Updated pfsense and android devices won't connect
-
Just updated pfsense from a couple year old kernel and lost my ability to connect with my Android device. Android is running openvpn connect app.
Server config:
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 24.xxx.xxx.xx
tls-server
server 10.253.0.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'nxxxxxxxxsvr' 1 "
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 192.xxx.xxx.0 255.255.255.0"
push "dhcp-option DOMAIN xxx.local"
push "dhcp-option DNS 192.xxx.xxx.10"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
floatWorking PC config:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 24.xxx.xxx.xx 1194 udp
lport 0
verify-x509-name "nxxxxxxxxsvr" name
auth-user-pass
pkcs12 pfsense-udp-1194-rxxxxxs.p12
tls-auth pfsense-udp-1194-rxxxxxs-tls.key 1
ns-cert-type server
comp-lzo adaptiveNon-working android config:
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
remote 24.xxx.xxx.xx 1194 udp
lport 0
verify-x509-name "nxxxxxxxxr" name
auth-user-pass
ns-cert-type server
comp-lzo adaptiveKeys and whatnot follow.
Client errors:
Session Invalidated: KEEPALIVE_TIMEOUTServer errors:
Nov 6 13:46:06 openvpn[8393]: 107.107.56.233:3151 TLS_ERROR: BIO read tls_read_plaintext error: error:04075070:rsa routines:RSA_sign:digest too big for rsa key: error:1409B006:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib
Nov 6 13:46:06 openvpn[8393]: 107.107.56.233:3151 TLS Error: TLS object -> incoming plaintext read error
Nov 6 13:46:06 openvpn[8393]: 107.107.56.233:3151 TLS Error: TLS handshake failedThanks in advance for any assistance.
-
just upgraded from 2.2.4 and no issues with my apple phone using the openvpn connect app..
What was the version you updated from to 2.2.5?? If really old which "a couple year old kernel" makes it sound like.. I would prob just redo your setup..
-
just upgraded from 2.2.4 and no issues with my apple phone using the openvpn connect app..
What was the version you updated from to 2.2.5?? If really old which "a couple year old kernel" makes it sound like.. I would prob just redo your setup..
You mean CA and everything? Or just the OpenVPN and related user certs?
It was like 2.0.3 or something.
-
Why not that takes all of like 2 minutes to do to be honest..
-
I wouldn't delete my CA, just the vpn and user ones at that point, right?
-
How many users do you have??
Dude really it takes all of 15 seconds to create a new ca.. Not sure where the problem is here with redoing your setup.. Delete your openvpn setup and run through the wizard it takes all of really to be honest if it takes you more than 3 minutes your doing something wrong!!!
