OpenVPN not working
-
Hmmm. Anything in your log file just before this line?
Oct 14 21:27:45 openvpn 71849 Exiting due to fatal error
@Rico That might just be a warning and not the actual cause of the fatal exit. His settings look good and I can't imagine how he would get into this situation.
-
@KOM so any solution?
-
I'm waiting for you to answer my question.
-
@KOM
Oct 16 10:47:49 openvpn 86796 Exiting due to fatal error
Oct 16 10:47:49 openvpn 86796 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Oct 16 10:47:49 openvpn 86796 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 16 10:47:49 openvpn 86796 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
Oct 16 10:47:49 openvpn 86796 auth_user_pass_file = 'stdin'
Oct 16 10:47:49 openvpn 86796 pull = ENABLED
Oct 16 10:47:49 openvpn 86796 client = ENABLED
Oct 16 10:47:49 openvpn 86796 port_share_port = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 port_share_host = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 auth_token_lifetime = 0
Oct 16 10:47:49 openvpn 86796 auth_token_generate = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script_via_file = DISABLED
Oct 16 10:47:49 openvpn 86796 auth_user_pass_verify_script = '[UNDEF]'
Oct 16 10:47:49 openvpn 86796 max_routes_per_client = 256
Oct 16 10:47:49 openvpn 86796 max_clients = 1024
Oct 16 10:47:49 openvpn 86796 cf_per = 0
Oct 16 10:47:49 openvpn 86796 cf_max = 0
Oct 16 10:47:49 openvpn 86796 duplicate_cn = DISABLED
Oct 16 10:47:49 openvpn 86796 enable_c2c = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_remote = ::
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_local = ::/0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_ipv6_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 push_ifconfig_remote_netmask = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_local = 0.0.0.0
Oct 16 10:47:49 openvpn 86796 push_ifconfig_defined = DISABLED
Oct 16 10:47:49 openvpn 86796 tmp_dir = '/tmp'
Oct 16 10:47:49 openvpn 86796 ccd_exclusive = DISABLED
Oct 16 10:47:49 openvpn 86796 client_config_dir = '[UNDEF]' -
That doesn't answer my question. Were there any events that happened BEFORE the fatal error message? I can't tell if that log shows old events first or new events since they're all at the same timestamp.
-
Ok let me check the order
-
It's newest entry on top, followed by old ones
-
OK, so @Rico was bang on the money.
Some Google-Fu shows that this error can happen if you give it a password-protected private key to use. The suggested fix is to run your key through openssl like this:
openssl rsa -in YourPrivateKey.pem -out NewPrivateKey.pem
-
@KOM how do I do that?
-
Never mind. That advice only applies if you were making a private key with password-protection. It doesn't apply for a client-connection to a public VPN where you don't use a client cert.
This is really weird. The error message is complaining as if either you need a user/pass and didn't supply one, or it doesn't want a user/pass and you did supply one.
What version of pfSense is this?
-
@KOM 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10 -
Strange. And what happens when you delete all that and try with your other provider, PureVPN? Exact same symptoms and error?
-
@KOM ya same thing
-
It's suspicious that it fails the same way with a different config and provider.
I don't have any other suggestions, sorry.
-
I found the problem and it's working now, my pfblocker has the same subnet ip as the purevpn was trying to obtain. Only issue now is when I am connect to openvpn, the dns stops working ex: youtube.com when typed, but if I type the ip of youtube "172.217.13.206" manually on address bar it works.
-
Funny you should mention that. I just got an SG-1100 and was configuring it last night. I have 3 VPN connections defined, and when I bring one up in particular, everything dies. I also have pfB loaded. I was about to spend time today researching the problem but you may have just solved it for me.
-
@KOM so did it solve the problem?
-
No, it turned out to be a DNS issue.
-
@KOM I am having same issue, DNS stops working, when connected to OpenVPN
-
I think I had to specify a gateway under General Settings - DNS Servers.
-
@KOM I tired that, same thing dns stops working.
-
DNS fails for all of pfSense (not just LAN clients) when you bring a tunnel up? You can't resolve via Diagnostics - DNS Lookup?
-
@KOM Is it a bug?
-
I doubt it. Config problem 99.9% of the time. What about my questions?
-
I did, specified a "DNS" for gateway of VPN and for WAN_DHCP, but it doesn't seem to work. It won't resolve to anything it just keep loading forever, even under Diagnostics - DNS Lookup. It kill WAN, LAN
-
I asked:
-
DNS fails for all of pfSense (not just LAN clients) when you bring a tunnel up?
-
You can't resolve via Diagnostics - DNS Lookup?
-
-
DNS fails for all pfsense WAN, LAN, and can't be resolved under Diagnostic, DNS Resolver, when the open VPN is up.
-
And you're using Resolver? You have it set to listen on all interfaces, and use all outgoing interfaces? Maybe try setting Outgoing to WAN alone.
-
@KOM It's already set all, issue still persist.
-
Strange. Usually people have the opposite problem, where they're leaking DNS out the WAN. It should just work. I don't have any other suggestions except for the nuclear option: reinstall fresh, take backups at every config milestone when you know the system is working and revert back if something goes screwy.
-