pfSense / Multiple OpenVPN Clients

Hi there. I have set up PIA via OpenVPN in pfSense. I don’t really need PIA, but I’m doing it as a test on a system to see how well OpenVPN works, how it would work with multiple clients, how the Firewall rules would work, etc…

I am having an issue where, once more than one OpenVPN connections have been created, additional ones will not start (or at least pfSense things their daemons are not running…not sure if they actually are or are not).

Please see this image, and note, when I try to start each one, I get the same message…

And the log excerpt is as follows:

|Jan 14 11:17:31 |openvpn |46019 |WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible|
|Jan 14 11:17:31 |openvpn |46019 |OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020|
|Jan 14 11:17:31 |openvpn |46019 |library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10|
|Jan 14 11:17:31 |openvpn |46019 |neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.|
|Jan 14 11:17:31 |openvpn |46019 |Exiting due to fatal error |

Has anyone else experienced this?

Thank you,

I’m running multiple VPN clients at the same time, so it does work.

I suspect you have set up something in the VPN clients identically when they should be unique.

You’d need to go back and check your setup side-by-side.

@neogrid thanks for the tip, I will check this. It’s worth mentioning, if I disable Atlanta and enable Chicago, Chicago still does not start.

Also, maybe worth mentioning…maybe not. pfSense is running virtualized inside of XCP-ng. Other than known limitations, no other issues though.

FYI, I found this issue with this. Upon startup, pfsense says:

“Syncing OpenVPN settings” and asks for “auth password”

Entering the root password at that prompt fixed this.

And I revise my findings. It was, as @neogrid originally said, something was identical in multiple clients.

Most of these VPN providers allow say 5 multiple connections at any one given time. In most cases you can only use one at a time. To get your moneys worth, you can put multiple vpn servers in a gateway group, that way you can “tune” it so that your connection uses the fastest server and if one goes offline then it will failover to the next available server. I’ve set mine up in this way, can’t tell if it makes a difference or not but seems to be working.