OpenVPN config export what is login??

  • I'm not an expert on OpenVPN, so I feel like something isn't right with what I've setup here.

    I used the wizard to setup the server, and created 2 users. One is a user for myself, the other is a user for an external server I want to create a persistent tunnel with.

    I started testing with my user account on my laptop. But then ran into the same problem on this server when attempting to do the same thing:

    [myuser]@[myserver]:/etc/openvpn$ sudo openvpn /etc/openvpn/pfsense-udp-1194/pfsense-udp-1194.ovpn
    Sun Jan  1 22:38:15 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
    Enter Auth Username:******* 
    Enter Auth Password:
    Sun Jan  1 22:38:21 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Sun Jan  1 22:38:21 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
    Sun Jan  1 22:38:21 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sun Jan  1 22:38:21 2012 Error opening file pfsense-udp-1194.p12 (OpenSSL)
    Sun Jan  1 22:38:21 2012 Exiting

    I cannot figure out the correct username and password to open this .p12 file. I tried the login for the user as created on the local database on the pfsense router, I've tried other accounts, I've tried other possible variations that I considered possibilities… nothing works. I've also tried blank username, blank passwords, etc... but that went nowhere, too.

    I FINALLY got it working on my laptop, but I had to export a viscosity configuration, and install that (which is only a 30-day trial). I guess that export was configured with no password on the .p12 file.

    Help! Maybe my configuration is too locked down, but maybe it's just standard. I don't know a whole lot about OpenVPN, admittedly.

  • In general there is no password for the .p12 file as long as you did not enter one.
    Did you use the "Client Export Utility" to export the client configuration + cert ?

    If yes, there is an option which is by default unchecked:
    "Use a password to protect the pkcs12 file contents or key in Viscosity bundle."

    I have to mention that I do not use the wizard to create an OpenVPN server but there should not be any difference.

  • Thanks for the reply.

    Yes, I used the exporter, and I had that option deselected (as was the default). Something must be wrong with the exporter then. Hmmm

  • The export utility is working fine. I tried it today on a VM with pfsense 2.0.1 amd64 - but without the wizard.
    Delete the OpenVPN server and try again with the wizard or without the wizard.

Log in to reply