Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    288

    Default OpenVPN setup issues...connection issues.

    Used OpenVPN for years on earlier versions of UT but since it's been a few years I'm sure much has been upgraded to make it more secure.

    I've configured the UT, downloaded the Win EXE, gone through the setup and confirmed the security cert are in the folder as mentioned by the Install-Win32 file.

    Not getting the client to connect. Maybe you guys can tell me what I don't know and am not doing from the attached screenshot of the log window.

    Screenshot

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    It seems to me the machine you're testing with, had OpenVPN on it before. Uninstalling the old version will not clear the old OpenVPN directory in program files, this leaves behind the OLD VPN configuration files. So when you install the new one, you've got two sets of certificates, and old set that no longer works and a new set.

    The errors in your client indicate an authentication failure. So I suggest you remove OpenVPN from the client, delete the OpenVPN folder in program files, install the new client and try again.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    288

    Default

    Thanks. It's a clean install of a new Win7 system.

    I have not user/pass set in the system so not sure if that's part of the issue.

    Also, does the FW require a working SSL certificate for the VPN to work? I've never had one in all these years and not sure if the older version didn't require but now does. Trying to make heads & tails of that log and what those login errors are speaking too.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    What the actual...

    Ok, Windows 7... throw that away... NOW. Clean install? Did you spend the two to three DAYS it takes to patch it? Because if it's not FULLY patched, OpenVPN won't work, the SSL libraries are busted.

    Meanwhile, Windows 7 is dead in January, go here:https://www.microsoft.com/en-us/soft...load/windows10

    Make a Windows 10 install USB key, pave that system and install Windows 10, and when it asks for a key feed it the key you used on Windows 7, yes it will still work. Try again with an OS that actually works...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    288

    Default

    Yes, I've also tested on a clean Windows 10 so your digression is moot.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,767

    Default

    And I'm supposed to know that how?

    Anyway, it doesn't matter. Obviously you've got something else going on. And the only further suggestion I have is to remove the OpenVPN module, reinstall it, and start from scratch. The errors you see are different if the client just isn't connecting. What you're seeing here are flat authentication errors. That obviously shouldn't be happening, OpenVPN on Untangle generally just works in this regard.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,175

    Default

    Quote Originally Posted by carboncow View Post
    Not getting the client to connect. Maybe you guys can tell me what I don't know and am not doing from the attached screenshot of the log window.
    By the screen capture, the certificate is not being accepted.

    Check if the CN in the server certificate matches the hostname.

    /admin/index.do#config/administration/certificates -> Server certificate CN name matches /admin/index.do#config/network/hostname
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    288

    Default

    Quote Originally Posted by jcoffin View Post
    By the screen capture, the certificate is not being accepted.

    Check if the CN in the server certificate matches the hostname.

    /admin/index.do#config/administration/certificates -> Server certificate CN name matches /admin/index.do#config/network/hostname
    Thanks Guys...that makes sense. I now see by looking at the Certificates tab two things...

    1. My store bought certificate expired back in 2016 by choice since I really didn't need one for me to simply admin the machine.
    2. Our IP address changed last year (moved from cable to fiber) and posibly the self signed and the expired store bought are referencing the old IP.

    But my issue is...how do I remove those certificates and get another self signed one in there?

    When I try to remove the expired store bought one is says "This the default system certificate and cannot be removed" and the self signed is greyed out. Suggestions?

    You can obviously tell I'm not much a Cert expert!

    Screenshot below...

    https://www.dropbox.com/s/4vgqi648ct...9-21.jpeg?dl=0

  9. #9
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    288

    Default

    Ok, I believe I created the self signed again then noted using the view icon that it's still referencing our old IP, see screenshot.

    screenshot: https://www.dropbox.com/s/a17nnqn09i...6-05.jpeg?dl=0

    I'm not sure where I have this IP in the admin because under Config >> Interfaces >> External >> IPv4 Config I have the correct (new) IP address.

    Where else can the self sign be pulling this data from?
    And how do I get rid of the expired store bought!

    One or both are most likely created the OpenVPN anger issues, no?

  10. #10
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,538

    Default

    I think you now want to clean up the store on the win7 box, as well? I am not all that comfortable with certs, either.
    after deleting anything untangle there, re-install the OpenVPN client with a new download, mebbe.
    If you think I got Grumpy

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2