Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Export fails after upgrade to 2.5.2 / 2.6

    Scheduled Pinned Locked Moved OpenVPN
    23 Posts 7 Posters 4.0k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      Dave Street @sgw
      last edited by

      @sgw I guess I have the same config as @kitdavis, Server Mode is Remote Access (SSL/TLS + User Auth), I suspect that if like others have stated I change the Server Mode, Remote Access to SSL/TLS the export will then work, but I will have to re-export all my other users. I was hoping not having to do this. Thanks,

      D 1 Reply Last reply Reply Quote 0
      • D Offline
        Dave Street @Dave Street
        last edited by

        I'm still having this issue and was hoping somebody has come up with a fix.. I try to export a new user and this is the error I get...
        A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.
        Failed to export config files!

        I get the same error if I try to export from an older user or anything, for example "config file only" I'm going to have to change the server mode to SSL/TLS but will I get to see which clients are connected if I do this? I have PFsense and OpenVPN authenticated against the local database. All prior users is working fine, I just cannot export new or even current users since the upgrade to 2.6

        R 1 Reply Last reply Reply Quote 0
        • R Offline
          rcoleman-netgate Netgate @Dave Street
          last edited by

          @dave-street have you checked your OVPN server's SSL cert to make sure there's a PEM value?

          Ryan
          Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
          Requesting firmware for your Netgate device? https://go.netgate.com
          Switching: Mikrotik, Netgear, Extreme
          Wireless: Aruba, Ubiquiti

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            Dave Street @rcoleman-netgate
            last edited by Dave Street

            @rcoleman-netgate Yes there is a x.509 PEM, certificate and private key data are both filled in.

            1 Reply Last reply Reply Quote 0
            • P Offline
              professor
              last edited by professor

              In my case it looks like the problem is version 1.6_5

              I am currently testing multiple setups. Both running 2.6.0, but the last system i set up is running 1.6_5, and here i get the same error as you do.

              The following input errors were detected:

              A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.
              Failed to export config files!
              

              The working system runs 1.6_4 of openvpn-client-export. Here it works just fine.

              1 Reply Last reply Reply Quote 0
              • P Offline
                professor
                last edited by

                Just upgraded the working system to 1.6_5, and guess what:

                caf8dc4b-2168-4b77-b192-05d8bcad2da2-image.png

                N 1 Reply Last reply Reply Quote 1
                • N Offline
                  NilsonFarias @professor
                  last edited by

                  @professor The same happened to me! Do we already have a solution?

                  1 Reply Last reply Reply Quote 0
                  • jimpJ Offline
                    jimp Rebel Alliance Developer Netgate
                    last edited by jimp

                    There is an issue open for this still: https://redmine.pfsense.org/issues/12475

                    If you're seeing the error now it would help to know how your VPNs are setup, including:

                    • Authentication type: SSL/TLS, User auth, or both
                    • Authentication source: Local, RADIUS, LDAP, etc.
                    • If the certificates are per-user (assigned on the user entry in the user manager) or just in the cert manager
                    • If the certificates in question have a private key present or not

                    EDIT: This should fix it: https://github.com/pfsense/FreeBSD-ports/commit/34355ebf71b78a6bfca47577fb979d0463684b8a

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    P 1 Reply Last reply Reply Quote 1
                    • P Offline
                      professor @jimp
                      last edited by

                      @jimp

                      The new 1.6_6 version fixed it.
                      Thanks for responding fast :)

                      K 1 Reply Last reply Reply Quote 0
                      • K Offline
                        kitdavis @professor
                        last edited by

                        Yes, 1.6_6 also fixed the problem for me as well.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.