Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Export fails after upgrade to 2.5.2 / 2.6

    Scheduled Pinned Locked Moved OpenVPN
    23 Posts 7 Posters 4.0k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      Dave Street @sgw
      last edited by

      @sgw are there any updates on this yet. I have 2 new users I need to add but am unable to export. I like others on here don't want to go through having to re do 30 users just to add 2 :(

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        sgw @Dave Street
        last edited by

        @dave-street unsure what to reply. I have pfsense and OpenVPN authenticated against 2 LDAP backends now. Seems to work although the customer hasn't tested much yet. I can use my tunnel fine, using a user in LDAP.

        Do you need a config snippet? or ... ?

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          Dave Street @sgw
          last edited by

          @sgw I guess I have the same config as @kitdavis, Server Mode is Remote Access (SSL/TLS + User Auth), I suspect that if like others have stated I change the Server Mode, Remote Access to SSL/TLS the export will then work, but I will have to re-export all my other users. I was hoping not having to do this. Thanks,

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            Dave Street @Dave Street
            last edited by

            I'm still having this issue and was hoping somebody has come up with a fix.. I try to export a new user and this is the error I get...
            A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.
            Failed to export config files!

            I get the same error if I try to export from an older user or anything, for example "config file only" I'm going to have to change the server mode to SSL/TLS but will I get to see which clients are connected if I do this? I have PFsense and OpenVPN authenticated against the local database. All prior users is working fine, I just cannot export new or even current users since the upgrade to 2.6

            R 1 Reply Last reply Reply Quote 0
            • R Offline
              rcoleman-netgate Netgate @Dave Street
              last edited by

              @dave-street have you checked your OVPN server's SSL cert to make sure there's a PEM value?

              Ryan
              Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
              Requesting firmware for your Netgate device? https://go.netgate.com
              Switching: Mikrotik, Netgear, Extreme
              Wireless: Aruba, Ubiquiti

              D 1 Reply Last reply Reply Quote 0
              • D Offline
                Dave Street @rcoleman-netgate
                last edited by Dave Street

                @rcoleman-netgate Yes there is a x.509 PEM, certificate and private key data are both filled in.

                1 Reply Last reply Reply Quote 0
                • P Offline
                  professor
                  last edited by professor

                  In my case it looks like the problem is version 1.6_5

                  I am currently testing multiple setups. Both running 2.6.0, but the last system i set up is running 1.6_5, and here i get the same error as you do.

                  The following input errors were detected:

                  A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.
                  Failed to export config files!
                  

                  The working system runs 1.6_4 of openvpn-client-export. Here it works just fine.

                  1 Reply Last reply Reply Quote 0
                  • P Offline
                    professor
                    last edited by

                    Just upgraded the working system to 1.6_5, and guess what:

                    caf8dc4b-2168-4b77-b192-05d8bcad2da2-image.png

                    N 1 Reply Last reply Reply Quote 1
                    • N Offline
                      NilsonFarias @professor
                      last edited by

                      @professor The same happened to me! Do we already have a solution?

                      1 Reply Last reply Reply Quote 0
                      • jimpJ Offline
                        jimp Rebel Alliance Developer Netgate
                        last edited by jimp

                        There is an issue open for this still: https://redmine.pfsense.org/issues/12475

                        If you're seeing the error now it would help to know how your VPNs are setup, including:

                        • Authentication type: SSL/TLS, User auth, or both
                        • Authentication source: Local, RADIUS, LDAP, etc.
                        • If the certificates are per-user (assigned on the user entry in the user manager) or just in the cert manager
                        • If the certificates in question have a private key present or not

                        EDIT: This should fix it: https://github.com/pfsense/FreeBSD-ports/commit/34355ebf71b78a6bfca47577fb979d0463684b8a

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        P 1 Reply Last reply Reply Quote 1
                        • P Offline
                          professor @jimp
                          last edited by

                          @jimp

                          The new 1.6_6 version fixed it.
                          Thanks for responding fast :)

                          K 1 Reply Last reply Reply Quote 0
                          • K Offline
                            kitdavis @professor
                            last edited by

                            Yes, 1.6_6 also fixed the problem for me as well.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.