Adding Username and Password option

NasKar

From what I've read the newer version of PFsense doesn't need a password file as mentioned in older tutorials.  I'm trying to follow one that recommends putting in the Advanced: (which works)

auth-user-pass /conf/myvpnpass
persist-key
persist-tun
persist-remote-ip
tls-client
remote-cert-tls server
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC

If I remove the "auth-user-pass /conf/myvpnpass" from the advanced section and enter it the GUI the OpenVPN doesn't work.  Can some shed so light on how to get this working without a myvpnpass file? I presume the benefit would be it would be backed up by the backup utility if it wasn't in a separate file.

gjaltemba

No problem using User Authentication Settings. Only requirement is the correct user and password. Are you using the same as in /conf/myvpnpass?

NasKar

Yes the username and pw are the same, but will double check it.  So your saying I can just delete the first line that refers to the password file and enter the username and pw into the GUI and it should work?

gjaltemba

It would have been more prudent of you to double check and then post. Whatever.

Looking at my file
/var/etc/openvpn/client1.conf

I see the line
auth-user-pass /var/etc/openvpn/client1.up

There are two lines in /var/etc/openvpn/client1.up
user
password

It really is not that hard.

NasKar

Thanks for your help, I didn't realize that I needed to add the extension @VPNprovider to the username (username@VPNprovider.com). Sorry for wasting your time.

gjaltemba

Glad you sorted things out. For a final check, I see this line in the openvpn log

auth_user_pass_file = '/var/etc/openvpn/client1.up'

NasKar

@gjaltemba:

Glad you sorted things out. For a final check, I see this line in the openvpn log

auth_user_pass_file = '/var/etc/openvpn/client1.up'

I don't see that line in my openvpn log (currently set for 100 lines).  Here are the last few lines:
May 17 18:56:47 openvpn 15348 MANAGEMENT: Client disconnected
May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'status 2'
May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'state 1'
May 17 18:56:47 openvpn 15348 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
May 17 18:56:11 openvpn 15348 Initialization Sequence Completed

Not sure why it says Client disconnected

NasKar

@NasKar:

@gjaltemba:

Glad you sorted things out. For a final check, I see this line in the openvpn log

auth_user_pass_file = '/var/etc/openvpn/client1.up'

I don't see that line in my openvpn log (currently set for 100 lines).  Here are the last few lines:
May 17 18:56:47 openvpn 15348 MANAGEMENT: Client disconnected
May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'status 2'
May 17 18:56:47 openvpn 15348 MANAGEMENT: CMD 'state 1'
May 17 18:56:47 openvpn 15348 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
May 17 18:56:11 openvpn 15348 Initialization Sequence Completed

Not sure why it says Client disconnected

Apparently that doesn't mean anything as discussed here https://forum.pfsense.org/index.php?topic=79363.0

gjaltemba

You may want to set the Verbosity level to 5 under Advanced Configuration of the Openvpn client if you really want to check the log. Reset it when you are done.

NasKar

@gjaltemba:

You may want to set the Verbosity level to 5 under Advanced Configuration of the Openvpn client if you really want to check the log. Reset it when you are done.

At Verbosity level 5 the line auth_user_pass_file = '/var/etc/openvpn/client1.up' is there. But now notice this error

May 17 21:30:05 openvpn 79458 ERROR: FreeBSD route add command failed: external program exited with error status: 1