is my openvpn setup correct ? please help for dual wan vpn loadbalance and failover



  • hello everyone, my name is lukas,
    i need some help here. i am a super newbie in networking and pfsense.
    i have a vpnarea and i setup this on my pfsense and the here is the log

    Oct 17 09:07:57 openvpn 11797 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Oct 17 09:07:57 openvpn 11797 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    Oct 17 09:07:57 openvpn 11797 Cannot load certificate file /var/etc/openvpn/server2.cert
    Oct 17 09:07:57 openvpn 11797 Exiting due to fatal error
    Oct 17 09:08:35 openvpn 99144 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Oct 17 09:08:35 openvpn 99144 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 17 09:08:35 openvpn 99417 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 17 09:08:35 openvpn 99417 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Oct 17 09:08:35 openvpn 99417 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    Oct 17 09:08:35 openvpn 99417 Cannot load certificate file /var/etc/openvpn/server2.cert
    Oct 17 09:08:35 openvpn 99417 Exiting due to fatal error
    Oct 17 09:09:04 openvpn 91107 event_wait : Interrupted system call (code=4)
    Oct 17 09:09:04 openvpn 91107 SIGTERM received, sending exit notification to peer
    Oct 17 09:09:13 openvpn 23696 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Oct 17 09:09:13 openvpn 23696 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 17 09:09:13 openvpn 23970 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 17 09:09:13 openvpn 23970 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Oct 17 09:09:13 openvpn 23970 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    Oct 17 09:09:13 openvpn 23970 Cannot load certificate file /var/etc/openvpn/server2.cert
    Oct 17 09:09:13 openvpn 23970 Exiting due to fatal error
    Oct 17 09:09:39 openvpn 34795 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Oct 17 09:09:39 openvpn 34795 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 17 09:09:39 openvpn 35071 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 17 09:09:39 openvpn 35071 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Oct 17 09:09:39 openvpn 35071 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    Oct 17 09:09:39 openvpn 35071 Cannot load certificate file /var/etc/openvpn/server2.cert
    Oct 17 09:09:39 openvpn 35071 Exiting due to fatal error
    Oct 17 09:09:54 openvpn 89075 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Oct 17 09:09:54 openvpn 89075 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 17 09:09:54 openvpn 89175 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 17 09:09:54 openvpn 89175 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Oct 17 09:09:54 openvpn 89175 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    Oct 17 09:09:54 openvpn 89175 Cannot load certificate file /var/etc/openvpn/server2.cert
    Oct 17 09:09:54 openvpn 89175 Exiting due to fatal error
    Oct 17 09:11:45 openvpn 55430 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Oct 17 09:11:45 openvpn 55430 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
    Oct 17 09:11:45 openvpn 55430 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 17 09:11:45 openvpn 55709 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Oct 17 09:11:45 openvpn 55709 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 17 09:11:45 openvpn 55709 TCP/UDP: Preserving recently used remote address: [AF_INET]210.16.120.188:1194
    Oct 17 09:11:45 openvpn 55709 UDPv4 link local (bound): [AF_INET]36.77.83.65:8292
    Oct 17 09:11:45 openvpn 55709 UDPv4 link remote: [AF_INET]210.16.120.188:1194
    Oct 17 09:11:45 openvpn 55709 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Oct 17 09:11:49 openvpn 55709 [VPNArea] Peer Connection Initiated with [AF_INET]210.16.120.188:1194
    Oct 17 09:11:50 openvpn 55709 TUN/TAP device ovpnc1 exists previously, keep at program end
    Oct 17 09:11:50 openvpn 55709 TUN/TAP device /dev/tun1 opened
    Oct 17 09:11:50 openvpn 55709 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Oct 17 09:11:50 openvpn 55709 /sbin/ifconfig ovpnc1 10.186.35.2 10.186.35.1 mtu 1500 netmask 255.255.255.0 up
    Oct 17 09:11:50 openvpn 55709 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1569 10.186.35.2 255.255.255.0 init
    Oct 17 09:11:50 openvpn 55709 Initialization Sequence Completed

    so i check in status -> openvpn and status is up.
    i asssign interface openvpn, but in this interface

    IPv4/IPv6 Configuration This interface type does not support manual address configuration on this page.![alt text](image url)
    aec78de9-44a0-40ad-b6d5-792d8bd73da3-image.png

    when i check whatismyip it is still showing my ISP IP. what i am trying to do i want dual wan VPN failover load balance. i did the loadbalance and failover. i want it can port forward from each wan to one of my program,

    any reply would be highly appreciate. thanks a lot.


Log in to reply