Export Utility File Contents
-
Hi Guys
I've created a OpenVPN for my road warriors on a PFSense 2.01 install and now I'm using the client export utility. I click on the Client Export tab then for the client I want to export I select "Configuration archive" it downloads a zip file that contains only three files.
pyro-bri-udp-1194-tls.key
pyro-bri-udp-1194.ovpn
pyro-bri-udp-1194.p12Here is the contents of the ovpn file, seems to be missing any reference to the .crt file and .key file
dev tun persist-tun persist-key proto udp cipher AES-256-CBC tls-client client resolv-retry infinite remote xxx.xxx.xxx.xxx 1194 tls-remote MAS-OPENVPN auth-user-pass pkcs12 pyro-bri-udp-1194.p12 tls-auth pyro-bri-udp-1194-tls.key 1
Are these all the files that are meant to be in the zip file? is the server.crt and server.key meant to be in that archive as well, or am I meant o manually download those from the Certificate Manager page.
Thanks
Wasca ???
-
If I download the Viscosity Bundle zip file I see there is a ca.crt, cert.crt, key.key, and ta.key.
I want to be able to use OpenVPNGUI so I want the one that has the .ovpn config file.
-
Hi Guys
I've sorted out my issue. All good now. I know understand that using the method of authentication I have does not need those files.
One thing I did discover. For Windows 7 machines you need to add these extra lines at the bottom of the client config.
route-method exe
route-delay 2 -
The ca, cert, and key are all inside of that .p12 file. Read up on PKCS #12.
If you really want to separate them, you can use the openssl command to break them up:
http://www.sslshopper.com/article-most-common-openssl-commands.html -
route-method exe
route-delay 2Did you still have to run the client as Administrator with that? Or did it give a UAC prompt?
Normally the client works as-is but you have to run it as administrator.
-
I did not have to specify to run as administrator, I have UAC turned off and my account is an Admin account.
-
Ah, ok. Having UAC off is probably why that worked for you then.
-
Did you still have to run the client as Administrator with that? Or did it give a UAC prompt?
Normally the client works as-is but you have to run it as administrator.
Wrt to the UAC issue, you might want to check
https://vpnuk.info/scheduled-task.html
http://forums.untangle.com/openvpn/30901-bye-bye-uac-promts.html -
Try the Securepoint client (securepoint.cc); that runs the ovpn daemon as a service, so no UAC shenanigans, and a reasonable GUI too.
-
I just added the OpenVPN 2.3 beta to the export package (you can choose 2.2 or 2.3 now) and the 2.3 install does not produce a UAC prompt on my Win 7 box, and it does add the routes.
-
I just added the OpenVPN 2.3 beta to the export package (you can choose 2.2 or 2.3 now) and the 2.3 install does not produce a UAC prompt on my Win 7 box, and it does add the routes.
I created the OpenVPN Installer package 2.3beta on pfsense 2.0.1 i386 and using it on my Windows 7 Ultimate x64 and adding the routes is NOT working without admin rights.
-
Try uninstalling OpenVPN completely first - old and new versions - then reinstall just the 2.3 beta.
-
Try uninstalling OpenVPN completely first - old and new versions - then reinstall just the 2.3 beta.
Not working for me. Uninstalled all OpenVPN versions, rebooted and installed the new version, rebooted.
This is the log:Wed Oct 03 18:41:31 2012 OpenVPN 2.3_beta1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Sep 21 2012 Enter Management Password: Wed Oct 03 18:41:31 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page). Wed Oct 03 18:41:31 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Wed Oct 03 18:41:31 2012 Control Channel Authentication: using 'A208808.key' as a OpenVPN static key file Wed Oct 03 18:41:33 2012 Attempting to establish TCP connection with [AF_INET]111.111.111.111:1111 Wed Oct 03 18:41:33 2012 TCP connection established with [AF_INET]111.111.111.111:1111 Wed Oct 03 18:41:33 2012 TCPv4_CLIENT link local: [undef] Wed Oct 03 18:41:33 2012 TCPv4_CLIENT link remote: [AF_INET]111.111.111.111:1111 Wed Oct 03 18:41:36 2012 [OpenVPN-RoadWarrior-Server] Peer Connection Initiated with [AF_INET]111.111.111.111:1111 Wed Oct 03 18:41:38 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Oct 03 18:41:38 2012 open_tun, tt->ipv6=0 Wed Oct 03 18:41:38 2012 TAP-WIN32 device [LAN-Verbindung 11] opened: \\.\Global\{018BD089-27A7-4FBF-A90D-52B819EBE2D1}.tap Wed Oct 03 18:41:38 2012 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.32.6/255.255.255.252 on interface {018BD089-27A7-4FBF-A90D-52B819EBE2D1} [DHCP-serv: 10.0.32.5, lease-time: 31536000] Wed Oct 03 18:41:38 2012 Successful ARP Flush on interface [40] {018BD089-27A7-4FBF-A90D-52B819EBE2D1} Wed Oct 03 18:41:43 2012 ROUTE: route addition failed using CreateIpForwardEntry: The Object already exists. ย [status=5010 if_index=40] Wed Oct 03 18:41:43 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Adding the route failed: The Object already exists. Wed Oct 03 18:41:43 2012 Initialization Sequence Completed Wed Oct 03 19:39:26 2012 ROUTE: route deletion failed using DeleteIpForwardEntry: Element not found. ย Wed Oct 03 19:39:26 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Deleting the route failed: Element not found. Wed Oct 03 19:39:26 2012 SIGTERM[hard,] received, process exiting
-
Might help if that were in English ;-)
-
Might help if that were in English ;-)
Difficult on a german windows ;-)
I tried to translate the few sentences with my best school english in the original post. -
So that's saying it's trying to add a route that already exists.
Sure you're connecting to the right VPN? From a location that isn't behind the firewall you're using for the VPN?
The old failure with UAC was different, it mentioned something about lacking permissions or rights.
-
I am trying this from at home behind my home router.
When I connect to the VPN server the connection will be established - the systray icon turns into green. But "netstat -rn" does not show me additional routes - just the route for the tunnel network.
When I run the OpenVPN client with admin rights the routes will be added.
But when I run it with admin rights I got a similar error message:
Wed Oct 03 21:17:58 2012 Successful ARP Flush on interface [50] {FBDB3111-D2E3-4899-A765-87EAFB843546} Wed Oct 03 21:18:03 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object still exists.ย [status=5010 if_index=50] Wed Oct 03 21:18:03 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Wed Oct 03 21:18:03 2012 Initialization Sequence Completed
But then I can connect to the pfsense server and to the LAN clients behind pfsense.