On 18.02.2017 16:37, InvalidPath wrote:
[...]
> Which is even more confusing because this config file works perfectly with
> the Windows OpenVPN client. So there must be some difference in how the
> clients use this file because teh certificate is valid. I did goto the
> link in this error log and it's really not much help since the server
> certificate and actually the entire config was generated from pfSense.
>
OpenVPN draft setup: pfSense and Fedora
Tested with:
= Server:
pfSense-kernel-pfSense-2.3.2
openvpn-2.3.11
openvpn-client-export-2.4
pfSense-pkg-openvpn-client-export-1.4.1
= Client:
kernel-4.9.10-1002.fc24.x86_64
openvpn-2.3.14-1.fc24.x86_64
NetworkManager-1.7.1-0.5.20170218git5ae3db7.fc24.x86_64
NetworkManager-openvpn-1.2.8-2.fc24.x86_64
NetworkManager-openvpn-gnome-1.2.8-2.fc24.x86_64
nm-connection-editor-1.4.5-0.5.20170217git854c4eb.fc24.x86_64
network-manager-applet-1.4.5-0.5.20170217git854c4eb.fc24.x86_64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
= Server
OpenVPN / Client Export Utility
Inline Configurations: Others
- Exported to:
pfSense-udp-1194-test-config.ovpn:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote <SERVER> 1194 udp
verify-x509-name "Server Certificate" name
auth-user-pass
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
</key>
https://<SERVER>/status_logs.php?logfile=openvpn
"openvpn user 'test' authenticated"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Imported to:
= Client
/etc/NetworkManager/system-connections/pfSense-udp-1194-test-config:
[connection]
id=pfSense-udp-1194-test-config
uuid=<UUID>
type=vpn
autoconnect=false
permissions=
[vpn]
auth=SHA1
ca=<$HOME>/.cert/nm-openvpn/pfSense-udp-1194-test-config-ca.pem
cert=<$HOME>/.cert/nm-openvpn/pfSense-udp-1194-test-config-cert.pem
cert-pass-flags=4
cipher=AES-256-CBC
connection-type=password-tls
dev=tun
dev-type=tun
key=<$HOME>/.cert/nm-openvpn/pfSense-udp-1194-test-config-key.pem
ns-cert-type=server
password-flags=0
remote=<SERVER>:1194:udp
username=test
verify-x509-name=name:Server Certificate
service-type=org.freedesktop.NetworkManager.openvpn
[vpn-secrets]
password=<PASSWD>
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=ignore
~~
Network Connections / VPN - Edit
Export VPN connection...
- Exported to:
pfSense-udp-1194-test-config (openvpn).conf:
remote '<SERVER>' 1194 udp
ca '<$HOME>/.cert/nm-openvpn/pfSense-udp-1194-test-config-ca.pem'
cert '<$HOME>/.cert/nm-openvpn/pfSense-udp-1194-test-config-cert.pem'
key '<$HOME>/.cert/nm-openvpn/pfSense-udp-1194-test-config-key.pem'
auth-user-pass
cipher AES-256-CBC
dev tun
dev-type tun
proto udp
ns-cert-type server
verify-x509-name 'Server Certificate' name
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nm-openvpn
group nm-openvpn
~~
journalctl NetworkManager:
"device (tun0): Activation: successful, device activated."
Ref.
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server
p.s.
For proper diagnosis, access to the logs on the server and the client are essential.
This is never superfluous to repeat.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
