Management Interface OpenVPNManager

lucky · Aug 21, 2013, 6:02 PM

Hi all,

I was doing some research on how to get around needing Admin to add routes on Windows 7 systems. Initially, I was running a TAP OpenVPN instance and creating IP aliases that were redirected to hosts on other networks (messy). Then I happened to notice this option on the OpenVPN client export: "Management Interface OpenVPNManager". This sounded like what I needed - a nice and clean solution. I've tried using this, but am running into problems.

I used the installer directly from pfSense. It successfully installs OpenVPN and the OpenVPN Manager. However, when I try to start the config that gets packaged with the installer, I get an error. A screen shot is attached.

If I try to run the config as a normal config in the OpenVPN config directory, OpenVPN Manager pops up a UAC prompt for launching OpenVPN (which is what I'm trying to avoid).

Does anyone have experience with using OpenVPN and OpenVPN Manager with the Management Interface option selected? I'm running out of things to try.

Thanks.

doktornotor · Aug 21, 2013, 6:08 PM

Try with latest version from here: http://openvpn.jowisoftware.de/downloads/

lucky · Aug 21, 2013, 7:45 PM

Thanks for the tip. I tried that, but it didn't help.

However, I did find the issue. For whatever reason, the installer package gets messed up because my user's cert has a CN= with spaces in it (e.g., cn=Bob Smith). Even exporting the standard config archive is busted (it makes a broken zip file). As soon as I made a cert with no spaces in any of the values, it worked fine. Arg!

doktornotor · Aug 21, 2013, 7:57 PM

@lucky:

However, I did find the issue. For whatever reason, the installer package gets messed up because my user's cert has a CN= with spaces in it (e.g., cn=Bob Smith). Even exporting the standard config archive is busted (it makes a broken zip file). As soon as I made a cert with no spaces in any of the values, it worked fine. Arg!

I am pretty sure this has been fixed a couple of weeks ago, reported the issue myself.

https://github.com/pfsense/pfsense-packages/commit/5bb3bd5007f0c9b14b077e85b686aa7950d27963

lucky · Aug 21, 2013, 8:06 PM

Awesome, thanks for letting me know…saves me the time of tracking it down.

lucky · Aug 21, 2013, 9:01 PM

@doktornotor:

Try with latest version from here: http://openvpn.jowisoftware.de/downloads/

By the way, after fixing the cert issue, I went back and tried the latest version. It failed to work. Seems like between 0.0.3.7 and 0.0.3.8, the author changed the way the service works. If I use 0.0.3.8, it gets that same error as before (can't connect to management interface). I don't think this is related to pfSense or OpenVPN.

Also, if I try to start a second VPN connection after one is active, the application generates an exception.

Now that things are going…I loaded up more configs and tried them out too. I noticed that openvpn manager seems to "get confused" as to which VPN connection I want to start. For example, I have 3 connections. Two require user certs, the other a username and password. After connecting to the one with a username and password, and then disconnecting...when I try to connect to one that only requires a cert, openvpn manager is prompting me for a password, and if i put one in, it's trying to connect to the previous connection. This seems to be related to the fact that pfSense always generates configs with:

management "127.0.0.1 166"

Changing each config to have it's own port fixes the issue. Perhaps this is just the way it is, I'm just mentioning it to hopefully benefit others who might run into the same issues.

doktornotor · Aug 22, 2013, 2:50 AM

@lucky:

By the way, after fixing the cert issue, I went back and tried the latest version. It failed to work. Seems like between 0.0.3.7 and 0.0.3.8, the author changed the way the service works. If I use 0.0.3.8, it gets that same error as before (can't connect to management interface). I don't think this is related to pfSense or OpenVPN.

Also, if I try to start a second VPN connection after one is active, the application generates an exception.

I briefly tested the thing… I hated it and abandoned it altogether. I found it to be simply retarded with the way it insisted on either shuffling the configs out of the OpenVPN directory or self-destructing the service part of itself.

@lucky:

I noticed that openvpn manager seems to "get confused" as to which VPN connection I want to start.

I vaguely recall the same.

lucky · Aug 22, 2013, 2:55 AM

So actually…0.0.3.8 is just fine - it was me that was messing it up. I updated configs and did not restart the service properly. 0.0.3.8 is working fine now.

And since I changed the management ports, I've got multiple vpn connections up and running with no issues....finally lol :)

phil.davis · Aug 22, 2013, 5:14 PM

For more discussion on the "management ports" issue of having multiple OpenVPN client configs in OpenVPN manager, and the user selecting one to start, but OpenVPN Manager getting confused and starting a different one, see: https://github.com/jochenwierum/openvpn-manager/issues/17