Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS Error : something wrong with Certificates ?

    OpenVPN
    tls certificate open vpn
    3
    13
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bekoj
      last edited by

      Hi, i'm currently trying to configure ExpressVPN on my pfsense. I'm following the guide they provided.

      But in the end, i'm getting a TLS error. Here is what the logs are showing me :

      alt text

      I can guess there is something wrong with the certificates but I'm not sure what or why. Could someone point me in the right direction ?

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo @Bekoj
        last edited by

        @Bekoj said in TLS Error : something wrong with Certificates ?:

        But in the end, i'm getting a TLS error. Here is what the logs are showing me :

        Hi,

        ExpVPN works very well with pfSense.
        In many places, many of our boxes work with it...
        the error message shows that you may have copied the Certs details from the xyz.ovpn file perhaps incorrectly..

        (copy-paste and copy-paste, etc ๐Ÿ˜‰

        BTW:
        I am thinking of these f.e.:

        (I think, if you start at the beginning... and it will work...)
        it is important that you copy each character accurately!

        e76ab2a1-7654-4103-82cc-7cb2f7cabc5a-image.png

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by Gertjan

          Hi,

          You used https://www.expressvpn.com/fr/support/vpn-setup/pfsense-with-expressvpn-openvpn/ ?

          Did you create (imported) the CA ?
          Did you create (imported ) the Certificate ?

          My CA :

          72f4e842-6986-4d0e-a9a1-603b5aa2000c-image.png

          My Cert :

          d6498350-31e2-40aa-841e-ea94c44014cb-image.png

          Settings :

          8d022e76-0ba6-4fb6-85d0-7b7eb062ae3a-image.png

          edit : oh ... @DaddyGo copy pasts faster ...

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          DaddyGoD B 3 Replies Last reply Reply Quote 0
          • DaddyGoD
            DaddyGo @Gertjan
            last edited by

            @Gertjan said in TLS Error : something wrong with Certificates ?:

            edit : oh ... @DaddyGo copy pasts faster ...

            exactly CTRL-C / CTRL-V ๐Ÿ˜‰

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            1 Reply Last reply Reply Quote 0
            • B
              Bekoj @Gertjan
              last edited by

              @Gertjan and @DaddyGo

              Yes I used the tutorial you linked, and I copy-pasted the concerned parts religiously on each section.

              here are some screenshots of my CA and Cert config :

              CA1:
              expr1.PNG
              CA2:
              expr2.PNG
              Certs :
              expr3.PNG

              Although i noticed you have "CA openvpn" in the issuer field, where i simply have "external". I tried to re-add the certificate (see screenshot below) but the result is exactly the same :

              expr4.PNG

              DaddyGoD 1 Reply Last reply Reply Quote 0
              • B
                Bekoj @Gertjan
                last edited by

                @Gertjan wait, i just noticed in your screenshots your certificate is in use by an OpenVPN Server, not Client like mine, is that my mistake ?

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @Bekoj
                  last edited by

                  @Bekoj said in TLS Error : something wrong with Certificates ?:

                  is that my mistake ?

                  That's my mistake :

                  My CA :

                  4760f6e5-a1de-4787-b4db-f9f02bf44d74-image.png

                  The cert :

                  c4d9f81c-2ecd-47ab-88b6-066e36b08f7d-image.png

                  I did mix up things with the OpenVPN server ..... whoch has nothing to do with the Client -which uses cert info given to use by ExpressVPN.

                  Sorry for that.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • DaddyGoD
                    DaddyGo @Bekoj
                    last edited by DaddyGo

                    @Bekoj said in TLS Error : something wrong with Certificates ?:

                    here are some screenshots of my CA and Cert config :

                    Looks good...but we do not know the details

                    I suggest the following....
                    forget a bit about pfSense and import the downloaded xyz.ovpn file directly into a OpenVPN client on a desktop or laptop.
                    https://openvpn.net/community-downloads/

                    and letโ€™s see what happens so you connect

                    BTW:
                    ea9d7527-1389-49cf-b029-21916c145ddb-image.png

                    212fd1e1-0cc7-4855-84d9-1e46f233d730-image.png

                    Cats bury it so they can't see it!
                    (You know what I mean if you have a cat)

                    B 1 Reply Last reply Reply Quote 0
                    • B
                      Bekoj @DaddyGo
                      last edited by

                      @DaddyGo I just made the test with the OpenVPN client on a windows PC and it works perfectly, so nothing wrong with the config file i guess. I checked several times and I'm positive i didn't make any mistakes in copy/pasting any keys. What else could be wrong ?

                      DaddyGoD 1 Reply Last reply Reply Quote 0
                      • DaddyGoD
                        DaddyGo @Bekoj
                        last edited by DaddyGo

                        @Bekoj said in TLS Error : something wrong with Certificates ?:

                        What else could be wrong ?

                        I have a hard time imagining anything else...

                        I asked you for the test to exclude the bad .ovpn file content.....it's done
                        (because it works during windows, so...hmmm)

                        Please, if have time, try removing all the relevant settings from pfSense that you have done so far.

                        Start from the beginning step by step according to the ExpVPN description of the setting
                        (You might skip over some small mistake and we can't see it, only you...)

                        https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/

                        Setting up a Nord VPN is very similar, maybe compare it to the ExpVPN description..
                        https://support.nordvpn.com/Connectivity/Router/1089079142/pfSense-2-4-4-setup-with-NordVPN.htm

                        of course, do not use the special part, because it is different (custom options)

                        74ac0aee-1d85-4ded-afc4-5480d396a93b-image.png

                        please write your experience,THX

                        edit++++:

                        something came to my mind, due to "plaintext read error"

                        1d34bdbc-4f82-488c-8a8f-168b3d9af3cf-image.png

                        may not be relevant...???
                        pls. edit / open the downloaded xyz.ovpn file with NotePad ++
                        https://notepad-plus-plus.org/downloads/

                        and after CTRL-C / CTRL-V ๐Ÿ˜‰

                        Cats bury it so they can't see it!
                        (You know what I mean if you have a cat)

                        B 1 Reply Last reply Reply Quote 0
                        • B
                          Bekoj @DaddyGo
                          last edited by

                          @DaddyGo Well... I have some news.

                          I tried to factory reset my pfense and start from scratch... but the result was the same.

                          So out of desperation, I did a new VM and installed pfsense brand new in 2.4.5 version (i was in 2.3.5) and... it worked. Suddenly OpenVPN is up. I guess there was something wrong with my install because i can't see why being in 2.3.5 would have been an issue.

                          GertjanG DaddyGoD 2 Replies Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @Bekoj
                            last edited by

                            @Bekoj said in TLS Error : something wrong with Certificates ?:

                            (i was in 2.3.5)

                            Oooohhhh. And you're telling that now ?
                            That pfSense version 2.3.5 uses an older OpenVPN version, compatible with close to nothing these days => ExpressVPN upgraded their OpenVN software on their side (we can't blame them) most probably for security reasons.

                            Ok to keep an already EOL version of pfSense, but do not do connect it to some somewhere or something.
                            That's "asking" for troubles ;)

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • DaddyGoD
                              DaddyGo @Bekoj
                              last edited by

                              @Bekoj said in TLS Error : something wrong with Certificates ?:

                              installed pfsense brand new in 2.4.5 version

                              installed pfsense brand new in 2.4.5 version

                              hmmm, next time I'll ask first...๐Ÿ˜‰

                              @Gertjan "Oooohhhh. And you're telling that now ?"
                              Yes, we went around a bit, the point is, it's okay

                              Cats bury it so they can't see it!
                              (You know what I mean if you have a cat)

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.