TLS Authentication Key does not appear to be valid

  • Testing two pfsense 2.3.2-RELEASE-p1  boxes

    On the server I generated CA certificate, Server certificate, Clients certificate.  I exported

    • CA certificate + key
    • Client Certificate + Key

    On the client I imported the CA and Client certificates.

    On creating a new openvpn client following the pfsense book, I untick " Automatically generate a shared TLS authentication Key, and I paste the client TLS key on the field.

    When saving, I get the error  "the field TLS Authentication Key does not appear to be valid".

    Any thoughts?

  • I also just want to say the book could use a lot of work on the wording.

    On the client, import the CA certificate along with the client certificate and key for that site. This is the same CA and client certificate made on the server and exported from there. This can be done under System > Cert Manager. For specifics on importing the CA and certificates, see Certificate Management.

    And a few paragraphs later:

    TLS Authentication:
    Check Enable authentication of TLS packets, Uncheck Automatically generate a shared TLS authentication key, then paste in the TLS key for the connection here using the key copied from the server instance created previously

    which key? I have two at hand.

    Anyways, It still fails with both keys.

  • For anyone wondering what to copy-paste into this field, its the key mentioned in this section of the pfbook

    Click Save.
    Click pencil to edit the new server instance
    Find the TLS Authentication box
    Select all of the text inside
    Copy the text to the clipboard
    Save this to a file or paste it into a text editor such as Notepad temporarily

    The book never mentions when to use this key, but this is the one to put on the client TLS Authentication and not those that we exported from the certificates management.


Log in to reply