Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    struggling with Certificates

    OpenVPN
    4
    6
    458
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      STEAMENGINE
      last edited by

      Hi Nooby here. Hope this is the right place for my topic.
      I have bought an SG1100 for my home/office network. It has not arrived yet so I launched pfsense V2.4.4 on an old computer to try to learn the trade. It has been up for more than a week. I have added pfBlockerNG and Snort. They seem to work.
      What I really want next is an openVPN server to gain protection as a road warrior.
      I have had many many goes but can't get it to work. I followed a blow by blow instruction set from ceos3c. I got as far as seeing the remote iPhone OVPN traffic bouncing off the firewall but no response from the server - why I don't know yet because the wizard is supposed to create a rule to let it in. I felt I could maybe figure it out but went right back to the start to begin again.
      Problem - soon failed because this time the certificate manager would not create a server certificate it kept returning

      "The following input errors were detected:

      openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line
openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line

      "
      I see this has happened before but I am so new I don't know how to find what the solution was. However that was several pfsense version ago.
      Now I am stuck and unsure what to do next. I feel like I should be able to climb over the wreckage and get pfsense to clean up the configuration. Maybe that does not always work?
      What is happening?
      Any assistance gratefully received

      RicoR 1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        RTFM:
        https://docs.netgate.com/pfsense/en/latest/book/certificates/index.html
        https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html

        1 Reply Last reply Reply Quote 0
        • RicoR
          Rico LAYER 8 Rebel Alliance @STEAMENGINE
          last edited by

          @STEAMENGINE said in struggling with Certificates:

          I followed a blow by blow instruction set from ceos3c

          Better follow official sources:
          https://www.netgate.com/resources/videos/remote-access-vpns-on-pfsense.html
          https://www.netgate.com/resources/videos/remote-access-vpns-on-pfsense-part-2.html
          https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.html
          https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html
          https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html

          -Rico

          2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

          1 Reply Last reply Reply Quote 0
          • S
            STEAMENGINE
            last edited by

            Thank you for the documentation references. I have not made myself clear. I have been creating certificates successfully for a week following blow by blow guides. It is all based on a self certificate authority so no outside references. Authority certificate successful. User certificate successful.
            Server certificate not successful as per first post. Why? it all worked last week.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              If it worked and then stopped, it's most likely:

              • Something in your input -- perhaps a value in one of the fields is to blame
              • A problem with your clock/time/date
              • Something else modified on the firewall that shouldn't have been (e.g. tinkering with product_name)

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              S 1 Reply Last reply Reply Quote 0
              • S
                STEAMENGINE @jimp
                last edited by

                I am grateful for your reply. What I did eventually after trying everything I could think of was to reload the configuration to an apparently safe previous state but to no avail. Finally I reloaded the 2.4.4.1 distro and rebuilt to where I was when the calamity made its appearance and all was well. Once in the clear I clicked for the 2.4.4.2 and that loaded beautifully.

                You will be right I am sure but I just could not find it. As a noob I am a great deal clumsy and inattentive but I now have a working installation with OVPN server and clients, pfBlockerNG and Snort. I await delivery of my SG1100. What I am running on is an old AMD Athlon 2core with hardware crypto acceleration. I don't think that is working yet on the SG1100.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.