[SOLVED] Issue with OpenVPN Client Export on pfSense 2.0-Beta4
-
I have been using pfSense for a while now, and I am trying to setup a VPN server on my home router; but I have hit a snag. I cannot get the OpenVPN Client Export to work. When I go to the Client Export page, I do not see any install packages listed. I searched the forums, and found this page:
http://forum.pfsense.org/index.php/topic,27422.0.htmlThe user reported a similar issue, and it was resolved when he discovered that his user's crt was not using the same CA as OpenVPN. My user is using the same CA, but I still don't see the packages. I have attached some pictures of my configuration, thanks for any help/advice that anybody can give. ;D
My User:
My VPN server config (edited):
OpenVPN Clients, Client Overrides, and Client Export
-
How recently did you install the export package? Does that still happen if you remove the package and then reinstall it?
At a glance that does look correct, but if reinstalling the export package doesn't help, I'd probably have to see a copy of your config.xml to offer any more help.
-
I installed the client export package right before I tried to setup the VPN, I just reinstalled the package and it is still a no-go. I will PM you my config.xml. Thanks for the help.
-
Somehow you have two different CAs both named pf1. Not sure how that might have happened.
-
Is there any way to delete both the CA certs and start over? ???
-
Sure, just go under System > User Manager and delete the user cert entries, then go under System > Cert Manager and delete the certs there (but leave the webgui cert, and then you can probably delete the CAs.
Probably more than is needed, but if you look in the config you can see by the refids that there is at least one cert on the wrong CA, might be possible to just delete the bad CA and fix the OpenVPN server to use the other one.
-
Ok, I will try that and see if it will solve my issue.
-
Bad news. I deleted all of the certs (except for the webconfigurator) and deleted the server. I setup a new CA and created a new cert for the user. I then setup the server again using the wizard, and when I go to the Client Export page, there is still no link for the download. Any ideas?
I guess that I can set up the client manually, but I would like to know if this is an issue with the Client Export utility; or user error.
-
Well the original problem was two CAs with the same name. The OpenVPN server was using one CA, and the certs were using a different CA, but since the name of the CA was the same, it looked correct even though it was not.
The problem is with the CAs, unless you delete the CAs and start over, you are likely to have more issues.
-
I deleted both of the CA's through the cert manager page before I re-setup the VPN server. The steps that I took were:
1. Deleted all user certs and CA (left webconfigurator cert)
2. Deleted the VPN server instance
3. Created a new CA
4. Created the VPN server using the wizard (which created the cert for the VPN)
5. Created a new user cert w/ the new CA -
There may have been some issues with the field names and the wizard with CAs and such in some of the recent snapshots. Not sure if it might be preventing it from working 100% now. I committed a bunch of fixes while working on somewhat related items today, but not all of them will be in the next snapshot. There should hopefully be a snapshot tomorrow morning sometime which has them all.
-
cool, I will try updating tomorrow and see if that fixes it. I may go through the same steps again after I update if the Client Export is still not working.
-
Success!! After updating to the latest revision, and redoing all the certs and the OpenVPN Server; I am now presented with a package installer link. I am now having an issue with my VPN connection timing out when I connect to it using my phone, but that is a story for another time and another forum post. Thank you jimp for your help, and all the hard work you and the pfSense group does. I definitely owe you one. :D