Adding Username and Password option



  • From what I've read the newer version of PFsense doesn't need a password file as mentioned in older tutorials.  I'm trying to follow one that recommends putting in the Advanced: (which works)

    auth-user-pass /conf/myvpnpass
    persist-key
    persist-tun
    persist-remote-ip
    tls-client
    remote-cert-tls server
    comp-lzo
    verb 3
    auth SHA256
    cipher AES-256-CBC

    If I remove the "auth-user-pass /conf/myvpnpass" from the advanced section and enter it the GUI the OpenVPN doesn't work.  Can some shed so light on how to get this working without a myvpnpass file? I presume the benefit would be it would be backed up by the backup utility if it wasn't in a separate file.



  • No problem using User Authentication Settings. Only requirement is the correct user and password. Are you using the same as in /conf/myvpnpass?



  • Yes the username and pw are the same, but will double check it.  So your saying I can just delete the first line that refers to the password file and enter the username and pw into the GUI and it should work?



  • It would have been more prudent of you to double check and then post. Whatever.

    Looking at my file
    /var/etc/openvpn/client1.conf

    I see the line
    auth-user-pass /var/etc/openvpn/client1.up

    There are two lines in /var/etc/openvpn/client1.up
    user
    password

    It really is not that hard.



  • Thanks for your help, I didn't realize that I needed to add the extension @VPNprovider to the username (username@VPNprovider.com). Sorry for wasting your time.



  • Glad you sorted things out. For a final check, I see this line in the openvpn log

    auth_user_pass_file = '/var/etc/openvpn/client1.up'



  • @gjaltemba:

    Glad you sorted things out. For a final check, I see this line in the openvpn log

    auth_user_pass_file = '/var/etc/openvpn/client1.up'

    I don't see that line in my openvpn log (currently set for 100 lines).  Here are the last few lines:
    May 17 18:56:47 openvpn 15348 MANAGEMENT: Client disconnected
    May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'status 2'
    May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'state 1'
    May 17 18:56:47 openvpn 15348 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    May 17 18:56:11 openvpn 15348 Initialization Sequence Completed

    Not sure why it says Client disconnected



  • @NasKar:

    @gjaltemba:

    Glad you sorted things out. For a final check, I see this line in the openvpn log

    auth_user_pass_file = '/var/etc/openvpn/client1.up'

    I don't see that line in my openvpn log (currently set for 100 lines).  Here are the last few lines:
    May 17 18:56:47 openvpn 15348 MANAGEMENT: Client disconnected
    May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'status 2'
    May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'state 1'
    May 17 18:56:47 openvpn 15348 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    May 17 18:56:11 openvpn 15348 Initialization Sequence Completed

    Not sure why it says Client disconnected

    Apparently that doesn't mean anything as discussed here https://forum.pfsense.org/index.php?topic=79363.0



  • You may want to set the Verbosity level to 5 under Advanced Configuration of the Openvpn client if you really want to check the log. Reset it when you are done.



  • @gjaltemba:

    You may want to set the Verbosity level to 5 under Advanced Configuration of the Openvpn client if you really want to check the log. Reset it when you are done.

    At Verbosity level 5 the line auth_user_pass_file = '/var/etc/openvpn/client1.up' is there. But now notice this error

    May 17 21:30:05 openvpn 79458 ERROR: FreeBSD route add command failed: external program exited with error status: 1