Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Authentication failure openvpn and pfsense

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bhenson1
      last edited by

      I'm trying to get openvpn (v2.2) working for myself and another employee to our office. Every time I try to connect I get an authentication failure.

      I don't understand why because I'm one of the administrators in pfsense. So where's the authentication failing?

      I extracted the config, certificate, and key files from pfsense.

      Pfsense version 2.0.

      Can someone help me get on the right track for troubleshooting?

      1 Reply Last reply Reply Quote 0
      • D Offline
        divsys
        last edited by

        What version of pfsense are you running, 2.03, 2.1, 2.12, 2.13?

        Is this a road warrior setup, site to site?

        The Authentication error messages are coming from the OpenVPN status logs, correct?

        If so, that usually points to a problem with your certificates, not the user login to pfsense. The actual error message would help.

        If you can post your OpenVPN server config page, we might be able to help.

        -jfp

        1 Reply Last reply Reply Quote 0
        • B Offline
          bhenson1
          last edited by

          Version is 2.0-RELEASE (i386)

          I don't know what road warrior is. This is a VPN connection between our office and employees' homes.

          The message is in the status logs, here is the message:

          openvpn[41125]: 67.189.18.29:1194 TLS Auth Error: Auth Username/Password verification failed for peer

          From config file:

          dev tun
          persist-tun
          persist-key
          cipher AES-256-CBC
          tls-client
          client
          resolv-retry infinite
          remote 75.150.44.1 1194 udp
          tls-remote vpnuser
          auth-user-pass
          ca numedics-pfsense-udp-1194-ca.crt
          tls-auth numedics-pfsense-udp-1194-tls.key 1
          comp-lzo

          1 Reply Last reply Reply Quote 0
          • D Offline
            divsys
            last edited by

            Ok, just for future reference, "Road Warrior" is a generic term used for VPN connections made from a "salesman's laptop" or someone "on the road".  :)

            Here it just means the employee's home is the client and your office pfsense is the OpenVPN server.

            From your config file it looks like you've assigned a password to the certificate used on the home computer.

            Do you have other remote links that do work or is this the first one?

            Is the home computer a PC or a Mac?

            Do you know how the client was installed, downloaded from the pfsense webgui or manually?

            We'll help as best we can, it's just that error message can point in a bunch of directions

            -jfp

            1 Reply Last reply Reply Quote 0
            • B Offline
              bhenson1
              last edited by

              God I feel dumb. I thought that being a member of the domain admins group meant I'd also have VPN rights, but looks like I had to be added to our VPN group in active directory. I feel humbled.

              Thank you for going out of your way to offer to help. But looks like I'm good to go now.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.