having issues setting up Remote VPN to my network

comet424

ah ok ill re try that again..
and where i ment bug
if you click User Manager
click create a user

when you check off "certificate click to create a user certificate

it asks your Description
Certificate authority.

i found if you leave description blank as why would you care to write a description it messes up the export

so when i did descritiption "safasdfasdf"
then the client export worked

but i wanna rename it and now i come to have another issue lol

comet424

it seems it creates it from the username
which is annoying because
i have user name mike on sisters pfsense and mine
so its the same damn file in the config location
i had to rename the user name to mitchshouse and then i still gotta re login
here i figured just rename the config location filenames but not so simple

as i wanted it to say mikes house..... sisters house as the 2 options in OpenVPN client

johnpoz

Are you just exporting the ovpn file? You can rename the file to whatever you want.ovpn

comet424

i export all 3 files and rename all 3

comet424

personal information file
opnvpn file
resigration entry file
as they all the same name so i rename all 3 to mitchshouse or mikeshouse

comet424

when i just rename the OpenVPN file
and then try to connect with client

error i still get is
connecting to management interface faild
view log file c:users\mike\openvpn\mitchshouse.log
Wed Jul 18 16:35:38 2018 WARNING: cannot stat file 'pfSense-UDP4-1196-mike.p12': No such file or directory (errno=2)
Options error: --pkcs12 fails with 'pfSense-UDP4-1196-mike.p12'
Wed Jul 18 16:35:38 2018 WARNING: cannot stat file 'pfSense-UDP4-1196-mike-tls.key': No such file or directory (errno=2)
Options error: --tls-auth fails with 'pfSense-UDP4-1196-mike-tls.key': No such file or directory (errno=2)
Options error: Please correct these errors.
Use --help for more information.

or when i try again and rename all 3 files to mitchshouse and mitchshouse-tls

i get same error.. its like you cant rename the files so its better labeled
and that i have to make a user account saying sistershouse not mike on my sistershouse… to distinguish between 2 user accounts mike on my sisters pfsense and my pfsese…
guess i have no simple answers i fix one issue then seem to get myself into a 2nd issue lol

i appreciate the help so far

comet424

gonna uninstall the client software and re try the pfsenses uninstall and re install both as i setting up both pfsenses at my house and then take the one for her to her house..
maybe working on 2 at same time just glitching

but fingers crossed uninstall delete the config location and what not fix's it.. least i getting experience setting this thing up (: lol

comet424

so update
both computers one called mitchsserver other called mikeserver
with user name mike... but my sisters server has like mitchsCA and mitchsclient and for mine is mikesCA and mikesclient and server name
using same port 1196

i found they both create the same damn 3 files
pfSense-UDP4-1196-mike config
pfSense-UDP4-1196-mike
pfSense-UDP4-1196-mike-tls

the config file has the location of those 2 other files but the opnvpn file is write protected and i cant seem to bypass it

so my only way i can seem to do it is
i make a different user name on my sisters pfsens

like mitchserver as the username

this seems to solve the issue of over written files
as what i had ended up with is this
mikeshouse (opnvpn file)
mitchshouse (opnvpn file)
pfSense-UDP4-1196-mike
pfSense-UDP4-1196-mike-tls

due it it making same damn files it over writes the last 2 so id directs to a different comp not the renamed opnvpn one..
would be nice to edit the opnvpn file so i could rename the other 2 files but what can ya do.. guess it wasn't really ment to have 1 computer connecting to multiple pfsense accounts

least i figured out its not so simple lol

johnpoz

I have no idea what your trying to do mate...But I can tell you this - it is simple! ;)

Why are you grabbing 3 files? Just grab the inline ovpn file.. Load it in your remote client.

What exactly are you trying to accomplish. You have a road warrior connecting to pfsense?? Or you wanting to do a site to site between mitchshouse and yours? Does mitch have pfsense as well?

comet424

ok so I have 1 laptop

I have 2 pfsense houses.... my house and my sisters house
I set up exact copies of pfsense… except
the certs..
my pfsense MikeshouseCA.. mikesServer(certificate)… mikes client(certificate)
sis pfsense MitchshouseCA, mitchsServer(Certificate).. mikes client(certificate)

like I mentioned toe get the option to export when I create a New user "mike" as the login you have to write something in "description" to work

now when you click the Vista install button
and installs... it creates 3 Files
pfSense-UDP4-1196-mike.opnvpn config file
pfSense-UDP4-1196-mike. personal info file
pfSense-UDP4-1196-mike-tls resitration file

now even though I created different certs on the 2 computers because I use "mike" as a login for both pfsense boxes.. these still create the same files above.. and the opn config file points to the personal info and registration file names and windows wont let me edit the opnvpn file to edit the names
so If I rename
pfSense-UDP4-1196-mike.opnvpn config file to mike.opnvpn config file now I have
mike.opnvpn
pfSense-UDP4-1196-mike personal info
pfSense-UDP4-1196-mike-tls

now when I run the Vista Install button on my laptop of my sisters pfsense button and it installs the 3 files I now have this

