Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Linux 2.4.4 Client can't connect to pfSense OpenVPN Server

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 765 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LukasN
      last edited by

      Hey there,

      I'm having a strange OPENVpn Server Client connection issue issue.
      The pfSense has the latest version installed.

      A User is using Ubuntu 18.04 and installed the latest OpenVPN Version.
      Everytime he's trying to connect to the VPN he gets the following error:

      Dez 28 20:30:58 PATRICK nm-openvpn[7902]: WARNING: file '/home/patrick/xxx/VPN/pfSense-UDP4-1194-vpn.xxx.dev/pfSense-UDP4-1194-vpn.xxxxxxxx.dev.p12' is group or others accessible
      Dez 28 20:30:58 PATRICK nm-openvpn[7902]: WARNING: file '/home/patrick/xxx/VPN/pfSense-UDP4-1194-vpn.xxx.dev/pfSense-UDP4-1194-vpn.xxxxxxx.dev-tls.key' is group or others accessible
      Dez 28 20:30:58 PATRICK nm-openvpn[7902]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
      Dez 28 20:30:58 PATRICK nm-openvpn[7902]: library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxxx:1194
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: UDPv4 link local: (not bound)
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: UDPv4 link remote: [AF_INET]xxxxxxxxxx:1194
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1585', remote='link-mtu 1601'
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
      Dez 28 20:30:59 PATRICK nm-openvpn[7902]: [vpn.xxxxxx.dev] Peer Connection Initiated with [AF_INET]xxxxxxxxxx:1194
      Dez 28 20:31:00 PATRICK nm-openvpn[7902]: Error: pushed cipher not allowed - AES-256-CBC not in BF-CBC or AES-256-GCM:AES-128-GCM
      Dez 28 20:31:00 PATRICK nm-openvpn[7902]: OPTIONS ERROR: failed to import crypto options
      Dez 28 20:31:00 PATRICK nm-openvpn[7902]: ERROR: Failed to apply push options
      Dez 28 20:31:00 PATRICK nm-openvpn[7902]: Failed to open tun/tap interface
      Dez 28 20:31:00 PATRICK nm-openvpn[7902]: SIGUSR1[soft,process-push-msg-failed] received, process restarting
      Dez 28 20:31:01 PATRICK sudo[7905]:  patrick : TTY=pts/7 ; PWD=/home/patrick ; USER=root ; COMMAND=/bin/journalctl -e
      Dez 28 20:31:01 PATRICK sudo[7905]: pam_unix(sudo:session): session opened for user root by (uid=0)
      

      This is the Encryption and NCP config:
      02926b5f-a35b-45b9-b51f-35fd4dc41dc9-grafik.png

      Thanks ahead for help.

      Lukas

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @LukasN
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • PippinP
          Pippin
          last edited by

          Let the user get the latest OpenVPN version:
          https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos

          I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
          Halton Arp

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.