OpenVPN not working
-
I've never heard of FastestVPN, but PureVPN seems to have a guide. Have you seen it?
https://support.purevpn.com/pfsense-openvpn-configuration-guide
Certs and CAs here:
https://support.purevpn.com/openvpn-files
Try to get one working and then move on to the next.
-
Yes, I have followed but still not luck, it connects randomly.
-
Maybe try increasing the verbosity of the logs to include more detail. Nothing really jumped out at me from your last log.
-
It's set to 11
-
Oct 14 21:27:45 openvpn 71849 Exiting due to fatal error
Oct 14 21:27:45 openvpn 71849 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Oct 14 21:27:45 openvpn 71849 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 14 21:27:45 openvpn 71849 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Oct 14 21:27:45 openvpn 71849 auth_user_pass_file = 'stdin'
Oct 14 21:27:45 openvpn 71849 pull = ENABLED
Oct 14 21:27:45 openvpn 71849 client = ENABLED
Oct 14 21:27:45 openvpn 71849 port_share_port = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 port_share_host = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 auth_token_lifetime = 0
Oct 14 21:27:45 openvpn 71849 auth_token_generate = DISABLED
Oct 14 21:27:45 openvpn 71849 auth_user_pass_verify_script_via_file = DISABLED
Oct 14 21:27:45 openvpn 71849 auth_user_pass_verify_script = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 max_routes_per_client = 256
Oct 14 21:27:45 openvpn 71849 max_clients = 1024
Oct 14 21:27:45 openvpn 71849 cf_per = 0
Oct 14 21:27:45 openvpn 71849 cf_max = 0
Oct 14 21:27:45 openvpn 71849 duplicate_cn = DISABLED
Oct 14 21:27:45 openvpn 71849 enable_c2c = DISABLED
Oct 14 21:27:45 openvpn 71849 push_ifconfig_ipv6_remote = ::
Oct 14 21:27:45 openvpn 71849 push_ifconfig_ipv6_local = ::/0
Oct 14 21:27:45 openvpn 71849 push_ifconfig_ipv6_defined = DISABLED
Oct 14 21:27:45 openvpn 71849 push_ifconfig_remote_netmask = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 push_ifconfig_local = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 push_ifconfig_defined = DISABLED
Oct 14 21:27:45 openvpn 71849 tmp_dir = '/tmp'
Oct 14 21:27:45 openvpn 71849 ccd_exclusive = DISABLED
Oct 14 21:27:45 openvpn 71849 client_config_dir = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 client_disconnect_script = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 learn_address_script = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 client_connect_script = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 virtual_hash_size = 256
Oct 14 21:27:45 openvpn 71849 real_hash_size = 256
Oct 14 21:27:45 openvpn 71849 tcp_queue_limit = 64
Oct 14 21:27:45 openvpn 71849 n_bcast_buf = 256
Oct 14 21:27:45 openvpn 71849 ifconfig_ipv6_pool_netbits = 0
Oct 14 21:27:45 openvpn 71849 ifconfig_ipv6_pool_base = ::
Oct 14 21:27:45 openvpn 71849 ifconfig_ipv6_pool_defined = DISABLED
Oct 14 21:27:45 openvpn 71849 ifconfig_pool_persist_refresh_freq = 600
Oct 14 21:27:45 openvpn 71849 ifconfig_pool_persist_filename = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 ifconfig_pool_netmask = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 ifconfig_pool_end = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 ifconfig_pool_start = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 ifconfig_pool_defined = DISABLED
Oct 14 21:27:45 openvpn 71849 server_bridge_pool_end = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 server_bridge_pool_start = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 server_bridge_netmask = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 server_bridge_ip = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 server_netbits_ipv6 = 0
Oct 14 21:27:45 openvpn 71849 server_network_ipv6 = ::
Oct 14 21:27:45 openvpn 71849 server_netmask = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 server_network = 0.0.0.0
Oct 14 21:27:45 openvpn 71849 tls_crypt_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 tls_auth_file = '/var/etc/openvpn/client4.tls-auth'
Oct 14 21:27:45 openvpn 71849 tls_exit = DISABLED
Oct 14 21:27:45 openvpn 71849 push_peer_info = DISABLED
