So at the office we use pfSense with the openvpn package and it works perfectly with Win10. On F25 I installed all the requisite packages, copied over the .ovpn, ca.crt and .key files from my Windows partition and it will successfully import, however any variation of trying to connect either times out (unable to verify cert) or fails immediately with Options error: If you use one of --cert or --key, you must use them both.
Here is my sanitized .ovpn:
Code: Select all
dev tun
persist-tun
persist-key
cipher BF-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote xx.xxx.xx.xx 34447 udp
lport 0
auth-user-pass
ca xxxx-fw-1-udp-34447-ca.crt
tls-auth xxxx-fw-1-udp-34447-tls.key 1
ns-cert-type server
comp-lzo adaptive
Code: Select all
Fri Feb 17 23:03:11 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Fri Feb 17 23:03:26 2017 Control Channel Authentication: using 'xxxx-fw-1-udp-34447-tls.key' as a OpenVPN static key file
Fri Feb 17 23:03:26 2017 UDPv4 link local (bound): [undef]
Fri Feb 17 23:03:26 2017 UDPv4 link remote: [AF_INET]xx.xxx.xx.xx:34447
Fri Feb 17 23:03:26 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 17 23:03:27 2017 [gntc-vpn-1] Peer Connection Initiated with [AF_INET]xx.xxx.xx.xx:34447
Fri Feb 17 23:03:30 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 17 23:03:30 2017 open_tun, tt->ipv6=0
Fri Feb 17 23:03:30 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B32350DA-B218-4BEA-B22B-B287997E2E36}.tap
Fri Feb 17 23:03:30 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.40.0/10.0.40.2/255.255.255.0 [SUCCEEDED]
Im thinking that there's some difference in how the .ovpn should be versus Windows.. but thats based on nothing but a gut hunch.