Auth: User & Pass. Package imported on the client.

                Works.

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @pixel24
                  last edited by

                  @pixel24 said in Can't get OpenVPN to work:

                  I have specified the Let's Encrypt CA and the real certificate of the host in the OpenVPN server.

                  No, not this.
                  The client needs both, the CA cert and the intermediate cert to verify the server certificate, as far as I know. That's what the client error log hints to me.

                  So when you use p12 file both should be included. When using PEM file (crt) you can simply bundle both with an text editor.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @pixel24
                    last edited by

                    @pixel24 said in Can't get OpenVPN to work:

                    OpenVPN 2.4.7

                    pfSense uses OpenVPN 2.5.4

                    I won't say : it couldn't work.
                    I will say : only experts will try to mix 2.5.x series with the 2.4.x series ;)

                    Btw : no need to use a certificate from Letsencrypt.
                    See the Netgate channel on Youtube, the official OpenVPN video's. These videos are old, but still very valid.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @Gertjan
                      last edited by

                      @gertjan said in Can't get OpenVPN to work:

                      pfSense uses OpenVPN 2.5.4
                      I won't say : it couldn't work.
                      I will say : only experts will try to mix 2.5.x series with the 2.4.x series ;)

                      So I'm an expert, obviously. ๐Ÿ˜Š

                      We never had issues here with OpenVPN 2.5.2 on pfSense and 2.4.x and 2.5.x on Windows and 2.4.x Linux clients.

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @viragomann
                        last edited by

                        @viragomann said in Can't get OpenVPN to work:

                        obviously

                        Very possible ๐Ÿ‘

                        I guess you've been cheating, that is, reading the OpenVPN release notes so you knew what 2.4.x option (server or client) can be used with a 2.5.x server or client.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @Gertjan
                          last edited by

                          @gertjan

                          That setting doesn't work for me in the issue I've been having.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.