Hi, today arrival to me the new MT300N-V2
In try configure my VPN (Is a Pfsense with OpenVPN) but dont work.
In download the 3 files from PFSense (the .ovpn, .key and .p12), and upload, but have the next problem in the log say:
Exiting due to fatal error OpenVPN 2.4.3 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Error opening file pfSense-udp-1194-ibague.p12 Exiting due to fatal error
If im download this file in my Windows or Mac clients, work perfect, but in my MT300 dont work,
Pda: Im try with the firmware 2.27 and with the 2.26
In this two the same problem
Thanks for your help.
Problem solved, thanks to other post.
The problem is solved edit the .ovpn file and add the route /etc/openvpn/ in the pkcs12 line
Im think this is a bug in the firmware, becouse by default all clients download the route without this path.
How is possible report this to the developers?
Just to add, the best way is to actually embed the certificate and key into the ovpn file. You can convert your p12 like so:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
or if you need to enter a password too:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin ‘pass:P@s5w0rD’
Then you paste the contents of the cert and key like so into the ovpn file:
***Paste CA Cert Text Here***
***Paste Your Cert Text Here***
-----BEGIN PRIVATE KEY-----
***Paste Your Cert Private Key Here***
-----END PRIVATE KEY-----
You can see my full opvn file here:
My config is like this:
remote DYNDNS_ADDRESS 443
keepalive 15 60
should be a problem.
Just want to clarify, the firmware didn’t check pkcs12 tags, right?
Then another file link should be added.
As far as I am concerned that PKCS12 is one key file containing the private and public key of the client and the CA certificate, so it doesn’t need specify ca and cert and key file on ovpn file. I think pkcs12 can merge to ovpn file.
Yes is the file, Pfsense download the keys is separate files this
For this is need put the path to this file, other configurations save in the .ovpn file this keys
Using the PEM format when exporting from PfSense you can just do like i wrote before, you paste in the key, cert, ca into the openvpn ovpn file.
That is also what
@kyson-lok is recommended that you do @casoft