Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense (2.3.3) Hangs on boot with invalid OpenVPN password

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 9 Posters 4.6k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      Fabio72
      last edited by

      Do you use certificates with passwords?

      1 Reply Last reply Reply Quote 0
      • O Offline
        o2051867
        last edited by

        @Fabio72:

        Do you use certificates with passwords?

        There's a trusted CA certificate used in conjunction with this VPN provider if that is what you're asking, but no certificate in use requires a password to decrypt.

        1 Reply Last reply Reply Quote 0
        • D Offline
          disconnected
          last edited by

          I have exactly same behavior after update to 2.3.3.
          Did not yet solve it.

          1 Reply Last reply Reply Quote 0
          • D Offline
            disconnected
            last edited by

            maybe it can be due the /var/etc/openvpn/server1.tls-auth has ^M in, but I can try it only @ next week, maybe can you try, o2051867?

            1 Reply Last reply Reply Quote 0
            • D Offline
              disconnected
              last edited by

              due the /var/etc/openvpn/server1.tls-auth has ^M

              No, its not that.

              1 Reply Last reply Reply Quote 0
              • jimpJ Offline
                jimp Rebel Alliance Developer Netgate
                last edited by

                Try adding this to your client's advanced options:

                auth-retry nointeract
                

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • B Offline
                  bobobo
                  last edited by

                  I also ran into this issue running 2.3.3, and adding

                  auth-retry nointeract
                  

                  to the "Custom options" in the openVPN server Advanced Configuration didn't fix it.

                  I have snort installed and I'm running pfsense in a VM, but other than that my config is pretty basic. My openvpn settings are just the defaults from the wizard with one client.

                  Hope that helps!

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    Spudnet
                    last edited by

                    @o2051867:

                    I've noticed an issue when configuring pfSense as an OpenVPN client:

                    If an OpenVPN client is configured with an incorrect password, pfSense will hang at boot waiting indefinitely on the password to be entered via the console.
                    Please see below where pfSense hangs during boot.
                    [Edit] I've since noticed that it hangs on boot waiting for a password, even with a correct password set via the web-gui [/Edit]

                    ***** FILE SYSTEM MARKED CLEAN *****
                    Filesystems are clean, continuing…
                    Mounting filesystems...

                    ___
                    / f
                    / p _
                    / Sense
                    _
                    / 
                        _
                    _/

                    Welcome to pfSense 2.3.3-RELEASE (Patch 1) on the 'pfSense' platform...

                    No core dumps found.
                    Creating symlinks......ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/ipsec /usr/local/lib/perl5/5.24/mach/CORE
                    32-bit compatibility ldconfig path: /usr/lib32
                    done.
                    External config loader 1.0 is now starting... da0s1 da0s1a da0s1b
                    Launching the init system....... done.
                    Initializing.................. done.
                    Starting device manager (devd)...done.
                    Loading configuration......done.
                    Updating configuration...done.
                    Cleaning backup cache.................................done.
                    Setting up extended sysctls...done.
                    padlock0: No ACE support.
                    aesni0: <aes-cbc,aes-xts,aes-gcm,aes-icm>on motherboard
                    Setting timezone...done.
                    Configuring loopback interface...done.
                    Starting syslog...done.
                    Starting Secure Shell Services...done.
                    Setting up polling defaults...done.
                    Setting up interfaces microcode...done.
                    Configuring loopback interface...done.
                    Creating wireless clone interfaces...done.
                    Configuring LAGG interfaces...done.
                    Configuring VLAN interfaces...done.
                    Configuring QinQ interfaces...done.
                    Configuring WAN interface...done.
                    Configuring LANWIRELESS interface...done.
                    Configuring LANPHYSICAL interface...done.
                    Configuring LAN interface...done.
                    Configuring CARP settings...done.
                    Syncing OpenVPN settings...Enter Auth Password:</aes-cbc,aes-xts,aes-gcm,aes-icm>

                    Only after entering a correct password via the console will pfSense continue to boot. If the remote server has changed or invalidated the password, it appears pfsense can no longer be completely booted without console access.

                    Can anyone replicate this, or advise on how to prevent the boot hang (without removing the OpenVPN configuration)?

                    I have this exact same issue with 2.3.4-RELEASE-p1

                    I have tried everything recommended on this post and nothing works, was it ever resolved please?

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      You have something in your OpenVPN configuration that is requiring a password (either the login password, a password to decrypt a key, etc) but that password is not present in the configuration.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • jimpJ Offline
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Also of note, this does not appear to happen on 2.4, at least with an incorrect password. I tried with a missing password and with an incorrect password and in either case it did not stop at boot time.

                        So it's also possible this is a side effect of an OpenVPN 2.3.x bug or misbehavior.

                        Either way, it appears to be solved now.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • H Offline
                          heliocoeur
                          last edited by

                          vpn > openvpn > client

                          and put a password to the user.

                          if needed put a password to the same user in system > user manager

                          A 1 Reply Last reply Reply Quote 2
                          • A Offline
                            alifrazkhan @heliocoeur
                            last edited by

                            @heliocoeur said in PfSense (2.3.3) Hangs on boot with invalid OpenVPN password:

                            vpn > openvpn > client

                            and put a password to the user.

                            if needed put a password to the same user in system > user manager

                            that is the solution ..many thanks to heliocoeur

                            1 Reply Last reply Reply Quote 0
                            • P pigbrother referenced this topic on
                            • P pigbrother referenced this topic on
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.