OpenVPN not starting in RC-1
-
here it is
-
Yeah that isn't a normal certificate. The wizard can't even make a CSR so I'm really confused how that might have happened.
Between this and your other thread about open ports I'm wondering if you have some other kind of system oddity going on. Something surely isn't right in either instance.
-
With all the weirdness and stuff not working, I decided to fall back to best fix I know… factory defaults. After it reset and I went to the web interface I realised I never had the startup wizard before and once I went through that and re-did the openvpn wizard everything seems to be a lot better. OpenVPN is up, but I have not had a chance to test it or check the ports from an external computer. I will try it tomorrow, but I am feeling positive about it! :) I will post it tomorrow if everything is working.
-
I had some weirdness with Open VPN to start off with and now that should be correct, but I can not gain access to my OpenVPN still. I have the following error:
TLS Error: cannot locate HMAC in incoming packet from
Does anyone know what that means? And should I have a anything in my NAT for the OpenVPN connection? I remember the wizard saying it was going to create two things but I only see the Rule
-
Usually HMAC errors, if the connection never works, means that something in the certificate isn't right on one end or the other.
-
It also says:
Fatal TLS error (check_tls_errors_co), restarting
I upgraded my Firmware today and deleted all certificates and OpenVPN server settings and ran the wizard again to make sure that nothing that was done before was the cause and still I can not connect.
-
But what about the certificate and files on the client side?
-
I had that message before and after I reset everything.. I re-downloaded the client certificates from the user management area and downloaded the Main Cert and used that with network-manager-openvpn client.
-
did you check the contents of the files? were they proper certificates? Did you use the whole contents of the exported file on the client or did you copy/paste only part of the certificate data? (meaning did you leave off the headers)
-
I am unsure what makes proper certificates. Each file User.crt user.key and server.crt had Beginning and END lines and a the encryption data inbetween. I looked back at the files I used for pfsense 1.2.3 and user.crt had more information in addition to the encryption data. Such as dates, types, and Public Key information.
-
Sounds like they are OK then. The additional data is just a text representation of what is in the encoded data.
-
I looked around some more and found http://forum.pfsense.org/index.php/topic,28243.0.html Where do I get the zipped file with all the files? Do I need to point it to a tls file? or should I be able to get this working with username/password, user.crt, user.key, and server.crt alone?
-
The .zip is made by the client export package.
As for what you need, that is entirely dependent on how you have the openvpn server instance setup.