Re: [pfSense Support] openvpn TLS

Mon, 19 Apr 2010 05:20:23 -0700 

you will have to add the side identication integer to the string of the
tls-auth directive.

for the server sided configuration use ..

        "tls-auth /var/etc/openvpn_server0.tls 0"
                                               ^

and for the client ..

        "tls-auth /var/etc/openvpn_server0.tls 1"
                                               ^

hope this helps .. for more information have an eye on the openvpn
configuration howto :-)

http://openvpn.net/index.php/open-source/documentation/howto.html#security

Nick Upson wrote:
> right, I took a working openvpn tunnel, added "tls-auth
> /var/etc/openvpn_server0.tls" to the server (pfsense) and enabled
> tls-auth in the client. then made the client reconnect, the file is
> the same one copied to both machines. I just get
> 
> "TLS error: TLS key negociation failed to occur within 60 seconds"
> 
> On 17 April 2010 19:27, [email protected] <[email protected]> wrote:
>> Nick,
>>
>> can you please give some feedback?
>>
>> jan
>>
>> [email protected] wrote:
>>> Hi Nick,
>>>
>>> Nick Upson wrote:
>>>> thanks, I now get
>>>>
>>>> openvpn[24699]: Options error: Unrecognized option or missing
>>>> parameter(s) in /var/etc/openvpn_server0.conf:22: tls_auth (2.0.6)
>>>> when trying to start the server, the key was generated on our
>>>> certificates machine if that makes any difference
>>> you have a typo in your syntax just try it with "tls-auth" instead of
>>> "tls_auth" :-)
>>>
>>> kind regards
>>> Jan
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>> Commercial support available - https://portal.pfsense.org
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> Commercial support available - https://portal.pfsense.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Commercial support available - https://portal.pfsense.org

Reply via email to