A Little Help From My Friend's…...



  • Can't Get PIA on OpenVPN to work, have a SIGTERM {soft, auth-failure} received, process exiting…Failure Message.
    I have already done 2 or 3 variations of firewall and NAT settings....and the OpenVPN Client settings and doesn't seem like much is going to work......had it working at a basic level before the Box crashed It was shoving ALL traffic out the VPN unless I firewalled ruled it to the GW-WAN, But that was the Nuclear option.
    Hope somebody will take a look at my Cert setup. Maybe I'm doing some wrong and I just can't see the trees for the forest.
    Thanks,

    Created a Password file in /etc/open-vpn password.txt
    with:

    username
    password


    Then imported PIA Certificate file and Saved it as PIA

    Then--System>Cert Authority>Create Internal Cert Auth
    Create an Internal Certificate :
    Name:---PIA Cert Authority
    Key 2048 bits
    SHA 256
    3650 Lifetime
    Filled in all the Lines with stuff
    Common Name internal-ca

    Clicked Save.

    Went to System:Certificate Authority Manager

    Method: ------Create an Internal Certificate
    Name:---- PIA User Cert
    Certificate Authority:----PIA Cert Authority
    Key Length:---2048
    Certificate Type:---User Certificate
    Lifetime:-----3650
    Distinguishe Name:-----Filled it all in with Stuff
    Common Nambe www.xxxxxxxxxx.com
    Clicked Save

    Question:---Which CA to use to "sign" this User Certificate....PIA  or  PIA Internal Certificate I created in 1st step.????????
    (I have tried both...with little success)

    NOW a Question................Since I am only using the OpenVPN Client.....Which User Certificate???????????

    PIA User Cert...............or...............WebConfig
    I have tried both with no success...........................I used the PIA User Cert on the working setup..........before the Box Crashed.


    Assignments: interfaces
    I Added the OPT3 Interface, but did not give it and IP...yet set IP4 to None.... (this is method used originally.....and worked)


    Went to OpenVPN, created client with the settings and advanced settings PIA requires....their particular encryption BF-CBC (128 bit), no TLS authorization, Now PIA Client or WebConfig default??????, No Hardware Crypto........their advanced settings (the one's that worked previously)


    Now went back to Interfaces:assignments, Set (bound) the new opvnc1 to the OPT3 interface.......


    Opened up OPT3 interface....set it a static IP and range
    Went to DHCP server enabled it on OPT3


    Went to NAT, created NAT on Each Interface for Port 500 and one for Pass All


    Then went to firewall rules and just shotgunned those...............All, All, Alll to All. etc.............


    Got:
    AUTH: Received control message: AUTH_FAILED
    TCP/UDP: closing socket
    SIGTERM [soft, auth-failure] received, process exiting.

    AND….............I was receiving data, pinging google, yahoo, etc....................but couldn't get out to Net.............( this might be may NAT rules, Pfsense is not real Clear sometimes on which interface is sourche exactly what destination, etc.
    The Theory of Operation doesn't cover the relationships between LAN...WAN, and the interaction's very well.....like are they stranger's, incestuous or what. This sometimes makes setting these a little foggy.

    Something that would help some......allowing the user to set color for different interface's and a color for enabled and disabled rules. Just an organizing thing.....like clearing brush so you can see further into the forest before the trees get you!

    Appreciate the look see at my trials and tribulations

    Thanks

    :o :o :o :o :o >:( >:( >:( :-[ :-[ :-[ :-[


Log in to reply