Sonic.net

I had set up a pfSense firewall so that I connect via the production OpenVPN server with a fail-over to the beta OpenVPN server. It was working OK for a while.

However, I recently checked and noted that the beta server was not connected. It did not affect my internet access as the production server was handling all traffic. But I cannot reconnect to the beta server. I have tried disabling and re-enabling the interface. I have rebooted the pfSense box. Nothing works.

I turned off logging for the production server, cleared the log and reconnected to the beta server (verbosity = 4). I don't see any recognizable errors in the log entries. That is, unless the message "Server poll timeout, restarting" is an error message.

Does anyone have any ideas as to what my issue may be.

See my post here: viewtopic.php?t=17867

Based upon your comment, am I to understand that even with the new key, my VPN Beta won't connect due to CA issues?

joss wrote: Based upon your comment, am I to understand that even with the new key, my VPN Beta won't connect due to CA issues?

When you downloaded your new profile for the beta server did you first deselect tls-crypt-v2? If not then that’s an issue since pfSense doesn’t support tls-crypt-v2 yet. If you did then chances are the CA path is incorrect after importing the new beta server CA and cert into pfSense.

Basically you can run one vpn client or the other under pfSense whereas now running both creates a conflict due to both CA’s using the same CN. I had it working for years as a failover but it broke after importing the new beta server profile and I haven’t had much luck (or time) in finding a workaround. If you find one please feel free to share