Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and PIA Errors | Reconnecting (Auth Failure | Authenticating | Pulling configuration from server

    Scheduled Pinned Locked Moved OpenVPN
    12 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NightlySharkN
      NightlyShark @8ayM
      last edited by

      @8ayM The "Hardware Crypto" list doesn't contain entries that you can necessarily use, AES-NI is used automagically anyway, set it to "No Hardware Crypto".

      8 1 Reply Last reply Reply Quote 0
      • 8
        8ayM @NightlyShark
        last edited by

        @NightlyShark said in OpenVPN and PIA Errors | Reconnecting (Auth Failure | Authenticating | Pulling configuration from server:

        @8ayM The "Hardware Crypto" list doesn't contain entries that you can necessarily use, AES-NI is used automagically anyway, set it to "No Hardware Crypto".

        I set the "No Hardware Crypto" as you sugested and now I'm getting a different error in Status -> OPENVPN -> Client
        01c92221-e6b1-4240-87c8-02b2061f7a64-image.png

        NightlySharkN 3 Replies Last reply Reply Quote 0
        • NightlySharkN
          NightlyShark @8ayM
          last edited by

          @8ayM There is another point in system settings where you set hardware encryption (System->Advanced?) see that it is set to AES-NI

          1 Reply Last reply Reply Quote 0
          • NightlySharkN
            NightlyShark @8ayM
            last edited by

            @8ayM Also, TLS error, maybe you got an older certificate or did not input it correctly?

            1 Reply Last reply Reply Quote 0
            • NightlySharkN
              NightlyShark @8ayM
              last edited by

              @8ayM Also, fef4b0f9-c488-42c7-83c6-3367018b1387-image.png
              Try that

              8 1 Reply Last reply Reply Quote 0
              • 8
                8ayM @NightlyShark
                last edited by 8ayM

                @NightlyShark

                I'd already tried the Strong config thinking maybe the 2nd time was the charm, but I was in the same boat. So I already had that configured, based on the link you referenced from the PIA site

                There is another point in system settings where you set hardware encryption (System->Advanced?) see that it is set to AES-NI

                Set to disabled

                Also, TLS error, maybe you got an older certificate or did not input it correctly?

                This I just open the NYC strong config in https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip

                Here i just copy the portion below into the CA of pfSense<ca> cert

                -----BEGIN CERTIFICATE-----
                MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
                VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
                BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
                dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
                IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
                FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
                MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
                EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
                QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
                AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
                ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
                bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
                hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
                De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
                V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
                25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
                fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
                p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
                Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
                tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
                jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
                meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
                1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
                HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
                yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
                EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
                cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
                HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
                ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
                aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
                hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
                pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
                Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
                tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
                LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
                6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
                5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
                JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
                iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
                8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
                +no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
                -----END CERTIFICATE-----

                Pasted here
                847c7b4c-3774-42df-be41-2fd9556d816f-image.png

                NightlySharkN 2 Replies Last reply Reply Quote 0
                • NightlySharkN
                  NightlyShark @8ayM
                  last edited by

                  @8ayM f49dd3d9-763c-4e49-ac14-746d10e59801-image.png
                  No, set to AES-NI

                  1 Reply Last reply Reply Quote 0
                  • NightlySharkN
                    NightlyShark @8ayM
                    last edited by

                    @8ayM efa8283f-924f-41e3-b995-6ff8f2fa1ca3-image.png
                    And CPU in Hypervisor set to host mode (no emulation).
                    And, if you have a recent Intel CPU and PfSense Plus, instead of AES-NI, select Quick Assist

                    8 1 Reply Last reply Reply Quote 0
                    • 8
                      8ayM @NightlyShark
                      last edited by 8ayM

                      @NightlyShark
                      Set
                      b47bd695-0210-4a89-8911-a0063b43e3a4-image.png

                      No hypervisor, this is running on bare metal
                      No PfSense Plus at this time, but the Intel(R) Atom(TM) CPU C3758 does support QuickAssist

                      Still have Status -> Open VPN flipping through the status's listed above.

                      NightlySharkN 1 Reply Last reply Reply Quote 0
                      • NightlySharkN
                        NightlyShark @8ayM
                        last edited by

                        @8ayM Does it support AES-NI?

                        8 1 Reply Last reply Reply Quote 0
                        • 8
                          8ayM @NightlyShark
                          last edited by

                          @NightlyShark said in OpenVPN and PIA Errors | Reconnecting (Auth Failure | Authenticating | Pulling configuration from server:

                          @8ayM Does it support AES-NI?

                          Yes

                          https://www.intel.com/content/www/us/en/products/sku/97926/intel-atom-processor-c3758-16m-cache-up-to-2-20-ghz/specifications.html

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.