tls-auth not working with pfSense 2.0
Posted: Sun Oct 30, 2011 8:14 pm
It seems to me that Viscosity (1.3.4/1030) generates OpenVPN configs that are not compatible, at least with pfSense 2.0 when using TLS authentication.
Steps to reproduce:
1. Set your OpenVPN server to use TLS authentication
2. Copy the static key to your client and configure Viscosity to use it
Expected results:
The connection should work
Actual results:
Viscosity/OpenVPN client will never establish a connection. On the server logs I find:
My OpenVPN server version is:
Steps to reproduce:
1. Set your OpenVPN server to use TLS authentication
2. Copy the static key to your client and configure Viscosity to use it
Expected results:
The connection should work
Actual results:
Viscosity/OpenVPN client will never establish a connection. On the server logs I find:
Code: Select all
I checked the OpenVPN howto (http://openvpn.net/index.php/open-sourc ... howto.html) on using this feature and it says one should enable TLS auth support like thus:openvpn[58269]: TLS Error: incoming packet authentication failed from [AF_INET] ip address...
Code: Select all
Looking at the config.conf file that Viscosity generates, the corresponding line reads:tls-auth ta.key 1
Code: Select all
The weird thing is that adding the "1" actually solves the problem for me - the connection can now be established, using TLS authentication. tls-auth ta.key
My OpenVPN server version is:
Code: Select all
OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011