Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN not starting in RC-1

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    17 Posts 2 Posters 10.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      vorgusa
      last edited by

      I had some weirdness with Open VPN to start off with and now that should be correct, but I can not gain access to my OpenVPN still.  I have the following error:

      TLS Error: cannot locate HMAC in incoming packet from

      Does anyone know what that means?  And should I have a anything in my NAT for the OpenVPN connection?  I remember the wizard saying it was going to create two things but I only see the Rule

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Usually HMAC errors, if the connection never works, means that something in the certificate isn't right on one end or the other.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • V Offline
          vorgusa
          last edited by

          It also says:

          Fatal TLS error (check_tls_errors_co), restarting

          I upgraded my Firmware today and deleted all certificates and OpenVPN server settings and ran the wizard again to make sure that nothing that was done before was the cause and still I can not connect.

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            But what about the certificate and files on the client side?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • V Offline
              vorgusa
              last edited by

              I had that message before and after I reset everything.. I re-downloaded the client certificates from the user management area and downloaded the Main Cert and used that with network-manager-openvpn client.

              1 Reply Last reply Reply Quote 0
              • jimpJ Offline
                jimp Rebel Alliance Developer Netgate
                last edited by

                did you check the contents of the files? were they proper certificates? Did you use the whole contents of the exported file on the client or did you copy/paste only part of the certificate data? (meaning did you leave off the headers)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • V Offline
                  vorgusa
                  last edited by

                  I am unsure what makes proper certificates.  Each file  User.crt user.key and server.crt had Beginning and END lines and a the encryption data inbetween.  I looked back at the files I used for pfsense 1.2.3 and user.crt had more information in addition to the encryption data.  Such as dates, types, and Public Key information.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ Offline
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Sounds like they are OK then. The additional data is just a text representation of what is in the encoded data.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      vorgusa
                      last edited by

                      I looked around some more and found http://forum.pfsense.org/index.php/topic,28243.0.html  Where do I get the zipped file with all the files?  Do I need to point it to a tls file? or should I be able to get this working with username/password, user.crt, user.key, and server.crt alone?

                      1 Reply Last reply Reply Quote 0
                      • jimpJ Offline
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        The .zip is made by the client export package.

                        As for what you need, that is entirely dependent on how you have the openvpn server instance setup.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.