TLS Authentication Key does not appear to be valid
Testing two pfsense 2.3.2-RELEASE-p1 boxes
On the server I generated CA certificate, Server certificate, Clients certificate. I exported
- CA certificate + key
- Client Certificate + Key
On the client I imported the CA and Client certificates.
On creating a new openvpn client following the pfsense book, I untick " Automatically generate a shared TLS authentication Key, and I paste the client TLS key on the field.
When saving, I get the error "the field TLS Authentication Key does not appear to be valid".
I also just want to say the book could use a lot of work on the wording.
On the client, import the CA certificate along with the client certificate and key for that site. This is the same CA and client certificate made on the server and exported from there. This can be done under System > Cert Manager. For specifics on importing the CA and certificates, see Certificate Management.
And a few paragraphs later:
Check Enable authentication of TLS packets, Uncheck Automatically generate a shared TLS authentication key, then paste in the TLS key for the connection here using the key copied from the server instance created previously
which key? I have two at hand.
Anyways, It still fails with both keys.
For anyone wondering what to copy-paste into this field, its the key mentioned in this section of the pfbook
Click pencil to edit the new server instance
Find the TLS Authentication box
Select all of the text inside
Copy the text to the clipboard
Save this to a file or paste it into a text editor such as Notepad temporarily
The book never mentions when to use this key, but this is the one to put on the client TLS Authentication and not those that we exported from the certificates management.