Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - can't get it working

    OpenVPN
    2
    3
    442
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chris1284C
      chris1284
      last edited by chris1284

      Hi,
      i'm new to pfsense and actually everything (the basiscs) are running. Now i tried to get OpenVPN working.

      Steps:

      • setup an ca "pfsense-internal-ca"
      • generated a server certifikate and a client certificate with this ca
      • used server certifikate to create a OpenVPN server (remote access ssl/tls)
      • used client certifikate to create a OpenVPN client (peer to peer ssl/tls)
      • exported inline config file for iphone OpenVPN App
      • restartet the openvpn services

      if i try to connect, the log show following

      Nov 14 11:15:44	openvpn	56201	TLS Error: incoming packet authentication failed from [AF_INET] [iphone external ip]:19735
Nov 14 11:15:44	openvpn	56201	Authenticate/Decrypt packet error: packet HMAC authentication failed

      Both server / client are configured same.

      status.png server-client_04.png server-client_03.png server-client_02.png server-client_01.png 01_certs.jpg

      where can i start further investigations?

      thank you

      Chris

      C 1 Reply Last reply Reply Quote 0
      • C
        cswroe @chris1284
        last edited by cswroe

        @chris1284 Did you create a user for it? Is this just so a iPhone or remote users can connect? If so, I would suggest this: https://youtu.be/PgielyUFGeQ

        chris1284C 1 Reply Last reply Reply Quote 1
        • chris1284C
          chris1284 @cswroe
          last edited by chris1284

          @cswroe Thanks for reply, pushed into right direction
          It works now. I have deleted the old konfig and started again without wizzard.
          I think the main problem was the firewall rule setup. In the first setup there where some rules missing. also i switched to ssl/tls + user auth.

          I think my mistake was to think that "openvpn client" means one config for each client that i wish to connect to MY OpenVPN.

          Now it is running and after some reading into dns in openvpn, this is also running.
          I think now it is configured good
          state.png

          1 Reply Last reply Reply Quote 1
          • First post
            Last post