My client Openvpn setup on 2.0.x experience this evening…
-
While trying to apply my previous knowledge of openvpn of pfsense 1.2.3… and after reading many posts and other websites trouble shooting errors...
I was trying to apply my 1.2.3 methods of configuration files that included a CA.crt, client.key, and client.crt, (and maybe a tls-auth ta.key). So I generated these in the Cert Manager and User Manager. (but the server was expecting a different method all together from the client).
This wasn't happening... I had all kinds of mumbo jumbo errors... "TLS_ERROR: BIO read tls_read_plaintext error", "nsCertType ERROR", yaadda yaadda yaaada.
I decided to just use the darn wizard.
I DID find that its important to install the "Openvpn Client Export Utility" before you do ANYTHING from the package manager System > Packages. Because it seems to generate its configurations as you generate your CA, cert, and user certs. (just use the darn wizard like I did, save yourself some time. :))
The Client Export utility generates a .p12 and a tls.key instead, oh and also the openvpn-client.conf if you want it to. (I had no idea what the server was expecting, this helped a TON since I had no idea what the options were... heh).
Here is the client.conf that the export utility generated based on my settings:
dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote some.ip.address 1194
tls-remote mycert
auth-user-pass
pkcs12 pfsense-udp-1194.p12
tls-auth pfsense-udp-1194-tls.key 1
comp-lzoSo here is my dump of info.
I'm goin to bed. Gnight!