Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    You need to use –askpass to make passphrase-protected keys work

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dsnunes
      last edited by

      Hello friends, it's my first time in the forum.
      I'm having trouble creating a VPN site-to-site between Mikrotik and pfSense.
      The pfsense not start the service with the following errors in the log:

      Jul 1 17:48:16 openvpn 70193 auth_user_pass_file = '/var/etc/openvpn/client2.up'
      Jul 1 17:48:16 OpenVPN OpenVPN 70193 2.3.11 i386-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
      Jul 1 17:48:16 openvpn 70193 library versions: OpenSSL 1.0.1s-freebsd Mar 1 2016 2:09 LZO
      Jul 1 17:48:16 openvpn 70193 WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
      Jul 1 17:48:16 openvpn 70318 PO_INIT maxevents = 1 flags = 0x00000002
      Jul 1 17:48:16 openvpn 70318 MANAGEMENT: Unix domain socket listening on /var/etc/openvpn/client2.sock
      Jul 1 17:48:16 openvpn 70318 WARNING: using –pull / - client and --ifconfig together is probably not what you want
      Jul 1 17:48:16 openvpn 70318 WARNING: The server certificate verification method Has Been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Jul 1 17:48:16 openvpn 70318 NOTE: the --script-security current setting may allow this configuration to call user-defined scripts
      Jul 1 17:48:16 openvpn 70318 PO_INIT maxevents = 4 flags = 0x00000002
      Jul 1 17:48:16 openvpn 70318 neither nor stdin stderr are a tty device and you have neither the controlling tty systemd nor - can not ask for 'Enter Private Key Password'. If you used --daemon, you need to use to make --askpass passphrase-protected keys work, and you can not use --auth-nocache.
      Jul 1 17:48:16 openvpn 70318 Exiting due to fatal error

      I researched enough on Google, which handles the error:
      https://bugs.archlinux.org/task/46422
      https://community.openvpn.net/openvpn/ticket/248
      https://community.openvpn.net/openvpn/attachment/ticket/630/0001-Fix-isatty-check-for-good.patch

      someone can help me?
      how to do it at pfsense?

      1 Reply Last reply Reply Quote 0
      • M
        Mindesbunister
        last edited by

        Hey,

        have you found a solution to your problem? Cause i have exactly the same trying to connect to VPN Service provider (nordvpn).

        thanks.

        kind regards,

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.