mikes.opnvpn config
pfSense-UDP4-1196-mike opnvpn config
pfSense-UDP4-1196-mike personal info
pfSense-UDP4-1196-mike-tls registration

and you can not just have the opnvpn config file.. I deleted the other 2 files

as I tried renaming the files so id have 6 files

so it be

mikeshouse opnvpn config
mikeshouse personal info file
mikeshouse-tls registration file
mitchshouse opnvpn config
mitchshouse personal info file
mitchshouse-tls registration file

or does it even matter or does it.. since I could have a different setting for "mike" on mitchsserver then "mike" on mikes server

as both config files point to the same file names that I trying to rename as there is a conflict
I have diselexia so comes out fine for me maybe not for you I tried to explain it better

comet424

here you see image 1.. my sisters pfsense

now I renamed config file to mitchshouse and ran my pfsense install

now I renamed my config to mikeshouse

and here is the conflict.
mitchshouse and mikeshouse both point to mikes house registration file and personal information file
so that means when I connect to mitchshouse its actually connecting to Mikeshouse pfsense.. I do not want this

as mitchshouse config is
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote sistersdyns 1196 udp
verify-x509-name "mitchshouseserver" name
auth-user-pass
pkcs12 pfSense-UDP4-1196-mike.p12
tls-auth pfSense-UDP4-1196-mike-tls.key 1
remote-cert-tls server

mikeshouse pfsense
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote myhousesdyns 1196 udp
verify-x509-name "mikeshouseserver" name
auth-user-pass

so that's why I get confused I should have 6 files those 2 files are specific to each server isn't it the TLS key and u they both don't have the same key
pkcs12 pfSense-UDP4-1196-mike.p12
tls-auth pfSense-UDP4-1196-mike-tls.key 1
remote-cert-tls server

johnpoz

So you want to be able to access either your sisters house or your house from your laptop? That is running windows I take it?

Or do you want your sisters house and your hose to be always connected via site to site vpn? You could setup site to site between your houses and then setup so you could access either house from either vpn server.

The only thing you need to download if your running windows client on your laptop is the inline ovpn file. It will have everything you need.

I would setup sistershouse and your house vpn server. From your laptop gui client you just need to pick the one you want..

Just rename the ovpn files to whatever you want before you place them in your config dir of your openvpn client.

Here I grabbed the opvn files from 2 of my servers. Placed them in the config directly after I renamed them to sisters and mikes.

It is that simple..

comet424

not at home to test but
ya laptop is running windows 10...
and when I click the export I click the windows vista or later button that is the EXE file and when installs creates the 3 files..

to get the tls and the registration file in the config file.. is that the bundled button to hit in the export or I read inline..

Ill try that when I get home

thanks for the help so far

comet424

as for the site to site I want that too..

so I want when my unraid box syncs with my sisters unraid box.. that pfsense would do site to site. then when unraid is done it would disconnect the site to site session

but on the laptop I want to be say I at friends house or a starbucks that I can access either network via laptop

comet424

so what im doing currently is the remote access vpn setting it up on 1 laptop both pfsenses.. and I get the 3 files generated twice but over writes the TLS key file since they both basically the same setup

comet424

so

mitchsserver mikesserver

mitchsCA mikesCA
mitchsserver Cert mikesserver Cert
user name mike user name mike

when I create user cert then I get "sdafas" because i found whatever the description and you have to give one under "user" when you create a cert has to be something or it doesn't create a user cert... so both have a user cert called "asdf" something like that as i didn't wanna give a description

then all said and done i went down to opnvpn and client export
and i click Vista or later button downloads the exe file it installs 3 files
but since both servers give the same files it over writes the key file and the personal file after i rename the open config file to either mikeshouse config or mitchshouse config

hope i summed it better

comet424

ugh the spacing didn't show up properly and i underlined mitchsserver and mikes server and it bolded it frig not what i wanted.. you need to add spaces between them below it

johnpoz

you don't need the EXE!!! Just install the client from openvpn site... Then export your inline ovpn..

That is suppose to make it easy to give out the exe to someone so they don't have to do anything but run an exe and it will be already for them to connect to 1 specific server.

Lets get your roadwarrior setup working before we work on a site to site. Why does it have to go down? Just easier to set it up and leave it up - then your unraids can sync whenever they want/need to.

comet424

well I wouldn't know i chose vista install exe because it says windows... and the inline says for android or apple.. is it not ill check it shortly i be home

but ill take a lot guess there is 3rd option then for windows
but as for to turn it down.. how much data does it use to keep open vpn connected?

my internet is a 5mpbs download and a 400-500kilobites upload if it doesn't use much data to slow my internet down more then what i have then ill just leave it connected all the time then for that site to site as i trying to setup also NordVpn for a secure web browsing for pfsense trying there 3 day trial and having issues with it but that's another topic lol

johnpoz

See the one that says most clients, that will work just fine on windows..

With such a connection I don't see how your going to be syncing any sort of data.. Be like watching paint dry ;)

How much data do you plan on syncing? But just the vpn open doesn't use much of anything..