OpenVPN/ExpressVPN Fatal Error
Have recently started using ExpressVPN on my main workstation, have been happy with the performance, and now want to configure my pfSense box to act as the VPN client for the network.
Alas, if things were so simple. I've downloaded the certificates and keys from ExpressVPN, and (I believe) successfully created the Certificate Authority, certificate and the client connection in pfSense. However, when I check the logs, I get a fatal error showing that I can't get around.
Feb 1 00:17:36 openvpn 97351 Exiting due to fatal error
Feb 1 00:17:36 openvpn 97351 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used –daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
I've done some digging, and the problem appears to be relating to the certificates having been generated with a passphrase. The OpenVPN forum post I found talked about using '–askpass' as part of the solution but I have no idea how to do that in pfSense.
Being a total VPN noob, I'd appreciate someone confirming my diagnosis, or possibly pointing me in the right direction if I'm totally off course.
Haven't ruled out contacting ExpressVPN about it, but wanted to check with the wise people here first. :)
Were you able to get it working yet?
That sounds like you don't have a password filled out under User Authentication Settings. In my hours of testing I had tried this and got the same response. Still unable to get it working however. Always an authentication issue.
while this is 3 years old, i just stumbled across this problem today with another VPN setup using username and password. So long story short, for whatever reason pfsense is removing the last line in the user/password file when openvpn client is executed. This results in the above error message.
To fix this issue:
1.) connect via ssh to your pfsense and choose to start shell
2.) find your user+passwordfile in the openvpn directory (/var/etc/openvpn/), for me it is the file:
3.) If you open it with cat for instance it will only show the username and an empty line
cat /var/etc/openvpn/client1.up myvpnusername
4.) Simply add in a new line after the username the password and save the file so that the file looks like
5.) Now the important step, make the file immuteable. If you do not do this, the password will be removed again. Execute:
chflags schg /var/etc/openvpn/client1.up
6.) re-check that username and password are correct
cat /var/etc/openvpn/client1.up myvpnusername myvpnpassword
8.) Go in the webinterface to Status->OpenVPN and Start the service.
9.) Should run now.