New sg-5100 setup, one issues with OpenVPN and client device (openvpn works, but receiving a warning)
-
@Rico I used viscosity with my last pfsense setup, which was a few years ago, and I don't recall this Warning, but I don't want to use the viscosity config if I should be using something else, for windows 10.
Here is what I see when using a 'Most Clients' profile.
WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
(same as viscosity profile)OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-128-GCM') if you want to connect to this server.
(very well could be something I may need to correct, I just used OpenVPN server defaults, to my knowledge)ERROR: Failed to apply push options
(I am using a push option in my config, which was also on my last pfsense box and worked, here is the entry...push "route 10.10.15.0 255.255.255.0"
Failed to open tun/tap interface
Since I don't often set up OpenVPN on pfsense, I forget which profile I used in the past (this is being used at home and I only set it up when I upgrade pfsense, which isn't very often). However, I have been taking better notes for my installs since I have to pick certain profiles and change certain settings. This may be why I used viscosity config, in the past, I probably tried with other profile options and had these errors. It could very well be that I am doing something wrong, but since viscosity config worked, I just assumed it was the profile I was using. I don't seem to have any issues with my iOS profile and my Mac OS profile, only with windows 10 profile/OpenVPN client.
Thanks.
-
Failed to open tun/tap interface
looks like a broken Windows OpenVPN Installation to me. Uninstall the OpenVPN Client, Reboot Windows, Install the 2.4.9 package (https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.9-I601-Win10.exe), Reboot and try again.Push routes via the IPv4 Local network(s) box, not Custom options.
-Rico
-
@Rico The route I am pushing is a network on the other end of the pfsense OpenVPN server I am connecting to. Meaning, I am connecting with OpenVPN client on windows 10 to site 1 and the network I am pushing is on site 2, which is connected via IPSEC to site 1. It works as expected, as far as I know.
My windows 10 OpenPVN install is 2.5, I can upgrade to 2.9 as you recommend, but I also have another pfsense box (a friends OpenVPN server) that I sometimes connect to and make changes, if needed. Will the current profile I have for that network break with 2.9?
Thanks
-
It's 2.4.9 - not 2.9
Version 2.4.9 is the exact same version as pfSense 2.4.5-p1 is running:[2.4.5-RELEASE][admin@xxx]/root: openvpn --version OpenVPN 2.4.9 armv6-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
I'd just want to make sure all Options/Parameters match 100%, there are some changes in 2.5
-Rico
-
@Rico Thanks, I just realized I mis-read the version number. Ok, let me try 2.4.9 and see if that makes a difference.
-
@Rico I uninstalled 2.5, rebooted and installed 2.4.9, imported the Most Clients profile and wasn't even prompted for a user/password, it popped up an error message "connecting to the management interface failed" and pointed me to the log file, here is what the log file shows.
Options error: Unrecognized option or missing or extra parameter(s) in most-clients-profile.ovpn:4: data-ciphers (2.4.9) Use --help for more information.
I was able to connect using the viscosity profile, that I have been using, and this time there are no Warnings, which is good, but you stated that I shouldn't be using the viscosity profile. I do want to use the correct method, I guess getting Most Clients profile working is the new issue.
I do think I know why I had 2.5....One of the export options is windows 10, which I didn't realize meant current OpenVPN client, I took it as the current version of windows. That exports as an exe, which upgraded me to 2.5 (before making this thread, yesterday). I do see there is an option for 2.4.9 as a client export, but we haven't discussed that. Shouldn't that be the option I should be using over most clients, since I am now running 2.4.9?
Thanks.
-
Please post your Server configuration via screenshots.
-Rico
-
This post is deleted! -
@dtgate said in New sg-5100 setup, one issues with OpenVPN and client device (openvpn works, but receiving a warning):
@rico Here is a link to the picture, https://i.imgur.com/Pn4eIH3.png
Thanks.
@Rico What do you think?
Thanks.
-
I deleted the post with the link to the screenshots since it the topic/discussion has gone stale.