TLS Error : something wrong with Certificates ?
-
@Bekoj said in TLS Error : something wrong with Certificates ?:
But in the end, i'm getting a TLS error. Here is what the logs are showing me :
Hi,
ExpVPN works very well with pfSense.
In many places, many of our boxes work with it...
the error message shows that you may have copied the Certs details from the xyz.ovpn file perhaps incorrectly..(copy-paste and copy-paste, etc
BTW:
I am thinking of these f.e.:(I think, if you start at the beginning... and it will work...)
it is important that you copy each character accurately! -
Hi,
You used https://www.expressvpn.com/fr/support/vpn-setup/pfsense-with-expressvpn-openvpn/ ?
Did you create (imported) the CA ?
Did you create (imported ) the Certificate ?My CA :
My Cert :
Settings :
edit : oh ... @DaddyGo copy pasts faster ...
-
@Gertjan said in TLS Error : something wrong with Certificates ?:
edit : oh ... @DaddyGo copy pasts faster ...
exactly CTRL-C / CTRL-V
-
Yes I used the tutorial you linked, and I copy-pasted the concerned parts religiously on each section.
here are some screenshots of my CA and Cert config :
CA1:
CA2:
Certs :
Although i noticed you have "CA openvpn" in the issuer field, where i simply have "external". I tried to re-add the certificate (see screenshot below) but the result is exactly the same :
-
@Gertjan wait, i just noticed in your screenshots your certificate is in use by an OpenVPN Server, not Client like mine, is that my mistake ?
-
@Bekoj said in TLS Error : something wrong with Certificates ?:
is that my mistake ?
That's my mistake :
My CA :
The cert :
I did mix up things with the OpenVPN server ..... whoch has nothing to do with the Client -which uses cert info given to use by ExpressVPN.
Sorry for that.
-
@Bekoj said in TLS Error : something wrong with Certificates ?:
here are some screenshots of my CA and Cert config :
Looks good...but we do not know the details
I suggest the following....
forget a bit about pfSense and import the downloaded xyz.ovpn file directly into a OpenVPN client on a desktop or laptop.
https://openvpn.net/community-downloads/and letโs see what happens so you connect
BTW:
-
@DaddyGo I just made the test with the OpenVPN client on a windows PC and it works perfectly, so nothing wrong with the config file i guess. I checked several times and I'm positive i didn't make any mistakes in copy/pasting any keys. What else could be wrong ?
-
@Bekoj said in TLS Error : something wrong with Certificates ?:
What else could be wrong ?
I have a hard time imagining anything else...
I asked you for the test to exclude the bad .ovpn file content.....it's done
(because it works during windows, so...hmmm)Please, if have time, try removing all the relevant settings from pfSense that you have done so far.
Start from the beginning step by step according to the ExpVPN description of the setting
(You might skip over some small mistake and we can't see it, only you...)https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/
Setting up a Nord VPN is very similar, maybe compare it to the ExpVPN description..
https://support.nordvpn.com/Connectivity/Router/1089079142/pfSense-2-4-4-setup-with-NordVPN.htmof course, do not use the special part, because it is different (custom options)
please write your experience,THX
edit++++:
something came to my mind, due to "plaintext read error"
may not be relevant...???
pls. edit / open the downloaded xyz.ovpn file with NotePad ++
https://notepad-plus-plus.org/downloads/and after CTRL-C / CTRL-V
-
@DaddyGo Well... I have some news.
I tried to factory reset my pfense and start from scratch... but the result was the same.
So out of desperation, I did a new VM and installed pfsense brand new in 2.4.5 version (i was in 2.3.5) and... it worked. Suddenly OpenVPN is up. I guess there was something wrong with my install because i can't see why being in 2.3.5 would have been an issue.
-
@Bekoj said in TLS Error : something wrong with Certificates ?:
(i was in 2.3.5)
Oooohhhh. And you're telling that now ?
That pfSense version 2.3.5 uses an older OpenVPN version, compatible with close to nothing these days => ExpressVPN upgraded their OpenVN software on their side (we can't blame them) most probably for security reasons.Ok to keep an already EOL version of pfSense, but do not do connect it to some somewhere or something.
That's "asking" for troubles ;) -
@Bekoj said in TLS Error : something wrong with Certificates ?:
installed pfsense brand new in 2.4.5 version
installed pfsense brand new in 2.4.5 version
hmmm, next time I'll ask first...
@Gertjan "Oooohhhh. And you're telling that now ?"
Yes, we went around a bit, the point is, it's okay