pfsense 2.6.0 system logs message OpenVPN failed to start

Jonas Souza

@viragomann

Adjusting the settings you mentioned, it worked perfectly. Thank you very much

Gertjan

@viragomann said in pfsense 2.6.0 system logs message OpenVPN failed to start:

And empty the custom options, of course.

The perfect custom settings :

Using that for several years now, just great. Easy to maintain.

Btw : Because my tunnel network is 192.168.3.0/24 (an available local RFC1918) :
You saw my :

<29>1 2023-06-29T14:36:58.442476+02:00 pfs.bhf.net openvpn 93453 - - /sbin/ifconfig ovpns1 192.168.3.1/24 mtu 1500 up

Because :

edit :

In case you didn't do so already :
Assign the OpenVPN server instnce interface to a new interface - I called mine 'OPENVPN'.

Then : activate it :

(nothing more to do there)

Add some rule on the Interface OPENVPN (otherwise nothing can gets in).
This one will do just fine :

Then, pay a visit to the Resolver (DNS !) and make sure it listens to All incoming interfaces.
Or at least all incoming interfaces - 'OPENVPN' included :

Finally : even if they are years old now, do visit Youtube. Go to the Netgate Channel and re-watch the 3 official OpenVPN (server) video's. It's worth it.

Jonas Souza

@viragomann @Gertjan

Now I'm having another problem, here's the screenshot.

OpenVPN service is online.

What can it be?

viragomann

@Jonas-Souza
Mostly this error means that the client cannot reach the server.
The server IP is correct in the client settings?

Check the firewall log on the server if it has blocked the packets.
Or run a packet capture on WAN to see if the packets arrive at all.

Jonas Souza

@viragomann

Yes, the ip is correct, follow the client's log.

Would it be a problem with the certificates now?

viragomann

@Jonas-Souza
Yes, as the server log shows, there is something wrong with the certificate verification.

Is the client certificate issued by the CA, which you stated in the server settings?

Jonas Souza

@viragomann

Perfectly, I redid the user CA and it worked.

Many thanks for the instructions.

Excuse my ignorance, but how and where do I consider this topic resolved?

viragomann

@Jonas-Souza
Just edit the topic in the first post and put "[SOLVED]" in front of it.

Jonas Souza

@viragomann

sorry but when editing the post notifies this warning.

viragomann

@Jonas-Souza
Obviously there is a lock now for editing old posts.
Do you have access to the topic in the most recent?

Jonas Souza

@viragomann

From the last post yes, but I can't edit the title of the post.

viragomann

@Jonas-Souza
Sorry, so I can't sadly help you with that. Obviously the forum haves different now. Don't now what's actually the proper way to mark a topic as solved.

Jonas Souza

@viragomann

I reposted, thanks

https://forum.netgate.com/topic/181119/solved-pfsense-2-6-0-system-logs-message-openvpn-failed-to-start