Pfsense OpenVPN and MT300N-V2 (SOLVED)

casoft · June 26, 2018, 6:19pm

Hi, today arrival to me the new MT300N-V2

In try configure my VPN (Is a Pfsense with OpenVPN) but dont work.

In download the 3 files from PFSense (the .ovpn, .key and .p12), and upload, but have the next problem in the log say:

Exiting due to fatal error OpenVPN 2.4.3 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Error opening file pfSense-udp-1194-ibague.p12 Exiting due to fatal error

If im download this file in my Windows or Mac clients, work perfect, but in my MT300 dont work,
any suggestions?

Pda: Im try with the firmware 2.27 and with the 2.26
In this two the same problem

Thanks for your help.

Sinserely,

casoft · June 26, 2018, 7:14pm

Problem solved, thanks to other post.

The problem is solved edit the .ovpn file and add the route /etc/openvpn/ in the pkcs12 line

for example:
pkcs12 /etc/openvpn/mykey.p12

Im think this is a bug in the firmware, becouse by default all clients download the route without this path.
How is possible report this to the developers?

Thanks!

Johnex · June 26, 2018, 8:06pm

@alzhao @kyson-lok Bug Report

Johnex · June 26, 2018, 8:38pm

Just to add, the best way is to actually embed the certificate and key into the ovpn file. You can convert your p12 like so:

openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes

or if you need to enter a password too:

openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin ‘pass:P@s5w0rD’

Then you paste the contents of the cert and key like so into the ovpn file:

<ca>
-----BEGIN CERTIFICATE-----
***Paste CA Cert Text Here***
 
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***Paste Your Cert Text Here***
 
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
***Paste Your Cert Private Key Here***
 
-----END PRIVATE KEY-----
</key>

You can see my full opvn file here:

alzhao · June 30, 2018, 6:51pm

should be a problem.

Just want to clarify, the firmware didn’t check pkcs12 tags, right?

Then another file link should be added. @kyson-lok

kyson-lok · July 1, 2018, 6:16am

As far as I am concerned that PKCS12 is one key file containing the private and public key of the client and the CA certificate, so it doesn’t need specify ca and cert and key file on ovpn file. I think pkcs12 can merge to ovpn file.

casoft · July 1, 2018, 6:15pm

Yes is the file, Pfsense download the keys is separate files this
File.ovpn
File.p12
file.key

For this is need put the path to this file, other configurations save in the .ovpn file this keys

Johnex · July 2, 2018, 8:04am

Using the PEM format when exporting from PfSense you can just do like i wrote before, you paste in the key, cert, ca into the openvpn ovpn file.

That is also what @kyson-lok is recommended that you do @casoft