Can't connect to VPN

[mircsicz]

I've manually converted my pfSense 2.3 Setup on a Version 2 APU to OPNsense. Everything works as expected except the OpenVPN Tunnel's...

I've reimported all the old certificate's but it seem's the CA doesn't recognize the reimported Cert's as member's of itself...



Any hints are welcome

[chemlud]

Hmm, I would generate new certs on the server and distribute them safely to the clients....

[mircsicz]

No chance to go that route, there are client's I can only reach through VPN...

[franco]

Hi there,

If you can provide a server and client cert I will look into it right away. PM or email (franco@project.tdl) for details.

Maybe it's just a fixup of the config that is needed after import, but for the sake of UX, the import should be fixed if possible.


Cheers,
Franco

[mircsicz]

Hey Franco,

it seems you got a typo in your mailadress...

[franco]

Right, I did not want to explicitly name "opnsense.org" for email crawling reasons, sorry.

[mircsicz]

LOL & Arghhh

I've created a new CA and a server & client cert. But even that new CA doesn't recognize the 2 certs I created within the Web GUI! So for me it looks like I hit a bug?!?


Sent with Tapatalk from my iOS Device

[franco]

Can you run me through your steps in order to reproduce? I'm seeing created certs in my local install with OpenVPN so far.

[mircsicz]

hi Franco,

dropped you a mail... Let me know if you still need the cert's.

[franco]

At least the cert count issue is fixed. Thanks for your help so far.

[mircsicz]

Thank you so much franco, that kind of trapped me yesterday... I'll upgrade next week and see how that changes the picture!

I'll report back

[franco]

You can patch your running install, the patch is harmless:

# cd /usr/local/www
# fetch https://raw.githubusercontent.com/opnsense/core/7aa0cd11ab/src/www/system_camanager.php


Cheers,
Franco