Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Export Utility File Contents

    Scheduled Pinned Locked Moved OpenVPN
    17 Posts 5 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wasca
      last edited by

      Hi Guys

      I've created a OpenVPN for my road warriors on a PFSense 2.01 install and now I'm using the client export utility. I click on the Client Export tab then for the client I want to export I select "Configuration archive" it downloads a zip file that contains only three files.

      pyro-bri-udp-1194-tls.key
      pyro-bri-udp-1194.ovpn
      pyro-bri-udp-1194.p12

      Here is the contents of the ovpn file, seems to be missing any reference to the .crt file and .key file

      
      dev tun
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      tls-client
      client
      resolv-retry infinite
      remote xxx.xxx.xxx.xxx 1194
      tls-remote MAS-OPENVPN
      auth-user-pass
      pkcs12 pyro-bri-udp-1194.p12
      tls-auth pyro-bri-udp-1194-tls.key 1
      

      Are these all the files that are meant to be in the zip file? is the server.crt and server.key meant to be in that archive as well, or am I meant o manually download those from the Certificate Manager page.

      Thanks

      Wasca ???

      1 Reply Last reply Reply Quote 0
      • W
        Wasca
        last edited by

        If I download the Viscosity Bundle zip file I see there is a ca.crt, cert.crt, key.key, and ta.key.

        I want to be able to use OpenVPNGUI so I want the one that has the .ovpn config file.

        1 Reply Last reply Reply Quote 0
        • W
          Wasca
          last edited by

          Hi Guys

          I've sorted out my issue. All good now. I know understand that using the method of authentication I have does not need those files.

          One thing I did discover. For Windows 7 machines you need to add these extra lines at the bottom of the client config.

          route-method exe
          route-delay 2

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The ca, cert, and key are all inside of that .p12 file. Read up on PKCS #12.

            If you really want to separate them, you can use the openssl command to break them up:
            http://www.sslshopper.com/article-most-common-openssl-commands.html

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              @Wasca:

              route-method exe
              route-delay 2

              Did you still have to run the client as Administrator with that? Or did it give a UAC prompt?

              Normally the client works as-is but you have to run it as administrator.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • W
                Wasca
                last edited by

                I did not have to specify to run as administrator, I have UAC turned off and my account is an Admin account.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Ah, ok. Having UAC off is probably why that worked for you then.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhatz
                    last edited by

                    @jimp:

                    Did you still have to run the client as Administrator with that? Or did it give a UAC prompt?

                    Normally the client works as-is but you have to run it as administrator.

                    Wrt to the UAC issue, you might want to check

                    https://vpnuk.info/scheduled-task.html
                    http://forums.untangle.com/openvpn/30901-bye-bye-uac-promts.html

                    1 Reply Last reply Reply Quote 0
                    • J
                      jonallport
                      last edited by

                      Try the Securepoint client (securepoint.cc); that runs the ovpn daemon as a service, so no UAC shenanigans, and a reasonable GUI too.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        I just added the OpenVPN 2.3 beta to the export package (you can choose 2.2 or 2.3 now) and the 2.3 install does not produce a UAC prompt on my Win 7 box, and it does add the routes.

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • N
                          Nachtfalke
                          last edited by

                          @jimp:

                          I just added the OpenVPN 2.3 beta to the export package (you can choose 2.2 or 2.3 now) and the 2.3 install does not produce a UAC prompt on my Win 7 box, and it does add the routes.

                          I created the OpenVPN Installer package 2.3beta on pfsense 2.0.1 i386 and using it on my Windows 7 Ultimate x64 and adding the routes is NOT working without admin rights.

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            Try uninstalling OpenVPN completely first - old and new versions - then reinstall just the 2.3 beta.

                            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • N
                              Nachtfalke
                              last edited by

                              @jimp:

                              Try uninstalling OpenVPN completely first - old and new versions - then reinstall just the 2.3 beta.

