A Little Help From My Friend's…...
-
Can't Get PIA on OpenVPN to work, have a SIGTERM {soft, auth-failure} received, process exiting…Failure Message.
I have already done 2 or 3 variations of firewall and NAT settings....and the OpenVPN Client settings and doesn't seem like much is going to work......had it working at a basic level before the Box crashed It was shoving ALL traffic out the VPN unless I firewalled ruled it to the GW-WAN, But that was the Nuclear option.
Hope somebody will take a look at my Cert setup. Maybe I'm doing some wrong and I just can't see the trees for the forest.
Thanks,Created a Password file in /etc/open-vpn password.txt
with:username
password
Then imported PIA Certificate file and Saved it as PIA
Then--System>Cert Authority>Create Internal Cert Auth
Create an Internal Certificate :
Name:---PIA Cert Authority
Key 2048 bits
SHA 256
3650 Lifetime
Filled in all the Lines with stuff
Common Name internal-caClicked Save.
Went to System:Certificate Authority Manager
Method: ------Create an Internal Certificate
Name:---- PIA User Cert
Certificate Authority:----PIA Cert Authority
Key Length:---2048
Certificate Type:---User Certificate
Lifetime:-----3650
Distinguishe Name:-----Filled it all in with Stuff
Common Nambe www.xxxxxxxxxx.com
Clicked SaveQuestion:---Which CA to use to "sign" this User Certificate....PIA or PIA Internal Certificate I created in 1st step.????????
(I have tried both...with little success)NOW a Question................Since I am only using the OpenVPN Client.....Which User Certificate???????????
PIA User Cert...............or...............WebConfig
I have tried both with no success...........................I used the PIA User Cert on the working setup..........before the Box Crashed.
Assignments: interfaces
I Added the OPT3 Interface, but did not give it and IP...yet set IP4 to None.... (this is method used originally.....and worked)
Went to OpenVPN, created client with the settings and advanced settings PIA requires....their particular encryption BF-CBC (128 bit), no TLS authorization, Now PIA Client or WebConfig default??????, No Hardware Crypto........their advanced settings (the one's that worked previously)
Now went back to Interfaces:assignments, Set (bound) the new opvnc1 to the OPT3 interface.......
Opened up OPT3 interface....set it a static IP and range
Went to DHCP server enabled it on OPT3
Went to NAT, created NAT on Each Interface for Port 500 and one for Pass All
Then went to firewall rules and just shotgunned those...............All, All, Alll to All. etc.............
Got:
AUTH: Received control message: AUTH_FAILED
TCP/UDP: closing socket
SIGTERM [soft, auth-failure] received, process exiting.AND….............I was receiving data, pinging google, yahoo, etc....................but couldn't get out to Net.............( this might be may NAT rules, Pfsense is not real Clear sometimes on which interface is sourche exactly what destination, etc.
The Theory of Operation doesn't cover the relationships between LAN...WAN, and the interaction's very well.....like are they stranger's, incestuous or what. This sometimes makes setting these a little foggy.Something that would help some......allowing the user to set color for different interface's and a color for enabled and disabled rules. Just an organizing thing.....like clearing brush so you can see further into the forest before the trees get you!
Appreciate the look see at my trials and tribulations
Thanks
:o :o :o :o :o >:( >:( >:( :-[ :-[ :-[ :-[