Oct 14 21:27:45 openvpn 71849 single_session = DISABLED
Oct 14 21:27:45 openvpn 71849 transition_window = 3600
Oct 14 21:27:45 openvpn 71849 handshake_window = 60
Oct 14 21:27:45 openvpn 71849 renegotiate_seconds = 3600
Oct 14 21:27:45 openvpn 71849 renegotiate_packets = 0
Oct 14 21:27:45 openvpn 71849 renegotiate_bytes = -1
Oct 14 21:27:45 openvpn 71849 tls_timeout = 2
Oct 14 21:27:45 openvpn 71849 ssl_flags = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_eku = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 remote_cert_ku[i] = 0
Oct 14 21:27:45 openvpn 71849 ns_cert_type = 0
Oct 14 21:27:45 openvpn 71849 crl_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 verify_x509_name = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 verify_x509_type = 0
Oct 14 21:27:45 openvpn 71849 tls_export_cert = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 tls_verify = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 tls_cert_profile = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 cipher_list = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 pkcs12_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 priv_key_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 extra_certs_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 cert_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 dh_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 ca_path = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 ca_file = '/var/etc/openvpn/client4.ca'
Oct 14 21:27:45 openvpn 71849 key_method = 2
Oct 14 21:27:45 openvpn 71849 tls_client = ENABLED
Oct 14 21:27:45 openvpn 71849 tls_server = DISABLED
Oct 14 21:27:45 openvpn 71849 test_crypto = DISABLED
Oct 14 21:27:45 openvpn 71849 use_iv = ENABLED
Oct 14 21:27:45 openvpn 71849 packet_id_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 replay_time = 15
Oct 14 21:27:45 openvpn 71849 replay_window = 64
Oct 14 21:27:45 openvpn 71849 mute_replay_warnings = DISABLED
Oct 14 21:27:45 openvpn 71849 replay = ENABLED
Oct 14 21:27:45 openvpn 71849 engine = DISABLED
Oct 14 21:27:45 openvpn 71849 keysize = 0
Oct 14 21:27:45 openvpn 71849 prng_nonce_secret_len = 16
Oct 14 21:27:45 openvpn 71849 prng_hash = 'SHA1'
Oct 14 21:27:45 openvpn 71849 authname = 'SHA256'
Oct 14 21:27:45 openvpn 71849 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Oct 14 21:27:45 openvpn 71849 ncp_enabled = DISABLED
Oct 14 21:27:45 openvpn 71849 ciphername = 'AES-256-CBC'
Oct 14 21:27:45 openvpn 71849 key_direction = 1
Oct 14 21:27:45 openvpn 71849 shared_secret_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 management_flags = 256
Oct 14 21:27:45 openvpn 71849 management_client_group = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 management_client_user = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 management_write_peer_info_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 management_echo_buffer_size = 100
Oct 14 21:27:45 openvpn 71849 management_log_history_cache = 250
Oct 14 21:27:45 openvpn 71849 management_user_pass = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 management_port = 'unix'
Oct 14 21:27:45 openvpn 71849 management_addr = '/var/etc/openvpn/client4.sock'
Oct 14 21:27:45 openvpn 71849 allow_pull_fqdn = DISABLED
Oct 14 21:27:45 openvpn 71849 route_gateway_via_dhcp = DISABLED
Oct 14 21:27:45 openvpn 71849 route_nopull = DISABLED
Oct 14 21:27:45 openvpn 71849 route_delay_defined = DISABLED
Oct 14 21:27:45 openvpn 71849 route_delay_window = 30
Oct 14 21:27:45 openvpn 71849 route_delay = 0
Oct 14 21:27:45 openvpn 71849 route_noexec = DISABLED
Oct 14 21:27:45 openvpn 71849 route_default_metric = 0
Oct 14 21:27:45 openvpn 71849 route_default_gateway = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 route_script = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 comp.flags = 1
Oct 14 21:27:45 openvpn 71849 comp.alg = 2
Oct 14 21:27:45 openvpn 71849 fast_io = ENABLED
Oct 14 21:27:45 openvpn 71849 sockflags = 0
Oct 14 21:27:45 openvpn 71849 sndbuf = 524288
Oct 14 21:27:45 openvpn 71849 rcvbuf = 524288
Oct 14 21:27:45 openvpn 71849 occ = ENABLED
Oct 14 21:27:45 openvpn 71849 status_file_update_freq = 60
