Failed Connection to PureVPN
-
Sorry I should have made myself clearer. When I said any ideas I meant any ideas what is up with my current setup and what needs to be done to fix it.
While switching to another VPN client or even another VPN provider is not out of the question I do wish to retain a server setup where a single instance covers all the devices on my network. Besides which I have paid for a further 2 years service and being a tight git switching elsewhere does not appeal!!
Thanks to all who have replied
-
@Bridger You would have to post screenshots of the many options you need to configure OpenVPN for anyone to be able to help. Just a log showing a reset isn't enough.
Is there a particular reason you specifically need OpenVPN?
-
Hi
I am not wedded to openvpn but I do want a single instance VPN to cover everything on my network and openvpn meets that requirement.
I have not posted multiple screenshots as I believe it is setup correctly having run in its current configuration for a long time without issue.I was hoping someone could look at the log and say for example that there was an issue with the server certificate.
-
@Bridger Wireguard meets it as well, and faster, and easier to configure but whatever.
That cert warning is not great but it shouldn't kill the tunnel. How did you configure OpenVPN in pfSense? You took their .ovpn file and translated its contents into pfSense?
I assume you've already seen this?
https://support.purevpn.com/en_US/router/how-to-set-up-purevpn-on-pfsense-router
-
Was setup over 7 years ago from guides and assistance from this forum. Subsequently upgraded to pfsense 2.6.0
CA certificate and TLS file (static key) taken from PureVPN ovpn file.
Was working fine until Friday when it stopped connecting.
Have had PureVPN staff remotely access the server to check/alter settings without success.
They have subsequently claimed there has been no changes at their end.Further snippet of information:- My brother has a virtually identical setup which has an identical issue
that it will not connect following an attempt to change VPN server.Not sure where to go from here.
-
@Bridger I assume you've tried more than the one new server and they all fail? Can you set it back to the original server you switched from? OpenVPN and Wireguard can coexist so you might want to get a wg tunnel going in the meantime and see if it suits your needs. This looks like an issue on their end so I'm not sure what else you can do about it.
-
I presume you've downloaded de ZIP file with all the Pure VPN server access points, and you've picked one (location file) to fill in the pfSense client OpenVPN screen.
With all this info, pfSense created a .... ovpn config file ( ^^ ).
It's here : /var/etc/client1/config.ovpn
If you cant find the folder "/var/etc/client1/", check also /var/etc/client2/ and so on.
Compare this file with the one Pure gave you.
What are the differences ?If the config files are the same, there is only one thing left : the openvpn "client" = You can't talk with the opnvpn "server" = Pure.
While you are at the command (console, SSH) command line (option 8), type :
[25.11-RELEASE][root@pfSense.bhf.tld]/root: openvpn --version OpenVPN 2.6.16 amd64-portbld-freebsd16.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] library versions: OpenSSL 3.5.3 16 Sep 2025, LZO 2.10 DCO version: FreeBSD 16.0-CURRENT #14 plus-RELENG_25_11-n256500-a43915e7ef55-dirty: Tue Dec 23 22:33:59 CET 2025 root@nut:/usr/home/kp/netgate/crossbuild-25.11/obj/amd64/38Ovya1t/usr/home/kp/netgate/crossbuild-25.11/sources/FreeBSD-src-plus-RELENG_25_11/amd64.amd6 Originally developed by James Yonan Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net> Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=yes enable_dco_arg=yes enable_debug=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_unit_tests=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=noand this tells you what openvpn version you are using.
If pfSense 2.6.2 was based upon something less as the OpenVPN version 2.6.x (for example 2.5.x) then Pure forgot to tell you they've updated their openvpn server software.
You have to do the same thing on your side : upgrade pfSense as this will also upgrade your openvpn software. -
I am back up and running!!!
I eventually found a combination of CA cert file and TLS file that worked.
I was telling PureVPN throughout that this was the issue but they were insistent that they had changed nothing.I want to express my thanks for the help I have received.
Thanks guys. -
@Bridger could you please direct me to those files!
