Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Export Utility File Contents

    OpenVPN
    5
    17
    4656
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wasca last edited by

      Hi Guys

      I've created a OpenVPN for my road warriors on a PFSense 2.01 install and now I'm using the client export utility. I click on the Client Export tab then for the client I want to export I select "Configuration archive" it downloads a zip file that contains only three files.

      pyro-bri-udp-1194-tls.key
      pyro-bri-udp-1194.ovpn
      pyro-bri-udp-1194.p12

      Here is the contents of the ovpn file, seems to be missing any reference to the .crt file and .key file

      
      dev tun
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      tls-client
      client
      resolv-retry infinite
      remote xxx.xxx.xxx.xxx 1194
      tls-remote MAS-OPENVPN
      auth-user-pass
      pkcs12 pyro-bri-udp-1194.p12
      tls-auth pyro-bri-udp-1194-tls.key 1
      

      Are these all the files that are meant to be in the zip file? is the server.crt and server.key meant to be in that archive as well, or am I meant o manually download those from the Certificate Manager page.

      Thanks

      Wasca ???

      1 Reply Last reply Reply Quote 0
      • W
        Wasca last edited by

        If I download the Viscosity Bundle zip file I see there is a ca.crt, cert.crt, key.key, and ta.key.

        I want to be able to use OpenVPNGUI so I want the one that has the .ovpn config file.

        1 Reply Last reply Reply Quote 0
        • W
          Wasca last edited by

          Hi Guys

          I've sorted out my issue. All good now. I know understand that using the method of authentication I have does not need those files.

          One thing I did discover. For Windows 7 machines you need to add these extra lines at the bottom of the client config.

          route-method exe
          route-delay 2

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            The ca, cert, and key are all inside of that .p12 file. Read up on PKCS #12.

            If you really want to separate them, you can use the openssl command to break them up:
            http://www.sslshopper.com/article-most-common-openssl-commands.html

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              @Wasca:

              route-method exe
              route-delay 2

              Did you still have to run the client as Administrator with that? Or did it give a UAC prompt?

              Normally the client works as-is but you have to run it as administrator.

              1 Reply Last reply Reply Quote 0
              • W
                Wasca last edited by

                I did not have to specify to run as administrator, I have UAC turned off and my account is an Admin account.

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  Ah, ok. Having UAC off is probably why that worked for you then.

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhatz last edited by

                    @jimp:

                    Did you still have to run the client as Administrator with that? Or did it give a UAC prompt?

                    Normally the client works as-is but you have to run it as administrator.

                    Wrt to the UAC issue, you might want to check

                    https://vpnuk.info/scheduled-task.html
                    http://forums.untangle.com/openvpn/30901-bye-bye-uac-promts.html

                    1 Reply Last reply Reply Quote 0
                    • J
                      jonallport last edited by

                      Try the Securepoint client (securepoint.cc); that runs the ovpn daemon as a service, so no UAC shenanigans, and a reasonable GUI too.

                      1 Reply Last reply Reply Quote 0
                      • jimp
                        jimp Rebel Alliance Developer Netgate last edited by

                        I just added the OpenVPN 2.3 beta to the export package (you can choose 2.2 or 2.3 now) and the 2.3 install does not produce a UAC prompt on my Win 7 box, and it does add the routes.

                        1 Reply Last reply Reply Quote 0
                        • N
                          Nachtfalke last edited by

                          @jimp:

                          I just added the OpenVPN 2.3 beta to the export package (you can choose 2.2 or 2.3 now) and the 2.3 install does not produce a UAC prompt on my Win 7 box, and it does add the routes.

                          I created the OpenVPN Installer package 2.3beta on pfsense 2.0.1 i386 and using it on my Windows 7 Ultimate x64 and adding the routes is NOT working without admin rights.

                          1 Reply Last reply Reply Quote 0
                          • jimp
                            jimp Rebel Alliance Developer Netgate last edited by

                            Try uninstalling OpenVPN completely first - old and new versions - then reinstall just the 2.3 beta.

                            1 Reply Last reply Reply Quote 0
                            • N
                              Nachtfalke last edited by

                              @jimp:

                              Try uninstalling OpenVPN completely first - old and new versions - then reinstall just the 2.3 beta.

