Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Latest openVPN (pfS 2.7) Clientexport Windows install package - Asks for Certificate paswd (none was set)

    OpenVPN
    1
    3
    600
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600B
      bingo600
      last edited by

      Hello

      I have upgraded my test firewall to pfSense 2.7 , and was using Client Export to export the latest Windows installer.
      After install i couldn't connect to the server (TLS + Passwd) , as after specifyint UID + PWD , I was asked for the Certificate password , and none was ever set ....

      Has anyone else experienced this "new feature" ???

      This would totally stop me from upgrading my Central pfSense, as a functional VPN is 100% required.

      Installing the previous "Install package" makes things work again.

      /Bingo

      If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600
        last edited by

        It just occured to me, that i use a 2.7 "Client export Win installer" , in order to get my new pfSense (2.7) client installed on my Win test pc.
        On that PC i also have older configs that points to my 2.6 pfSense.
        It was when i tried to connect to the 2.6 pfSense i saw the issue.

        Could there be an issue, if i upgrade the openVPN client to a "2.7" client , and then try to connect to 2.6 server ??

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 0
        • bingo600B
          bingo600
          last edited by

          Continuing my monolouge here

          It seems like openSSL might have done some changes, that affects openVPN clients versioned 2.6.xx+
          I think also something that affects certificate encryption.

          And i noticed a new settings field in the 2.7 openVPN Client export.
          f799358e-e425-4e15-8293-191dcf8cddec-image.png

          My steps to reproduce:
          Have a Win PC with an openVPN Client export installer (latest from pfS 2.6) - Current Windows Installers (2.5.8-Ix04):
          If you try to connect to the pfS 2.6 openVPN server , all is good.

          Then you get/receive a pfSense 2.7 Client export install file , and install it (to install the new conf+certs for that connection) - Current Windows Installers (2.6.5-Ix001):

          Now if i try to connect to the "Old pfS 2.6" OVPN Server, I get asked for uid/pwd as usual.
          But after entering that correct, i get another "gui prompt" , asking for the cert passwd.
          7ef967d0-5eb3-4afd-8f0c-8a95c1f77d81-image.png

          Since i never used/generated a cert passwd, i can't login anymore.

          Connecting to the 2.7 OVPN server, with the new client, does not ask for a cert passwd.

          It might be an "Odd test" , but I think someone could have both 2.7 & 2.6 openVPN servers in prod.

          Could Netgate confirm the above issue/situation ?

          /Bingo

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.