OpenVPN not working

KOM

Your image shows you have two servers and neither has any clients connected. Your client connection is down and ha ssent 0 bytes, which ctells me it didn't even try to connect.

What happens when you click that little blue Start button?

manjotsc

Yes that's what happens, but just to clarify, I not trying to connect to the VPN server hosted on pfsense, I trying connect to PureVpn and Fastest VPN servers.

Thanks

KOM

Yes, I get it. Post screens of your client config.

manjotsc

![Screenshot_20191016-102801_Chrome.jpg](/assets/uploads/files/1571236212574-screenshot_20191016-102801_ch rome.jpg)

KOM

Your settings closely match the FastestVPN pfSense guide:

https://support.fastestvpn.com/tutorials/more-devices/pfsense

Notable differences are you've added the Fast I/O to Custom Options when there is a checkbox for it, and they tell you to use a Send/Receive buffer of 512 while you left it at default. Fix those two issues and then try again.

manjotsc

Just did, but same error

Rico

The reason for the fatal error is clearly in the logs

Oct 14 21:27:45 openvpn 71849 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

-Rico

KOM

Hmmm. Anything in your log file just before this line?

Oct 14 21:27:45 openvpn 71849 Exiting due to fatal error

@Rico That might just be a warning and not the actual cause of the fatal exit. His settings look good and I can't imagine how he would get into this situation.

manjotsc

@KOM so any solution?

KOM

I'm waiting for you to answer my question.

manjotsc

@KOM
Oct 16 10:47:49 openvpn 86796 Exiting due to fatal error
Oct 16 10:47:49 openvpn 86796 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Oct 16 10:47:49 openvpn 86796 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 16 10:47:49 openvpn 86796 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Oct 16 10:47:49 openvpn 86796 auth_user_pass_file = 'stdin'
Oct 16 10:47:49 openvpn 86796 pull = ENABLED
Oct 16 10:47:49 openvpn 86796 client = ENABLED
Oct 16 10:47:49 openvpn 86796 port_share_port = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 port_share_host = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 auth_token_lifetime = 0
Oct 16 10:47:49 openvpn 86796 auth_token_generate = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script_via_file = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 max_routes_per_client = 256
Oct 16 10:47:49 openvpn 86796 max_clients = 1024
Oct 16 10:47:49 openvpn 86796 cf_per = 0
Oct 16 10:47:49 openvpn 86796 cf_max = 0
Oct 16 10:47:49 openvpn 86796 duplicate_cn = DISABLED
Oct 16 10:47:49 openvpn 86796 enable_c2c = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_remote = ::
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_local = ::/0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_remote_netmask = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_local = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 tmp_dir = '/tmp'
Oct 16 10:47:49 openvpn 86796 ccd_exclusive = DISABLED
Oct 16 10:47:49 openvpn 86796 client_config_dir = '[UNDEF]'

KOM

That doesn't answer my question. Were there any events that happened BEFORE the fatal error message? I can't tell if that log shows old events first or new events since they're all at the same timestamp.

manjotsc

Ok let me check the order

manjotsc

It's newest entry on top, followed by old ones

KOM

OK, so @Rico was bang on the money.

Some Google-Fu shows that this error can happen if you give it a password-protected private key to use. The suggested fix is to run your key through openssl like this:

openssl rsa -in YourPrivateKey.pem -out NewPrivateKey.pem

manjotsc

@KOM how do I do that?

KOM

Never mind. That advice only applies if you were making a private key with password-protection. It doesn't apply for a client-connection to a public VPN where you don't use a client cert.

This is really weird. The error message is complaining as if either you need a user/pass and didn't supply one, or it doesn't want a user/pass and you did supply one.

What version of pfSense is this?

manjotsc

@KOM 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10

KOM

Strange. And what happens when you delete all that and try with your other provider, PureVPN? Exact same symptoms and error?

manjotsc

@KOM ya same thing