openvpn-client-import fails
-
In pfSense+ there is a package called openvpn-client-import which is used for importing ovpn-files.
I have received a file looking like this:
client dev tun proto tcp-client remote xxx.yyy.net port 1194 nobind persist-key persist-tun tls-client remote-cert-tls server verb 4 mute 10 cipher AES-256-CBC auth SHA512 auth-user-pass redirect-gateway def1 <ca> ---certificate data--- </ca>When importing I get the following error message:
The field 'Server port' must contain a valid port, ranging from 0 to 65535.
Any ideas what could cause this problem?
I have tried to manually enter information, but the configuration does not really map well to the GUI. This turns out to be fairly complex it seems.
-
@greenturtle
Try to take over the port into the remote line:remote xxx.yyy.net 1194 udp4This is for UDP IPv4.
And remove the port line. -
@viragomann
Thanks! Moving the port and the proto to the remote seems to avoid the error.The client configuration in the router does not seem to relate much to the original ovpn-file. It seemed like everything worked the first time I imported, but subsequent restarts or re-imports (after deleting the client) failed to connect for some reason.
Is there some way to bypass the configuration system of pfSense and just use the raw ovpn-file for this client configuration?
-
@greenturtle
No, all settings are written into the pfSense config and the OpenVPN configuration files are written from pfSense then.I had never imported an. ovpn file till now. I look into the file and take over the values into the web GUI.
You config file doesn't look very complicated. So this should go straight forward.Look into the log files for more details if there are issues.
-
@greenturtle said in openvpn-client-import fails:
remote xxx.yyy.net
port 1194That's the old OpenVPN configuration format.
@viragomann said in openvpn-client-import fails:
remote xxx.yyy.net 1194 udp4
This is the format valid used these days.
@greenturtle because you sue and old(er) version of the OpenVPN config file, some options are 'converted', other are committed, and others, new option are added.
What is your pfSense version ? -
@gertjan
pfSense+ 23.01-RELEASEI have tried to find a specification for the ovpn-file format. Is there any good description somewhere what can go into the file with all options and full syntax?
-
@greenturtle Take a look at the following. It's not great but is the best I could find.
https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf
Ted Quade
-
@greenturtle said in openvpn-client-import fails:
pfSense+ 23.01-RELEASE
I have tried to find a specification for the ovpn-file format. Is there any good description somewhere what can go into the file with all options and full syntax?First : what do we / you use :
[23.01-RELEASE][root@pfSense.never-local.here]/root: openvpn --version OpenVPN 2.6_beta1 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] [DCO] library versions: OpenSSL 1.1.1t-freebsd 7 Feb 2023, LZO 2.10 Originally developed by James Yonan Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net> ......So, it's openvpn 2.6 beta1
Now, you need to know that openvpn has the word 'open' in it, and that suggests that it's open source.
So : with the correct Google-food, you wind up here : https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/Now, if you say : "wtf, that's huge !", then you're right. OpenVPN is a big project with all the zillion options and possibilities.
-
@Gertjan
Thanks, I think I found that manual when searching, but at first glance it seemed like there was only command line options.I was just hoping that things would "just work", but apparently not.
I tried the provided ovpn file in several versions of the OpenVPN desktop client as well, but without success, which made me give up on the entire thing. Maybe a problem with the server I'm trying to connect to, and that is out of my control. -
openvpn (server or client) "2.6" can connect to openvpn ( client or server ) "2.4" (from example).
Some hand editing is probably needed. -
@gertjan
The administrator of the server decided to change something based on my log dumps, and now the connection just works at the first attempt.Thank you everyone for your help. The only thing I had to change was the syntax of the remote line as mentioned by @viragomann, then the import worked just fine.
