OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: mircsicz on May 17, 2016, 06:04:50 pm

Title: Can't connect to VPN
Post by: mircsicz on May 17, 2016, 06:04:50 pm
I've manually converted my pfSense 2.3 Setup on a Version 2 APU to OPNsense. Everything works as expected except the OpenVPN Tunnel's...

I've reimported all the old certificate's but it seem's the CA doesn't recognize the reimported Cert's as member's of itself...



Any hints are welcome
Title: Re: Can't connect to VPN
Post by: chemlud on May 17, 2016, 06:17:12 pm
Hmm, I would generate new certs on the server and distribute them safely to the clients....
Title: Re: Can't connect to VPN
Post by: mircsicz on May 17, 2016, 06:55:46 pm
No chance to go that route, there are client's I can only reach through VPN...
Title: Re: Can't connect to VPN
Post by: franco on May 17, 2016, 08:06:37 pm
Hi there,

If you can provide a server and client cert I will look into it right away. PM or email (franco@project.tdl) for details.

Maybe it's just a fixup of the config that is needed after import, but for the sake of UX, the import should be fixed if possible.


Cheers,
Franco
Title: Re: Can't connect to VPN
Post by: mircsicz on May 18, 2016, 06:27:24 am
Hey Franco,

it seems you got a typo in your mailadress...
Title: Re: Can't connect to VPN
Post by: franco on May 18, 2016, 07:54:46 am
Right, I did not want to explicitly name "opnsense.org" for email crawling reasons, sorry. :)
Title: Re: Can't connect to VPN
Post by: mircsicz on May 18, 2016, 12:26:09 pm
LOL & Arghhh

I've created a new CA and a server & client cert. But even that new CA doesn't recognize the 2 certs I created within the Web GUI! So for me it looks like I hit a bug?!?


Sent with Tapatalk from my iOS Device
Title: Re: Can't connect to VPN
Post by: franco on May 18, 2016, 12:35:13 pm
Can you run me through your steps in order to reproduce? I'm seeing created certs in my local install with OpenVPN so far.
Title: Re: Can't connect to VPN
Post by: mircsicz on May 18, 2016, 06:40:32 pm
hi Franco,

dropped you a mail... Let me know if you still need the cert's.
Title: Re: Can't connect to VPN
Post by: franco on May 18, 2016, 07:34:35 pm
At least the cert count issue is fixed. Thanks for your help so far.
Title: Re: Can't connect to VPN
Post by: mircsicz on May 18, 2016, 08:12:28 pm
Thank you so much franco, that kind of trapped me yesterday... I'll upgrade next week and see how that changes the picture!

I'll report back
Title: Re: Can't connect to VPN
Post by: franco on May 18, 2016, 08:43:01 pm
You can patch your running install, the patch is harmless:

# cd /usr/local/www
# fetch https://raw.githubusercontent.com/opnsense/core/7aa0cd11ab/src/www/system_camanager.php


Cheers,
Franco