My client Openvpn setup on 2.0.x experience this evening…



  • While trying to apply my previous knowledge of openvpn of pfsense 1.2.3… and after reading many posts and other websites trouble shooting errors...

    I was trying to apply my 1.2.3 methods of configuration files that included a CA.crt, client.key, and client.crt, (and maybe a tls-auth ta.key).  So I generated these in the Cert Manager and User Manager.  (but the server was expecting a different method all together from the client).

    This wasn't happening... I had all kinds of mumbo jumbo errors... "TLS_ERROR: BIO read tls_read_plaintext error", "nsCertType ERROR", yaadda yaadda yaaada.

    I decided to just use the darn wizard.

    I DID find that its important to install the "Openvpn Client Export Utility" before you do ANYTHING from the package manager System > Packages.  Because it seems to generate its configurations as you generate your CA, cert, and user certs.  (just use the darn wizard like I did, save yourself some time.  :))

    The Client Export utility generates a .p12 and a tls.key instead, oh and also the openvpn-client.conf if you want it to.  (I had no idea what the server was expecting, this helped a TON since I had no idea what the options were... heh).

    Here is the client.conf that the export utility generated based on my settings:

    dev tun
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    tls-client
    client
    resolv-retry infinite
    remote some.ip.address 1194
    tls-remote mycert
    auth-user-pass
    pkcs12 pfsense-udp-1194.p12
    tls-auth pfsense-udp-1194-tls.key 1
    comp-lzo

    So here is my dump of info.

    I'm goin to bed.  Gnight!


Locked