No server certificate verification method on pfSense client
Posted: Tue Apr 25, 2023 11:30 pm
I know the error message above includes a link. I've looked at it and it seems like I'm having a problem with my CA or a certificate not being used properly. I've gone over it and I can't find what I'm doing wrong to not establish the credentials properly on pfSense. I can connect with two mobile clients using the OpenVPN app. Whenever I try to connect to my OpenVPN server (on a VPS, on the internet, not on my LAN), I get:
More in depth, I'm assuming that what pfSense is trying to connect to the server, that the restart pauses I see in the log are after each failure to connect. Going from one of those events to the next, here's the log on pfSense:
Here's what I'm getting on the OpenVPN server (and the time may not be synced, but both logs have the same sequence on each one over and over):
While I think I have everything set up properly in pfSense for the CA, my client cert and key, and the TLS authentication (Which is the same TLS key info as on my server), it's just not connecting. I've read over the information in the link provided, but it doesn't really give me much I can do on pfSense to make it work. pfSense doesn't seem to have issues with the CA cert, the client cert, the client key (which is unencrypted, since pfSense does not handle encrypted keys), and the TLS authorization. The TLS authorization key is the same as what's on the server. (My understanding is that I use the same TLS authorization data on the client and server and that's what I did on the mobile devices that are able to connect to the server.)
What can I look at or examine to troubleshoot this issue?
Code: Select all
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scriptsCode: Select all
Apr 25 19:18:00 openvpn 40160 Restart pause, 160 second(s)
Apr 25 19:20:40 openvpn 40160 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 25 19:20:40 openvpn 40160 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 25 19:20:40 openvpn 40160 TCP/UDP: Preserving recently used remote address: [AF_INET]104.192.5.150:1194
Apr 25 19:20:40 openvpn 40160 Socket Buffers: R=[42080->42080] S=[57344->57344]
Apr 25 19:20:40 openvpn 40160 UDPv4 link local (bound): [AF_INET]192.168.1.48:0
Apr 25 19:20:40 openvpn 40160 UDPv4 link remote: [AF_INET]104.192.5.150:1194
Apr 25 19:21:41 openvpn 40160 [UNDEF] Inactivity timeout (--ping-restart), restarting
Apr 25 19:21:41 openvpn 40160 SIGUSR1[soft,ping-restart] received, process restarting
Apr 25 19:21:41 openvpn 40160 Restart pause, 300 second(s)Code: Select all
2023-04-25 19:23:32 us=236942 event_wait returned 0
2023-04-25 19:23:32 us=237048 I/O WAIT status=0x0020
2023-04-25 19:23:32 us=237065 MULTI: REAP range 80 -> 96
2023-04-25 19:23:32 us=237126 SCHEDULE: schedule_find_least NULL
2023-04-25 19:23:32 us=237144 PO_CTL rwflags=0x0001 ev=6 arg=0x55afd7df11f0
2023-04-25 19:23:32 us=237153 PO_CTL rwflags=0x0001 ev=5 arg=0x55afd7df1068
2023-04-25 19:23:32 us=237164 I/O WAIT TR|Tw|SR|Sw [10/0]What can I look at or examine to troubleshoot this issue?