OpenVPN not working
-
But sometimes is up, but it doesn't obtain ip address.
-
Your image shows you have two servers and neither has any clients connected. Your client connection is down and ha ssent 0 bytes, which ctells me it didn't even try to connect.
What happens when you click that little blue Start button?
-
Yes that's what happens, but just to clarify, I not trying to connect to the VPN server hosted on pfsense, I trying connect to PureVpn and Fastest VPN servers.
Thanks
-
Yes, I get it. Post screens of your client config.
-
rome.jpg) -
Your settings closely match the FastestVPN pfSense guide:
https://support.fastestvpn.com/tutorials/more-devices/pfsense
Notable differences are you've added the Fast I/O to Custom Options when there is a checkbox for it, and they tell you to use a Send/Receive buffer of 512 while you left it at default. Fix those two issues and then try again.
-
Just did, but same error
-
The reason for the fatal error is clearly in the logs
Oct 14 21:27:45 openvpn 71849 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.-Rico
-
Hmmm. Anything in your log file just before this line?
Oct 14 21:27:45 openvpn 71849 Exiting due to fatal error@Rico That might just be a warning and not the actual cause of the fatal exit. His settings look good and I can't imagine how he would get into this situation.
-
@KOM so any solution?
-
I'm waiting for you to answer my question.
-
@KOM
Oct 16 10:47:49 openvpn 86796 Exiting due to fatal error
Oct 16 10:47:49 openvpn 86796 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Oct 16 10:47:49 openvpn 86796 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 16 10:47:49 openvpn 86796 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Oct 16 10:47:49 openvpn 86796 auth_user_pass_file = 'stdin'
Oct 16 10:47:49 openvpn 86796 pull = ENABLED
Oct 16 10:47:49 openvpn 86796 client = ENABLED
Oct 16 10:47:49 openvpn 86796 port_share_port = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 port_share_host = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 auth_token_lifetime = 0
Oct 16 10:47:49 openvpn 86796 auth_token_generate = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script_via_file = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 max_routes_per_client = 256
Oct 16 10:47:49 openvpn 86796 max_clients = 1024
Oct 16 10:47:49 openvpn 86796 cf_per = 0
Oct 16 10:47:49 openvpn 86796 cf_max = 0
Oct 16 10:47:49 openvpn 86796 duplicate_cn = DISABLED
Oct 16 10:47:49 openvpn 86796 enable_c2c = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_remote = ::
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_local = ::/0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_remote_netmask = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_local = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 tmp_dir = '/tmp'
Oct 16 10:47:49 openvpn 86796 ccd_exclusive = DISABLED
Oct 16 10:47:49 openvpn 86796 client_config_dir = '[UNDEF]' -
That doesn't answer my question. Were there any events that happened BEFORE the fatal error message? I can't tell if that log shows old events first or new events since they're all at the same timestamp.
-
Ok let me check the order
-
It's newest entry on top, followed by old ones
-
OK, so @Rico was bang on the money.
Some Google-Fu shows that this error can happen if you give it a password-protected private key to use. The suggested fix is to run your key through openssl like this:
openssl rsa -in YourPrivateKey.pem -out NewPrivateKey.pem -
@KOM how do I do that?
-
Never mind. That advice only applies if you were making a private key with password-protection. It doesn't apply for a client-connection to a public VPN where you don't use a client cert.
This is really weird. The error message is complaining as if either you need a user/pass and didn't supply one, or it doesn't want a user/pass and you did supply one.
What version of pfSense is this?
-
@KOM 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10 -
Strange. And what happens when you delete all that and try with your other provider, PureVPN? Exact same symptoms and error?