                              Not working for me. Uninstalled all OpenVPN versions, rebooted and installed the new version, rebooted.
                              This is the log:

                              
                              Wed Oct 03 18:41:31 2012 OpenVPN 2.3_beta1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Sep 21 2012
                              Enter Management Password:
                              Wed Oct 03 18:41:31 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
                              Wed Oct 03 18:41:31 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
                              Wed Oct 03 18:41:31 2012 Control Channel Authentication: using 'A208808.key' as a OpenVPN static key file
                              Wed Oct 03 18:41:33 2012 Attempting to establish TCP connection with [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:33 2012 TCP connection established with [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:33 2012 TCPv4_CLIENT link local: [undef]
                              Wed Oct 03 18:41:33 2012 TCPv4_CLIENT link remote: [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:36 2012 [OpenVPN-RoadWarrior-Server] Peer Connection Initiated with [AF_INET]111.111.111.111:1111
                              Wed Oct 03 18:41:38 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
                              Wed Oct 03 18:41:38 2012 open_tun, tt->ipv6=0
                              Wed Oct 03 18:41:38 2012 TAP-WIN32 device [LAN-Verbindung 11] opened: \\.\Global\{018BD089-27A7-4FBF-A90D-52B819EBE2D1}.tap
                              Wed Oct 03 18:41:38 2012 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.32.6/255.255.255.252 on interface {018BD089-27A7-4FBF-A90D-52B819EBE2D1} [DHCP-serv: 10.0.32.5, lease-time: 31536000]
                              Wed Oct 03 18:41:38 2012 Successful ARP Flush on interface [40] {018BD089-27A7-4FBF-A90D-52B819EBE2D1}
                              Wed Oct 03 18:41:43 2012 ROUTE: route addition failed using CreateIpForwardEntry: The Object already exists.   [status=5010 if_index=40]
                              Wed Oct 03 18:41:43 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                              Adding the route failed: The Object already exists.
                              
                              Wed Oct 03 18:41:43 2012 Initialization Sequence Completed
                              Wed Oct 03 19:39:26 2012 ROUTE: route deletion failed using DeleteIpForwardEntry: Element not found.  
                              Wed Oct 03 19:39:26 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                              Deleting the route failed: Element not found.
                              
                              Wed Oct 03 19:39:26 2012 SIGTERM[hard,] received, process exiting
                              
                              
                              1 Reply Last reply Reply Quote 0
                              • jimp
                                jimp Rebel Alliance Developer Netgate last edited by

                                Might help if that were in English ;-)

                                1 Reply Last reply Reply Quote 0
                                • N
                                  Nachtfalke last edited by

                                  @jimp:

                                  Might help if that were in English ;-)

                                  Difficult on a german windows ;-)
                                  I tried to translate the few sentences with my best school english in the original post.

                                  1 Reply Last reply Reply Quote 0
                                  • jimp
                                    jimp Rebel Alliance Developer Netgate last edited by

                                    So that's saying it's trying to add a route that already exists.

                                    Sure you're connecting to the right VPN? From a location that isn't behind the firewall you're using for the VPN?

                                    The old failure with UAC was different, it mentioned something about lacking permissions or rights.

                                    1 Reply Last reply Reply Quote 0
                                    • N
                                      Nachtfalke last edited by

                                      I am trying this from at home behind my home router.

                                      When I connect to the VPN server the connection will be established - the systray icon turns into green. But "netstat -rn" does not show me additional routes - just the route for the tunnel network.

                                      When I run the OpenVPN client with admin rights the routes will be added.

                                      But when I run it with admin rights I got a similar error message:

                                      
                                      Wed Oct 03 21:17:58 2012 Successful ARP Flush on interface [50] {FBDB3111-D2E3-4899-A765-87EAFB843546}
                                      Wed Oct 03 21:18:03 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object still exists.   [status=5010 if_index=50]
                                      Wed Oct 03 21:18:03 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                                      Wed Oct 03 21:18:03 2012 Initialization Sequence Completed
                                      
                                      

                                      But then I can connect to the pfsense server and to the LAN clients behind pfsense.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post

                                      Products

                                      • Platform Overview
                                      • TNSR
                                      • pfSense
                                      • Appliances

                                      Services

                                      • Training
                                      • Professional Services

                                      Support

                                      • Subscription Plans
                                      • Contact Support
                                      • Product Lifecycle
                                      • Documentation

                                      News

                                      • Media Coverage
                                      • Press
                                      • Events

                                      Resources

                                      • Blog
                                      • FAQ
                                      • Find a Partner
                                      • Resource Library
                                      • Security Information

                                      Company

                                      • About Us
                                      • Careers
                                      • Partners
                                      • Contact Us
                                      • Legal
                                      Our Mission

                                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                      Subscribe to our Newsletter

                                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                      © 2021 Rubicon Communications, LLC | Privacy Policy