Messages

Hi _ralf_,

Can't you remove the password with openssl before adding it to OPNsense?
I guess something like this should do the trick:

Code Select Expand

openssl rsa -in privateKey.pem -out newPrivateKey.pem


Hi Ad,

wow - I must admit that I did not think of that!

Just removed the Passphrase - worked 1a! Now, I can connect...

Thanks a lot!

Cheers,
_ralf_

Hi,

thanks for the reply! However, it sems I did not ask correctly :(

There is a "foreign" OpenVPN-Server, not operated by me, that I'd like to connect to from my OpnSense-System. From that "foreign" OpenVPN-Servers-Operator I got a Client-Certificate that's Key-Protected.

So, I created a Client in VPN/OpenVPN/Clients. However, I didn't find a way to configure the Passphrase for the Cert. Now, upn starting the VPN Client I get

openvpn[36396]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

in the Log.

On my Desktop-System I'd put that passphrase into a file and use the --askpass Command Line Option to OpenVPN. However, in OpnSense I did not find any option that would resemble that "askpass".

Is there a way to configure that in OpnSense?

MTIA, cheers,
_ralf_

Hi,

I"d like my OpnSense to connect to a Server with a Passphrase-protected Key.

Is there a way to specify that Passphrase (to be passed to OpenVPN with the --askpass-Option)?
I didn"t find a way to specify, using OPNsense 16.1.13-i386.

Would be cool if there was a way.

Cheers,
_ralf_