Thank you -
Hi
Replace CA cert with
-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIULjehn3oKy7VgPWVqBLqG3RcBw6AwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAlZHMRAwDgYDVQQIEwdUb3J0b2xhMREwDwYDVQQHEwhS
b2FkdG93bjEXMBUGA1UEChMOU2VjdXJlLVNlcnZlclExCzAJBgNVBAsTAklUMRcw
FQYDVQQDEw5TZWN1cmUtU2VydmVyUTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
LmRvbWFpbjAeFw0yMjA0MjAwNjUxNTFaFw0zMjA0MTcwNjUxNTFaMIGSMQswCQYD
VQQGEwJWRzEQMA4GA1UECBMHVG9ydG9sYTERMA8GA1UEBxMIUm9hZHRvd24xFzAV
BgNVBAoTDlNlY3VyZS1TZXJ2ZXJRMQswCQYDVQQLEwJJVDEXMBUGA1UEAxMOU2Vj
dXJlLVNlcnZlclExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYBqR63rzysa2c/1YTn811McVX
AvkqV1smE3jLv1TP4VW/nD67Sb43iKc/lhkbgXV89PFQt6BswK8BPC5TzXi/kTFJ
txkN79L9insG+DFiz/NvKRWxdAbKJZtv7c2eBLYOAflYcI/HwkBJa01uvPtGtCKO
qfhwB120Kwq1gxr95DTU4OtPm8PRfUookiCCFb7qip6twABfcC5lntI3UBN1CQfi
CtgdY32+7doeFURH+jY9JS4Ots78LKVN8GiMUxJosSHGxw2+/ERwD6IiJO5AeRIg
BSSa2GW3WNlQ4qHTq0obVDoK3+xMAbhbRjVYriynYPB70mN82lWN1chXaiDeW/l0
g7DU/EJKCAkYLlMr2hI1kMTu9AYHKUH/NsEC1Z8Nf6GCxi9zlOcuANNNxxioDeUE
ANoMCRRb1hQDx83udxSLTbR8qCO2+G2EJp/L9M/efGn6L7U7qvKxzua8ZbLAWKMw
FtqVRD0+oZPN6rEVFrOx9byz6DFA6vKa76dpdLbISnOrqyQVxkZMhBuL/fFbHyLW
xD9QN9dnVx8q3W8fhJXdDln4oMOzyMm/0K0iar7GLjGKQ3Zmz9qJ1lWCdyA800Ub
J5eeD4SXmB2eYZnQxW8MGmHygz0mslBzhN7mB+7sxMIiLFiCc6SqYu6ONDOVEe0T
+H0pka1yN6o/9TLJtwIDAQABo1MwUTAdBgNVHQ4EFgQUsC/fyv2nQRAEg6aH2OQh
89HR5uIwHwYDVR0jBBgwFoAUsC/fyv2nQRAEg6aH2OQh89HR5uIwDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAnklSAVjZLlyy0iaM4g29+t87RDUf
MAEkJEq+qq23Ovrvw9XPr8xfp3rhPgY/12EQofwWuToIQeRawZJ9ZKq3+ELpOZAE
GkuA22vQdYaulY8suUXWuD4hFCvsKWA/jASrEY29l54r0yCcElrN5upqm7BoRbHY
FieO0ieBmGaLoxAqjZc99KkO4QELXtn7OMsXmXTUwlA8m9acTDKmpl6cVs2Cq/Fo
z6NbbWvCb65q1HZSmfkXB8mCZnLF+1wERpQeTpnA0cNT4RUGTe2PQsTXOBgASEab
O7AFDkg2H7YgmfBwVZKwHZWo72ggSdHUygKOT1+v9Xt1oFg3k6l/GiyVsvCSzN0G
/7VzDJuAIRtDIs/daDhXxyHaAqbKQ8VDHuLBxMTYQQnndt2D6J7XxtQ2F/iWqDZw
+l8gukFwrgOMgq7ZYYeOOxKx20zbBAUELYtNF2KaLJjKiZJmQd/1OjuKYexggFWB
C2f1OiDzxzrqAocSnGllVPmmh0ALJCi8eMT5lt9sfZq5hWPYnwDYeVQ1A/5l7x+V
bcqeQAJCYh/RIy60Tp7QYeliECJDkowDGtIcz+v97FkcTsL+8r+xbM3z3f3oQSYT
JEBPe8DnGAyveCuwo0trH4kGLiAiqS+2mR0pMhDFIXXgL9EF/S7KkHT9Wfn6FE0j
Ggjbe2PZOrN9Ts0=
-----END CERTIFICATE-----Replace TLS key with
2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
2a081d1a94f133e0c3e1b36ff414f609
154e6f2c5586abc2452ec54c70ead6d9
f0b5e3b7351eb0eac32d6ddb3d7c24d5
6cccbf25024bdde1c14d56c02eeb058c
3f76ea6798b07955bb38b71dd1d359c9
3f246b00d624929fcc87d6c34baff5f6
2f8ac7fa054a3fff8982fc9d1847168a
b6a7e2f48c16100cb5865e355f3978f0
165cdc9e9217cd49634098c58bda0c15
b1ce1ef214604e4f7f1f8b94b93a7791
486706f0199973bbe9a6fb462bcb72e4
e64263f37653098ddbe02de7b4502c88
a4ee7c47cd44bcb3853bde2ccc13dc45
fe6b75474f31af57f89cecc1ba694038
4de9e41b4abbc38710577fcfc471b4c9
86b17d72707040378b3cfe57dd4cc372
-----END OpenVPN Static key V1-----Pfsense have recently updated the address of their servers so make sure that is correct.
Good luck -
Thank you
