Import Config into pfSense

Scripts to manage certificates or generate config files
Post Reply
hkgnyc
OpenVpn Newbie
Posts: 1
Joined: Sun Jun 11, 2017 8:07 am

Import Config into pfSense

Post by hkgnyc » Sun Jun 11, 2017 8:17 am

I have a OpenVPN config file that's different from the ones that I have used previously (see below). I'm trying to set this up as a OpenVPN client in pfSense but can't get it to work. I've added the <ca> and Static Key to form the CA Cert. I've added the <cert> and <key> parts to form the client certificate in pfSense. I have set the correct server host IP and server port for UDP in the OpenVPN client settings and pasted the Static Key for TLS authentication. I have set encryption to None and SHA256 for now for testing.

I have tested this VPN connection using the Windows OpenVPN client and it works, but I can't figure it out for pfSense. Any advice would be appreciated! Is there anything I need to do for the RSA signature part and " key-direction 1"?

# Automatically generated OpenVPN client config file
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=firstname.lastname
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=firstname.lastname@x.x.x.x
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=x.x.x.x:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 443 tcp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
remote x.x.x.x 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>
-----BEGIN CERTIFICATE-----XXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----XXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>

key-direction 1

<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## XXXXXXXXXXXXXXXXX
## -----END RSA SIGNATURE-----## -----BEGIN CERTIFICATE-----
## XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
## -----END CERTIFICATE-----

TiTex
OpenVPN Expert
Posts: 245
Joined: Tue Apr 12, 2011 6:22 am

Re: Import Config into pfSense

Post by TiTex » Sun Jun 11, 2017 9:42 am

you should ask this question on their (pfSense) support emails or boards , just because it's related doesn't mean it's an openvpn issue

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3348
Joined: Fri Jun 03, 2016 1:17 pm

Re: Import Config into pfSense

Post by TinCanTech » Sun Jun 11, 2017 10:53 am

hkgnyc wrote:# Automatically generated OpenVPN client config file
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=firstname.lastname
Looks like wrong Board & wrong Forum ..

Post Reply