Oct 14 21:27:45 openvpn 71849 status_file_version = 1
Oct 14 21:27:45 openvpn 71849 status_file = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 gremlin = 0
Oct 14 21:27:45 openvpn 71849 mute = 0
Oct 14 21:27:45 openvpn 71849 verbosity = 11
Oct 14 21:27:45 openvpn 71849 nice = 0
Oct 14 21:27:45 openvpn 71849 machine_readable_output = DISABLED
Oct 14 21:27:45 openvpn 71849 suppress_timestamps = DISABLED
Oct 14 21:27:45 openvpn 71849 log = DISABLED
Oct 14 21:27:45 openvpn 71849 inetd = 0
Oct 14 21:27:45 openvpn 71849 daemon = ENABLED
Oct 14 21:27:45 openvpn 71849 up_delay = DISABLED
Oct 14 21:27:45 openvpn 71849 up_restart = DISABLED
Oct 14 21:27:45 openvpn 71849 down_pre = DISABLED
Oct 14 21:27:45 openvpn 71849 down_script = '/usr/local/sbin/ovpn-linkdown'
Oct 14 21:27:45 openvpn 71849 up_script = '/usr/local/sbin/ovpn-linkup'
Oct 14 21:27:45 openvpn 71849 writepid = '/var/run/openvpn_client4.pid'
Oct 14 21:27:45 openvpn 71849 cd_dir = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 chroot_dir = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 groupname = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 username = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 resolve_in_advance = DISABLED
Oct 14 21:27:45 openvpn 71849 resolve_retry_seconds = 1000000000
Oct 14 21:27:45 openvpn 71849 passtos = DISABLED
Oct 14 21:27:45 openvpn 71849 persist_key = ENABLED
Oct 14 21:27:45 openvpn 71849 persist_remote_ip = DISABLED
Oct 14 21:27:45 openvpn 71849 persist_local_ip = DISABLED
Oct 14 21:27:45 openvpn 71849 persist_tun = ENABLED
Oct 14 21:27:45 openvpn 71849 remap_sigusr1 = 0
Oct 14 21:27:45 openvpn 71849 ping_timer_remote = ENABLED
Oct 14 21:27:45 openvpn 71849 ping_rec_timeout_action = 2
Oct 14 21:27:45 openvpn 71849 ping_rec_timeout = 60
Oct 14 21:27:45 openvpn 71849 ping_send_timeout = 10
Oct 14 21:27:45 openvpn 71849 inactivity_timeout = 0
Oct 14 21:27:45 openvpn 71849 keepalive_timeout = 60
Oct 14 21:27:45 openvpn 71849 keepalive_ping = 10
Oct 14 21:27:45 openvpn 71849 mlock = DISABLED
Oct 14 21:27:45 openvpn 71849 mtu_test = 0
Oct 14 21:27:45 openvpn 71849 shaper = 0
Oct 14 21:27:45 openvpn 71849 ifconfig_ipv6_remote = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 ifconfig_ipv6_netbits = 0
Oct 14 21:27:45 openvpn 71849 ifconfig_ipv6_local = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 ifconfig_nowarn = DISABLED
Oct 14 21:27:45 openvpn 71849 ifconfig_noexec = DISABLED
Oct 14 21:27:45 openvpn 71849 ifconfig_remote_netmask = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 ifconfig_local = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 topology = 1
Oct 14 21:27:45 openvpn 71849 lladdr = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 dev_node = '/dev/tun4'
Oct 14 21:27:45 openvpn 71849 dev_type = 'tun'
Oct 14 21:27:45 openvpn 71849 dev = 'tun'
Oct 14 21:27:45 openvpn 71849 ipchange = '[UNDEF]'
Oct 14 21:27:45 openvpn 71849 remote_random = DISABLED
Oct 14 21:27:45 openvpn 71849 Connection profiles END
Oct 14 21:27:45 openvpn 71849 explicit_exit_notification = 0
Oct 14 21:27:45 openvpn 71849 mssfix = 1450
Oct 14 21:27:45 openvpn 71849 fragment = 0 -
But sometimes is up, but it doesn't obtain ip address.
-
Your image shows you have two servers and neither has any clients connected. Your client connection is down and ha ssent 0 bytes, which ctells me it didn't even try to connect.
What happens when you click that little blue Start button?
-
Yes that's what happens, but just to clarify, I not trying to connect to the VPN server hosted on pfsense, I trying connect to PureVpn and Fastest VPN servers.
Thanks
-
Yes, I get it. Post screens of your client config.
-
![Screenshot_20191016-102801_Chrome.jpg](/assets/uploads/files/1571236212574-screenshot_20191016-102801_ch rome.jpg)
-
Your settings closely match the FastestVPN pfSense guide:
https://support.fastestvpn.com/tutorials/more-devices/pfsense
Notable differences are you've added the Fast I/O to Custom Options when there is a checkbox for it, and they tell you to use a Send/Receive buffer of 512 while you left it at default. Fix those two issues and then try again.