                              Not working for me. Uninstalled all OpenVPN versions, rebooted and installed the new version, rebooted.
                              This is the log:

                              
                              Wed Oct 03 18:41:31 2012 OpenVPN 2.3_beta1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Sep 21 2012
                              Enter Management Password:
                              Wed Oct 03 18:41:31 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
                              Wed Oct 03 18:41:31 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
                              Wed Oct 03 18:41:31 2012 Control Channel Authentication: using 'A208808.key' as a OpenVPN static key file
                              Wed Oct 03 18:41:33 2012 Attempting to establish TCP connection with [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:33 2012 TCP connection established with [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:33 2012 TCPv4_CLIENT link local: [undef]
                              Wed Oct 03 18:41:33 2012 TCPv4_CLIENT link remote: [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:36 2012 [OpenVPN-RoadWarrior-Server] Peer Connection Initiated with [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:38 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
                              Wed Oct 03 18:41:38 2012 open_tun, tt->ipv6=0
                              Wed Oct 03 18:41:38 2012 TAP-WIN32 device [LAN-Verbindung 11] opened: \\.\Global\{018BD089-27A7-4FBF-A90D-52B819EBE2D1}.tap
                              Wed Oct 03 18:41:38 2012 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.32.6/255.255.255.252 on interface {018BD089-27A7-4FBF-A90D-52B819EBE2D1} [DHCP-serv: 10.0.32.5, lease-time: 31536000]
                              Wed Oct 03 18:41:38 2012 Successful ARP Flush on interface [40] {018BD089-27A7-4FBF-A90D-52B819EBE2D1}
                              Wed Oct 03 18:41:43 2012 ROUTE: route addition failed using CreateIpForwardEntry: The Object already exists. ย  [status=5010 if_index=40]
                              Wed Oct 03 18:41:43 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                              Adding the route failed: The Object already exists.
                              
                              Wed Oct 03 18:41:43 2012 Initialization Sequence Completed
                              Wed Oct 03 19:39:26 2012 ROUTE: route deletion failed using DeleteIpForwardEntry: Element not found. ย 
                              Wed Oct 03 19:39:26 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                              Deleting the route failed: Element not found.
                              
                              Wed Oct 03 19:39:26 2012 SIGTERM[hard,] received, process exiting
                              
                              
                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                Might help if that were in English ;-)

                                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • N
                                  Nachtfalke
                                  last edited by

                                  @jimp:

                                  Might help if that were in English ;-)

                                  Difficult on a german windows ;-)
                                  I tried to translate the few sentences with my best school english in the original post.

                                  1 Reply Last reply Reply Quote 0
                                  • jimpJ
                                    jimp Rebel Alliance Developer Netgate
                                    last edited by

                                    So that's saying it's trying to add a route that already exists.

                                    Sure you're connecting to the right VPN? From a location that isn't behind the firewall you're using for the VPN?

                                    The old failure with UAC was different, it mentioned something about lacking permissions or rights.

                                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                    Need help fast? Netgate Global Support!

                                    Do not Chat/PM for help!

                                    1 Reply Last reply Reply Quote 0
                                    • N
                                      Nachtfalke
                                      last edited by

                                      I am trying this from at home behind my home router.

                                      When I connect to the VPN server the connection will be established - the systray icon turns into green. But "netstat -rn" does not show me additional routes - just the route for the tunnel network.

                                      When I run the OpenVPN client with admin rights the routes will be added.

                                      But when I run it with admin rights I got a similar error message:

                                      
                                      Wed Oct 03 21:17:58 2012 Successful ARP Flush on interface [50] {FBDB3111-D2E3-4899-A765-87EAFB843546}
                                      Wed Oct 03 21:18:03 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object still exists.ย   [status=5010 if_index=50]
                                      Wed Oct 03 21:18:03 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                                      Wed Oct 03 21:18:03 2012 Initialization Sequence Completed
                                      
                                      

                                      But then I can connect to the pfsense server and to the LAN clients behind pfsense.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.