Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug with OpenVPN Export 1.2.6

    Scheduled Pinned Locked Moved OpenVPN
    16 Posts 5 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rugby
      last edited by

      Just setup a new alix kit at a client and went to install OpenVPN as we've done dozens of times before.  Using v2.1.2nano bsd and Viscosity 1.4.8 on Mavericks (and Mountain Lion) we get this error when trying to connect:

      Apr 22 06:44:30: Checking reachability status of connection…
      Apr 22 06:44:30: Connection is reachable. Starting connection attempt.
      Options error: --tls-auth fails with 'ta.key': No such file or directory
      Options error: Please correct these errors.

      The OpenVPN subsystem could not be started. Please check the following:

      • Check for any error messages above this notification.
      • Make sure Viscosity is not running under a File Vault protected location (put Viscosity in the Applications folder).
      • Make sure the configuration is valid. Check the connection settings for the connection using Viscosity and make sure all settings are correct.

      Now, I've got 6 other OpenVPN connections and they all have the ta.key file except this newly created one.  I've gone through the wizard three times now with the same affect.

      I took a working OpenVPN setup running Export 1.2.5 and successfully exported a working viscosity bundle, but when I upgraded to the OpenVPN Export 1.2.6 that's where the problem started.

      I have now replicated this bug on another install of PFSense 2.1.2.  I had 1.2.5 of the OpenVPN export package installed and could export a working Viscosity bundle, and then I upgraded to v1.2.6 and re-exported and the resulting bundle did not work.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        We'll look into it. In the meantime, use the "other" inline export option and that should work fine for importing to Viscosity.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Using the latest version of the export package I exported a viscosity config and it contained the ta.key file and the line referencing the ta.key.

          Try removing and reinstalling the package. If that does not help, we'll need some more info about the config to track it down.

          Looking at the code it all looks correct, at least for version 1.2.6. Before that there was a bug in the Viscosity export but it wasn't related to the TLS key as far as I can see.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • R
            rugby
            last edited by

            I removed and reinstalled the package and still get the same error.  I did get the "others" link to work so that's fine for now.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              You might make sure to remove the file from your download folder and clear your browser cache and then try it again. Or try downloading from another browser.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                The issue with the Viscosity export was only in the offset of the variables at the end, impacting the OpenVPN Manager and custom options fields. I verified the TLS key functionality in 1.2.6 at the time that was fixed, and again now. It works fine. I'd go with Jim's last recommendation next.

                1 Reply Last reply Reply Quote 0
                • S
                  scolland
                  last edited by

                  Hi,

                  I am having the same issue (Viscosity config does not work but the Other inline option does).

                  If it helps, this is the log for the Viscosity config file:

                  Apr 23 09:12:36: Viscosity Mac 1.4.6 (1156)
                  Apr 23 09:12:36: Viscosity OpenVPN Engine Started
                  Apr 23 09:12:36: Running on Mac OS X 10.9.2
                  Apr 23 09:12:36: –-------
                  Apr 23 09:12:36: Checking reachability status of connection...
                  Apr 23 09:12:36: Connection is reachable. Starting connection attempt.
                  Options error: --tls-auth fails with 'ta.key': No such file or directory
                  Options error: Please correct these errors.

                  The OpenVPN subsystem could not be started. Please check the following:

                  • Check for any error messages above this notification.
                  • Make sure Viscosity is not running under a File Vault protected location (put Viscosity in the Applications folder).
                  • Make sure the configuration is valid. Check the connection settings for the connection using Viscosity and make sure all settings are correct.

                  Thanks

                  James

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    @scolland - Are you on version 1.2.6 of the export package? If so, does your server actually have TLS Authentication enabled?

                    I still can't reproduce any problem with the current package. The ta.key is in the archive as it should be.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • P
                      priller
                      last edited by

                      I'm having the same problem with the Viscosity export.

                      Version 1.2.6 of the export package.

                      Yes, the server has TLS Authentication enabled.

                      The exported Viscosity package does contain the ta.key, but it looks like it can't be read in by the client.  ??

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Does the ta.key in the file have anything in it? Is it the right ta.key?

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • P
                          priller
                          last edited by

                          @jimp:

                          Does the ta.key in the file have anything in it? Is it the right ta.key?

                          It's there.  The ta.key in the bundle is identical to the one in the server config page.  Also the same as the one in the "others" export which does work in Viscosity.

                          FWIW, the Viscosity client is 1.4.8 (1162).  May be client-side issue.

                          1 Reply Last reply Reply Quote 0
                          • P
                            priller
                            last edited by

                            I found the problem with the Viscosity bundle created by the Client Export.

                            This is how it should look (based on the export of a working profile from the Viscosity client)

                            ca ca.crt
                            tls-auth ta.key 1
                            cert cert.crt
                            key key.key
                            

                            Here is what the pfSense bundle has

                            
                            tls-auth pfsense-udp-1194-username-tls.key  <<-----
                            ca ca.crt
                            tls-auth ta.key 1
                            cert cert.crt
                            key key.key
                            

                            If I remove the erroneous tls-auth line (the first one) from the config.conf in the bundle, everything works correctly.

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              OK, that should be much easier to track down. I'll check on it from that angle.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                Pushed a fix. Be on the lookout for 1.2.9

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • P
                                  priller
                                  last edited by

                                  @jimp:

                                  Pushed a fix. Be on the lookout for 1.2.9

                                  That works.  Thanks!  :)

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    rugby
                                    last edited by

                                    I was just coming back after taking some time off of work and going to post something.  Thanks for fixing this guys!

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.