-
Just did, but same error
-
The reason for the fatal error is clearly in the logs
Oct 14 21:27:45 openvpn 71849 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
-Rico
-
Hmmm. Anything in your log file just before this line?
Oct 14 21:27:45 openvpn 71849 Exiting due to fatal error
@Rico That might just be a warning and not the actual cause of the fatal exit. His settings look good and I can't imagine how he would get into this situation.
-
@KOM so any solution?
-
I'm waiting for you to answer my question.
-
@KOM
Oct 16 10:47:49 openvpn 86796 Exiting due to fatal error
Oct 16 10:47:49 openvpn 86796 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Oct 16 10:47:49 openvpn 86796 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 16 10:47:49 openvpn 86796 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Oct 16 10:47:49 openvpn 86796 auth_user_pass_file = 'stdin'
Oct 16 10:47:49 openvpn 86796 pull = ENABLED
Oct 16 10:47:49 openvpn 86796 client = ENABLED
Oct 16 10:47:49 openvpn 86796 port_share_port = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 port_share_host = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 auth_token_lifetime = 0
Oct 16 10:47:49 openvpn 86796 auth_token_generate = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script_via_file = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 max_routes_per_client = 256
Oct 16 10:47:49 openvpn 86796 max_clients = 1024
Oct 16 10:47:49 openvpn 86796 cf_per = 0
Oct 16 10:47:49 openvpn 86796 cf_max = 0
Oct 16 10:47:49 openvpn 86796 duplicate_cn = DISABLED
Oct 16 10:47:49 openvpn 86796 enable_c2c = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_remote = ::
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_local = ::/0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_remote_netmask = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_local = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 tmp_dir = '/tmp'
Oct 16 10:47:49 openvpn 86796 ccd_exclusive = DISABLED
Oct 16 10:47:49 openvpn 86796 client_config_dir = '[UNDEF]' -
That doesn't answer my question. Were there any events that happened BEFORE the fatal error message? I can't tell if that log shows old events first or new events since they're all at the same timestamp.
-
Ok let me check the order
-
It's newest entry on top, followed by old ones
-
OK, so @Rico was bang on the money.
Some Google-Fu shows that this error can happen if you give it a password-protected private key to use. The suggested fix is to run your key through openssl like this:
openssl rsa -in YourPrivateKey.pem -out NewPrivateKey.pem
-
@KOM how do I do that?
-
Never mind. That advice only applies if you were making a private key with password-protection. It doesn't apply for a client-connection to a public VPN where you don't use a client cert.
This is really weird. The error message is complaining as if either you need a user/pass and didn't supply one, or it doesn't want a user/pass and you did supply one.
What version of pfSense is this?
-
@KOM 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10 -
Strange. And what happens when you delete all that and try with your other provider, PureVPN? Exact same symptoms and error?
-
@KOM ya same thing
-
It's suspicious that it fails the same way with a different config and provider.
I don't have any other suggestions, sorry.
-
I found the problem and it's working now, my pfblocker has the same subnet ip as the purevpn was trying to obtain. Only issue now is when I am connect to openvpn, the dns stops working ex: youtube.com when typed, but if I type the ip of youtube "172.217.13.206" manually on address bar it works.
-
Funny you should mention that. I just got an SG-1100 and was configuring it last night. I have 3 VPN connections defined, and when I bring one up in particular, everything dies. I also have pfB loaded. I was about to spend time today researching the problem but you may have just solved it for me.
-
@KOM so did it solve the problem?
-
No, it turned out to be a DNS issue.
-
@KOM I am having same issue, DNS stops working, when connected to OpenVPN
-
I think I had to specify a gateway under General Settings - DNS Servers.
-
@KOM I tired that, same thing dns stops working.
-
DNS fails for all of pfSense (not just LAN clients) when you bring a tunnel up? You can't resolve via Diagnostics - DNS Lookup?
-
@KOM Is it a bug?
-
I doubt it. Config problem 99.9% of the time. What about my questions?
-
I did, specified a "DNS" for gateway of VPN and for WAN_DHCP, but it doesn't seem to work. It won't resolve to anything it just keep loading forever, even under Diagnostics - DNS Lookup. It kill WAN, LAN
-
I asked:
-
DNS fails for all of pfSense (not just LAN clients) when you bring a tunnel up?
-
You can't resolve via Diagnostics - DNS Lookup?
-
-
DNS fails for all pfsense WAN, LAN, and can't be resolved under Diagnostic, DNS Resolver, when the open VPN is up.