Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem in OpenVPN Client Export Utility 0.22 and a workaround

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      josemaX
      last edited by

      Hello all

      Yesterday I created a new user for OpenVPN in my pfSense box and had an error. It failed to connect in both Windows (with the installer) and Linux (Ubuntu, CentOS) with the archive, but it worked in Mac+Viscosity and the Viscosity bundle.

      This is the error i got:
      […trimmed...]
      Wed Aug 15 21:57:04 2012 Control Channel Authentication: using 'hostname-udp-1194-tls.key' as a OpenVPN static key file
      Wed Aug 15 21:57:04 2012 LZO compression initialized
      Wed Aug 15 21:57:04 2012 UDPv4 link local (bound): [undef]:1194
      Wed Aug 15 21:57:04 2012 UDPv4 link remote: 84.x.x.x:1194
      Wed Aug 15 21:57:04 2012 TLS Error: Unroutable control packet received from 84.x.x.x:1194 (si=3 op=P_ACK_V1)
      Wed Aug 15 21:57:05 2012 TLS Error: Unroutable control packet received from 84.x.x.x:1194 (si=3 op=P_CONTROL_V1)
      Wed Aug 15 21:57:06 2012 TLS Error: Unroutable control packet received from 84.x.x.x:1194 (si=3 op=P_ACK_V1)

      After spend several hours trying to do it work (that included create new certificates, new CAs, reinstall the Export Utility package, reboot…) i discovered what happened. Here it is to help you or the developer to fix it (TYA).

      The server certificate for my OpenVPN server is called:

      Road Warrior Server Cert.

      And the problem is that (at least) the 0.22 of Export Utility surrounds that name in the tls-remote entry in the ovpn file with quotes. This way:

      tls-remote "Road Warrior Server Cert."

      And that does it fail. This not happens if the cert. name has no spaces! (it works with the quotes)

      Simply by editing that file and removing the quotes it works again both in Linux and Windows (leaving this way):

      tls-remote Road Warrior Server Cert.

      I found a previous archive (exported with an older versión of the utility) and it has no quotes. At some time (i think less than 3 weeks) the quotes was added resulting in this problem.

      So, here you have a workaround and a request to solve it  ;) Thanks!

      Hope helps someone

      Best,

      1 Reply Last reply Reply Quote 0
      • J
        josemaX
        last edited by

        I think this can be solved replacing

        $conf .= "tls-remote "{$servercn}"{$nl}";

        with

        $conf .= "tls-remote {$servercn}{$nl}";

        in /usr/local/pkg/openvpn-client-export.inc

        Any expert can confirm it? I'm pretty sure it's the solution.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          The quotes were added because they were required by others to function correctly.

          The real fix is to not use spaces in your CA/Cert common names. :-)

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • J
            josemaX
            last edited by

            Yes, i guessed that, but then i would reissue all packages/configs to users  :-[

            Perhaps a warning in the gui helps to avoid this in the future to other pfSense users.

            Best,

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.