New sg-5100 setup, one issues with OpenVPN and client device (openvpn works, but receiving a warning)

Rico

Viscosity is proprietary and you should use this config only with the Viscosity Client.
For OpenVPN Client use Inline Configurations Most Clients

-Rico

dtgate

@Rico I used viscosity with my last pfsense setup, which was a few years ago, and I don't recall this Warning, but I don't want to use the viscosity config if I should be using something else, for windows 10.

Here is what I see when using a 'Most Clients' profile.

WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results (same as viscosity profile)

OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-128-GCM') if you want to connect to this server. (very well could be something I may need to correct, I just used OpenVPN server defaults, to my knowledge)

ERROR: Failed to apply push options (I am using a push option in my config, which was also on my last pfsense box and worked, here is the entry... push "route 10.10.15.0 255.255.255.0"

Failed to open tun/tap interface

Since I don't often set up OpenVPN on pfsense, I forget which profile I used in the past (this is being used at home and I only set it up when I upgrade pfsense, which isn't very often). However, I have been taking better notes for my installs since I have to pick certain profiles and change certain settings. This may be why I used viscosity config, in the past, I probably tried with other profile options and had these errors. It could very well be that I am doing something wrong, but since viscosity config worked, I just assumed it was the profile I was using. I don't seem to have any issues with my iOS profile and my Mac OS profile, only with windows 10 profile/OpenVPN client.

Thanks.

Rico

Failed to open tun/tap interface looks like a broken Windows OpenVPN Installation to me. Uninstall the OpenVPN Client, Reboot Windows, Install the 2.4.9 package (https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.9-I601-Win10.exe), Reboot and try again.

Push routes via the IPv4 Local network(s) box, not Custom options.

-Rico

dtgate

@Rico The route I am pushing is a network on the other end of the pfsense OpenVPN server I am connecting to. Meaning, I am connecting with OpenVPN client on windows 10 to site 1 and the network I am pushing is on site 2, which is connected via IPSEC to site 1. It works as expected, as far as I know.

My windows 10 OpenPVN install is 2.5, I can upgrade to 2.9 as you recommend, but I also have another pfsense box (a friends OpenVPN server) that I sometimes connect to and make changes, if needed. Will the current profile I have for that network break with 2.9?

Thanks

Rico

It's 2.4.9 - not 2.9
Version 2.4.9 is the exact same version as pfSense 2.4.5-p1 is running:

[2.4.5-RELEASE][admin@xxx]/root: openvpn --version
OpenVPN 2.4.9 armv6-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May  4 2020

I'd just want to make sure all Options/Parameters match 100%, there are some changes in 2.5

-Rico

dtgate

@Rico Thanks, I just realized I mis-read the version number. Ok, let me try 2.4.9 and see if that makes a difference.

dtgate

@Rico I uninstalled 2.5, rebooted and installed 2.4.9, imported the Most Clients profile and wasn't even prompted for a user/password, it popped up an error message "connecting to the management interface failed" and pointed me to the log file, here is what the log file shows.

Options error: Unrecognized option or missing or extra parameter(s) in most-clients-profile.ovpn:4: data-ciphers (2.4.9) Use --help for more information.

I was able to connect using the viscosity profile, that I have been using, and this time there are no Warnings, which is good, but you stated that I shouldn't be using the viscosity profile. I do want to use the correct method, I guess getting Most Clients profile working is the new issue.

I do think I know why I had 2.5....One of the export options is windows 10, which I didn't realize meant current OpenVPN client, I took it as the current version of windows. That exports as an exe, which upgraded me to 2.5 (before making this thread, yesterday). I do see there is an option for 2.4.9 as a client export, but we haven't discussed that. Shouldn't that be the option I should be using over most clients, since I am now running 2.4.9?

Thanks.

Rico

Please post your Server configuration via screenshots.

-Rico

dtgate

This post is deleted!

dtgate

@dtgate said in New sg-5100 setup, one issues with OpenVPN and client device (openvpn works, but receiving a warning):

@rico Here is a link to the picture, https://i.imgur.com/Pn4eIH3.png

Thanks.

@Rico What do you think?

Thanks.

dtgate

I deleted the post with the link to the screenshots since it the topic/discussion has gone stale.