Just can't figure this out!
-
Ok I'm wondering if anyone can shed any light on my problem or what I'm missing.
I followed this guide to get OpenVPN running on my box with Private Internet Access as my provider. I've used this in the past but when my ISP (Telus) locked out some hidden access to the Actiontec V1000H routers I lost bridging and shortly after my pfSense box died for some reason so I went back to regular internet. I recently got a new modem from my ISP, an Actiontec T1200H, which allows bridging on Port 1 when enabled. I thought it was a perfect time to resurrect the pfSense box but I'm having some real issues. The box has had no hardware changes and delivers regular internet just fine but will not route through my VPN.
I used this guide by mpboden https://forum.pfsense.org/index.php?topic=76015.0
I get a WAN and LAN connection but no VPN. Any help is appreciated.
Some screenshots.
Interfaces
 -
one more photo
 -
The VPN's not coming up. You sent no VPN client configuration information. What happens when you hit the start button in Status > Services? What's in the OpenVLN log in Status > System Logs, OpenVPN tab?
-
HI thanks for trying to help!
Here's what I get when I look at Status>Services
OpenVPN log
-
Need to see more log or your OpenVPN settings. Something you have set is preventing it from even starting.
Steve
-
I appreciate all the help.
Here are the last 50 entries| Apr 6 00:00:26 openvpn[9047]: push_ifconfig_ipv6_defined = DISABLED
Apr 6 00:00:26 openvpn[9047]: push_ifconfig_ipv6_local = ::/0
Apr 6 00:00:26 openvpn[9047]: push_ifconfig_ipv6_remote = ::
Apr 6 00:00:26 openvpn[9047]: enable_c2c = DISABLED
Apr 6 00:00:26 openvpn[9047]: duplicate_cn = DISABLED
Apr 6 00:00:26 openvpn[9047]: cf_max = 0
Apr 6 00:00:26 openvpn[9047]: cf_per = 0
Apr 6 00:00:26 openvpn[9047]: max_clients = 1024
Apr 6 00:00:26 openvpn[9047]: max_routes_per_client = 256
Apr 6 00:00:26 openvpn[9047]: auth_user_pass_verify_script = '[UNDEF]'
Apr 6 00:00:26 openvpn[9047]: auth_user_pass_verify_script_via_file = DISABLED
Apr 6 00:00:26 openvpn[9047]: port_share_host = '[UNDEF]'
Apr 6 00:00:26 openvpn[9047]: port_share_port = 0
Apr 6 00:00:26 openvpn[9047]: client = ENABLED
Apr 6 00:00:26 openvpn[9047]: pull = ENABLED
Apr 6 00:00:26 openvpn[9047]: auth_user_pass_file = '/etc/openvpn-password.txt'
Apr 6 00:00:26 openvpn[9047]: OpenVPN 2.3.6 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Feb 13 2015
Apr 6 00:00:26 openvpn[9047]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
Apr 6 00:00:26 openvpn[9047]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Apr 6 00:00:26 openvpn[9177]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 6 00:00:26 openvpn[9177]: LZO compression initialized
Apr 6 00:00:26 openvpn[9177]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Apr 6 00:00:26 openvpn[9177]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Apr 6 00:00:26 openvpn[9177]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 6 00:00:26 openvpn[9177]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Apr 6 00:00:26 openvpn[9177]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Apr 6 00:00:26 openvpn[9177]: Local Options hash (VER=V4): '41690919'
Apr 6 00:00:26 openvpn[9177]: Expected Remote Options hash (VER=V4): '530fdded'
Apr 6 00:00:26 openvpn[9177]: UDPv4 link local (bound): [AF_INET]207.81.126.205
Apr 6 00:00:26 openvpn[9177]: UDPv4 link remote: [AF_INET]104.207.136.67:1194
Apr 6 00:00:26 openvpn[9177]: TLS: Initial packet from [AF_INET]104.207.136.67:1194, sid=88ace726 1b15bcb8
Apr 6 00:00:26 openvpn[9177]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Apr 6 00:00:26 openvpn[9177]: VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Apr 6 00:00:26 openvpn[9177]: Validating certificate key usage
Apr 6 00:00:26 openvpn[9177]: ++ Certificate has key usage 00a0, expects 00a0
Apr 6 00:00:26 openvpn[9177]: VERIFY KU OK
Apr 6 00:00:26 openvpn[9177]: Validating certificate extended key usage
Apr 6 00:00:26 openvpn[9177]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Apr 6 00:00:26 openvpn[9177]: VERIFY EKU OK
Apr 6 00:00:26 openvpn[9177]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
Apr 6 00:00:26 openvpn[9177]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 6 00:00:26 openvpn[9177]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 6 00:00:26 openvpn[9177]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 6 00:00:26 openvpn[9177]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 6 00:00:26 openvpn[9177]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 6 00:00:26 openvpn[9177]: [Private Internet Access] Peer Connection Initiated with [AF_INET]104.207.136.67:1194
Apr 6 00:00:28 openvpn[9177]: SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Apr 6 00:00:28 openvpn[9177]: AUTH: Received control message: AUTH_FAILED
Apr 6 00:00:28 openvpn[9177]: TCP/UDP: Closing socket
Apr 6 00:00:28 openvpn[9177]: SIGTERM[soft,auth-failure] received, process exiting | -
AUTH: Received control message: AUTH_FAILEDYou have the wrong set of login credentials / certificates.
Has it expired since you last used it?Steve
-
Which is strange because other than the password it hasn't changed. I'll try and fix that and update you.
-
AUTH: Received control message: AUTH_FAILEDYou have the wrong set of login credentials / certificates.
Has it expired since you last used it?Steve
Nope I just checked the username and password and no go. The /etc/openvpn-password.txt is correct and I've even reset the password with no change in result.
Here's some screens of my OpenVPN Client screen
-
AUTH: Received control message: AUTH_FAILED
Not sure what is ambiguous about that log.
Also, why are people insistent on using auth-user-pass files when 2.2 added the authentication fields in the GUI?
-
Not ambiguous at all. I'm just not well versed but I'm learning. Reason why I used what I did is because I followed the guide. I'd happily follow another updated guide!
-
I just don't get it. The log clearly says auth failed, yet you insist your credentials are correct.
-
I just don't get it. The log clearly says auth failed, yet you insist your credentials are correct.
No idea what's going on. The Same user name and password works in the PIA app.
-
Sure you don't have any extra characters in that file?
Do this:
Delete the following line from the Advanced settings: auth-user-pass /etc/openvpn-userpass.txt;
Enter your PIA username and password in the client config under User Authentication Settings
-
Solved!
I worked with PIA's tech support and they issued me a new username and password which seemed to do the trick. Not too sure what went wrong but it's working now. Thank you everyone for the help!! -
I would still eliminate the (now) unnecessary admin overhead and config complexity of the credential text file.
-
I will do that as soon as I figure out how. I'm guessing that I can't delete anything from the /etc/ folder via the gui?
-
Use the same method you used to create the file.
Deleting the file is not as important as removing it from the gui config for the client as I described above. Deleting the file will occur naturally next time you reinstall or something.
Or, after the new config is confirmed working, use Diagnostics > Command Prompt and run rm /etc/openvpn-userpass.txt
-
Thanks I will try that.
And thank you for all your help. It's greatly appreciated.
