Linux 2.4.4 Client can't connect to pfSense OpenVPN Server


  • Hey there,

    I'm having a strange OPENVpn Server Client connection issue issue.
    The pfSense has the latest version installed.

    A User is using Ubuntu 18.04 and installed the latest OpenVPN Version.
    Everytime he's trying to connect to the VPN he gets the following error:

    Dez 28 20:30:58 PATRICK nm-openvpn[7902]: WARNING: file '/home/patrick/xxx/VPN/pfSense-UDP4-1194-vpn.xxx.dev/pfSense-UDP4-1194-vpn.xxxxxxxx.dev.p12' is group or others accessible
    Dez 28 20:30:58 PATRICK nm-openvpn[7902]: WARNING: file '/home/patrick/xxx/VPN/pfSense-UDP4-1194-vpn.xxx.dev/pfSense-UDP4-1194-vpn.xxxxxxx.dev-tls.key' is group or others accessible
    Dez 28 20:30:58 PATRICK nm-openvpn[7902]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
    Dez 28 20:30:58 PATRICK nm-openvpn[7902]: library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxxx:1194
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: UDPv4 link local: (not bound)
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: UDPv4 link remote: [AF_INET]xxxxxxxxxx:1194
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1585', remote='link-mtu 1601'
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
    Dez 28 20:30:59 PATRICK nm-openvpn[7902]: [vpn.xxxxxx.dev] Peer Connection Initiated with [AF_INET]xxxxxxxxxx:1194
    Dez 28 20:31:00 PATRICK nm-openvpn[7902]: Error: pushed cipher not allowed - AES-256-CBC not in BF-CBC or AES-256-GCM:AES-128-GCM
    Dez 28 20:31:00 PATRICK nm-openvpn[7902]: OPTIONS ERROR: failed to import crypto options
    Dez 28 20:31:00 PATRICK nm-openvpn[7902]: ERROR: Failed to apply push options
    Dez 28 20:31:00 PATRICK nm-openvpn[7902]: Failed to open tun/tap interface
    Dez 28 20:31:00 PATRICK nm-openvpn[7902]: SIGUSR1[soft,process-push-msg-failed] received, process restarting
    Dez 28 20:31:01 PATRICK sudo[7905]:  patrick : TTY=pts/7 ; PWD=/home/patrick ; USER=root ; COMMAND=/bin/journalctl -e
    Dez 28 20:31:01 PATRICK sudo[7905]: pam_unix(sudo:session): session opened for user root by (uid=0)
    

    This is the Encryption and NCP config:
    02926b5f-a35b-45b9-b51f-35fd4dc41dc9-grafik.png

    Thanks ahead for help.

    Lukas


  • This post is deleted!

  • Let the user get the latest OpenVPN version:
    https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos