Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

OpenVPN and PIA Errors | Reconnecting (Auth Failure | Authenticating | Pulling configuration from server

12 Posts 2 Posters 1.4k Views

Log in to reply

N

NightlyShark @8ayM
last edited by

@8ayM The "Hardware Crypto" list doesn't contain entries that you can necessarily use, AES-NI is used automagically anyway, set it to "No Hardware Crypto".
8 1 Reply Last reply
Reply Quote 0
8

8ayM @NightlyShark
last edited by

@NightlyShark said in OpenVPN and PIA Errors | Reconnecting (Auth Failure | Authenticating | Pulling configuration from server:

@8ayM The "Hardware Crypto" list doesn't contain entries that you can necessarily use, AES-NI is used automagically anyway, set it to "No Hardware Crypto".

I set the "No Hardware Crypto" as you sugested and now I'm getting a different error in Status -> OPENVPN -> Client
N 3 Replies Last reply
Reply Quote 0
N

NightlyShark @8ayM
last edited by

@8ayM There is another point in system settings where you set hardware encryption (System->Advanced?) see that it is set to AES-NI
1 Reply Last reply
Reply Quote 0
N

NightlyShark @8ayM
last edited by

@8ayM Also, TLS error, maybe you got an older certificate or did not input it correctly?
1 Reply Last reply
Reply Quote 0
N

NightlyShark @8ayM
last edited by

@8ayM Also,
Try that
8 1 Reply Last reply
Reply Quote 0
8

8ayM @NightlyShark
last edited by 8ayM

@NightlyShark

I'd already tried the Strong config thinking maybe the 2nd time was the charm, but I was in the same boat. So I already had that configured, based on the link you referenced from the PIA site

There is another point in system settings where you set hardware encryption (System->Advanced?) see that it is set to AES-NI

Set to disabled

Also, TLS error, maybe you got an older certificate or did not input it correctly?

This I just open the NYC strong config in https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip

Here i just copy the portion below into the CA of pfSense<ca> cert

-----BEGIN CERTIFICATE-----
MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
-----END CERTIFICATE-----

Pasted here
N 2 Replies Last reply
Reply Quote 0
N

NightlyShark @8ayM
last edited by

@8ayM
No, set to AES-NI
1 Reply Last reply
Reply Quote 0
N

NightlyShark @8ayM
last edited by

@8ayM
And CPU in Hypervisor set to host mode (no emulation).
And, if you have a recent Intel CPU and PfSense Plus, instead of AES-NI, select Quick Assist
8 1 Reply Last reply
Reply Quote 0
8

8ayM @NightlyShark
last edited by 8ayM

@NightlyShark
Set

No hypervisor, this is running on bare metal
No PfSense Plus at this time, but the Intel(R) Atom(TM) CPU C3758 does support QuickAssist

Still have Status -> Open VPN flipping through the status's listed above.
N 1 Reply Last reply
Reply Quote 0
N

NightlyShark @8ayM
last edited by

@8ayM Does it support AES-NI?
8 1 Reply Last reply
Reply Quote 0
8

8ayM @NightlyShark
last edited by

@NightlyShark said in OpenVPN and PIA Errors | Reconnecting (Auth Failure | Authenticating | Pulling configuration from server:

@8ayM Does it support AES-NI?

Yes

https://www.intel.com/content/www/us/en/products/sku/97926/intel-atom-processor-c3758-16m-cache-up-to-2-20-ghz/specifications.html
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1