Client Export fails after upgrade to 2.5.2 / 2.6

sgw

@dave-street unsure what to reply. I have pfsense and OpenVPN authenticated against 2 LDAP backends now. Seems to work although the customer hasn't tested much yet. I can use my tunnel fine, using a user in LDAP.

Do you need a config snippet? or ... ?

Dave Street

@sgw I guess I have the same config as @kitdavis, Server Mode is Remote Access (SSL/TLS + User Auth), I suspect that if like others have stated I change the Server Mode, Remote Access to SSL/TLS the export will then work, but I will have to re-export all my other users. I was hoping not having to do this. Thanks,

Dave Street

I'm still having this issue and was hoping somebody has come up with a fix.. I try to export a new user and this is the error I get...
A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.
Failed to export config files!

I get the same error if I try to export from an older user or anything, for example "config file only" I'm going to have to change the server mode to SSL/TLS but will I get to see which clients are connected if I do this? I have PFsense and OpenVPN authenticated against the local database. All prior users is working fine, I just cannot export new or even current users since the upgrade to 2.6

rcoleman-netgate

@dave-street have you checked your OVPN server's SSL cert to make sure there's a PEM value?

Dave Street

@rcoleman-netgate Yes there is a x.509 PEM, certificate and private key data are both filled in.

professor

In my case it looks like the problem is version 1.6_5

I am currently testing multiple setups. Both running 2.6.0, but the last system i set up is running 1.6_5, and here i get the same error as you do.

The following input errors were detected:

A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.
Failed to export config files!

The working system runs 1.6_4 of openvpn-client-export. Here it works just fine.

professor

Just upgraded the working system to 1.6_5, and guess what:

NilsonFarias

@professor The same happened to me! Do we already have a solution?

jimp

There is an issue open for this still: https://redmine.pfsense.org/issues/12475

If you're seeing the error now it would help to know how your VPNs are setup, including:

• Authentication type: SSL/TLS, User auth, or both
• Authentication source: Local, RADIUS, LDAP, etc.
• If the certificates are per-user (assigned on the user entry in the user manager) or just in the cert manager
• If the certificates in question have a private key present or not

EDIT: This should fix it: https://github.com/pfsense/FreeBSD-ports/commit/34355ebf71b78a6bfca47577fb979d0463684b8a

professor

@jimp

The new 1.6_6 version fixed it.
Thanks for responding fast :)

kitdavis

Yes, 1.6_6 also fixed the problem for me as well.