casoft
June 26, 2018, 6:19pm
1
Hi, today arrival to me the new MT300N-V2
In try configure my VPN (Is a Pfsense with OpenVPN) but dont work.
In download the 3 files from PFSense (the .ovpn, .key and .p12), and upload, but have the next problem in the log say:
Exiting due to fatal error OpenVPN 2.4.3 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Error opening file pfSense-udp-1194-ibague.p12 Exiting due to fatal error
If im download this file in my Windows or Mac clients, work perfect, but in my MT300 dont work,
any suggestions?
Pda: Im try with the firmware 2.27 and with the 2.26
In this two the same problem
Thanks for your help.
Sinserely,
casoft
June 26, 2018, 7:14pm
2
Problem solved, thanks to other post.
The problem is solved edit the .ovpn file and add the route /etc/openvpn/ in the pkcs12 line
for example:
pkcs12 /etc/openvpn/mykey.p12
Im think this is a bug in the firmware, becouse by default all clients download the route without this path.
How is possible report this to the developers?
Thanks!
Johnex
June 26, 2018, 8:06pm
3
1 Like
Johnex
June 26, 2018, 8:38pm
4
Just to add, the best way is to actually embed the certificate and key into the ovpn file. You can convert your p12 like so:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
or if you need to enter a password too:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin ‘pass:P@s5w0rD’
Then you paste the contents of the cert and key like so into the ovpn file:
<ca>
-----BEGIN CERTIFICATE-----
***Paste CA Cert Text Here***
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***Paste Your Cert Text Here***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
***Paste Your Cert Private Key Here***
-----END PRIVATE KEY-----
</key>
You can see my full opvn file here:
My config is like this:
client
dev tun
proto tcp-client
remote DYNDNS_ADDRESS 443
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass /etc/openvpn/auth/2018893555.txt
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
Y9u88kYQUdPyNimnkMBO92nMtqZNAI58WFlQ2QBtblc4a3aaRVh9cQPrdnyHcbtJ
wg9w2nSc8t3FfRcwtXGtR699WMt3WH4ZmtKROhUdOtyCGokIMBMihjJOnSvSTWaF
sepkZbufWBxSAuqLtbK7hp5rGK1PnvUyJ3oVEUbBlHRyjitdKm9uybiqGGQryDx7
AIVpvrWFPYRTW9682V…
alzhao
June 30, 2018, 6:51pm
5
should be a problem.
Just want to clarify, the firmware didn’t check pkcs12 tags, right?
Then another file link should be added. @kyson-lok
As far as I am concerned that PKCS12 is one key file containing the private and public key of the client and the CA certificate, so it doesn’t need specify ca and cert and key file on ovpn file. I think pkcs12 can merge to ovpn file.
Yes is the file, Pfsense download the keys is separate files this
File.ovpn
File.p12
file.key
For this is need put the path to this file, other configurations save in the .ovpn file this keys
Using the PEM format when exporting from PfSense you can just do like i wrote before, you paste in the key, cert, ca into the openvpn ovpn file.
That is also what @kyson-lok is recommended that you do @casoft