Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS Authentication Key does not appear to be valid

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spyshagg
      last edited by

      Testing two pfsense 2.3.2-RELEASE-p1  boxes

      On the server I generated CA certificate, Server certificate, Clients certificate.  I exported

      • CA certificate + key
      • Client Certificate + Key

      On the client I imported the CA and Client certificates.

      On creating a new openvpn client following the pfsense book, I untick " Automatically generate a shared TLS authentication Key, and I paste the client TLS key on the field.

      When saving, I get the error  "the field TLS Authentication Key does not appear to be valid".

      Any thoughts?
      thanks

      1 Reply Last reply Reply Quote 0
      • S
        spyshagg
        last edited by

        I also just want to say the book could use a lot of work on the wording.

        On the client, import the CA certificate along with the client certificate and key for that site. This is the same CA and client certificate made on the server and exported from there. This can be done under System > Cert Manager. For specifics on importing the CA and certificates, see Certificate Management.

        And a few paragraphs later:

        TLS Authentication:
        Check Enable authentication of TLS packets, Uncheck Automatically generate a shared TLS authentication key, then paste in the TLS key for the connection here using the key copied from the server instance created previously

        which key? I have two at hand.

        Anyways, It still fails with both keys.

        1 Reply Last reply Reply Quote 0
        • S
          spyshagg
          last edited by

          For anyone wondering what to copy-paste into this field, its the key mentioned in this section of the pfbook

          Click Save.
          Click pencil to edit the new server instance
          Find the TLS Authentication box
          Select all of the text inside
          Copy the text to the clipboard
          Save this to a file or paste it into a text editor such as Notepad temporarily

          The book never mentions when to use this key, but this is the one to put on the client TLS Authentication and not those that we exported from the certificates management.

          cheers

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.