OpenVPN

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

J

Why no RFC 1918 or Bogon filtering on OpenVPN client interface?

Watching Ignoring Scheduled Pinned Locked Moved
13

0 Votes

13 Posts

4k Views

J

no your openvpn being udp is just the tunnel, what your seeing is blocks inside the tunnel.
S

Question!?! How to garant access to mobile client

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

695 Views

S

Hi Jimp, I very appreciate your perfect answer, i followed your tipps and now everything is working like a charm, this make my life a lot easyer ;) Best REgards Marco
M

Avahi and iOS

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

2k Views

W

Usually just a setting in openvpn's server config. I stopped using it for another reason (reload then it wouldn't work again lol).
M

OpenVPN can't communicate with IPsec tunnel

Watching Ignoring Scheduled Pinned Locked Moved
8

0 Votes

8 Posts

1k Views

M

Dear sir can you explain how did you do it ? please many thanks
K

Trying to create OpenVPN user certs manually

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

1k Views

K

Ok, this: if ( ! openssl_pkcs12_export_to_file( $req_cert, "user.p12", $req_key, "" ) ) is the problem. The .p12 produced only contains the user cert - I need to add the CA cert as well. However, it doesn't look like there's a php openssl_ function to do this - which is probably why the openVPN Client Export Plugin uses: exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}");
S

"Best practise" for road warriors with individual firewall rules

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

2k Views

J

Yeah how else would you skin that cat? ;) If you want user X to be allowed access to device at 1.2.3.4, then yeah you need to make sure user X always has IP address 2.3.4.5 so you can allow that via firewall rule.. User Y that gets something other than 2.3.4.5 would not have access.. If you have groups of users that all need same access you could just create different vpn connections so that users A,B and C would always get ips in network 1.2.3.0/24 and you could then create the firewall rules on that network vs specific IP and if you have other group of users that need different access then AB and C then they could be on entwork 1.2.4/24 etc..
M

No traffic through OpenVPN tunnel

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

4k Views

M

Some more logging from the OpenVPN server. At the moment I unassinged the OpenVPN interface. It wasn't clear to me if I should or should not assign the interface and configure the IP. It seems to work (or not work) either way. Aug 9 15:51:53 openvpn 99469 92.69.213.93:62051 TLS: Initial packet from [AF_INET]92.69.213.93:62051, sid=9157e45b 82f155c1 Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 VERIFY SCRIPT OK: depth=1, certdata Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 VERIFY OK: depth=1, C=NL, certdata Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 VERIFY SCRIPT OK: depth=0, certdata Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 VERIFY OK: depth=0, certdata Aug 9 15:51:54 openvpn user 'ME' authenticated Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 TLS: Username/Password authentication succeeded for username 'ME' [CN SET] Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Aug 9 15:51:54 openvpn 99469 92.69.213.93:62051 [mark] Peer Connection Initiated with [AF_INET]92.69.213.93:62051 Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 MULTI_sva: pool returned IPv4=10.15.10.2, IPv6=(Not enabled) Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_c22c667e5f903932f615859110b7c08c.tmp Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 MULTI: Learn: 10.15.10.2 -> ME/92.69.213.93:62051 Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 MULTI: primary virtual IP for ME/92.69.213.93:62051: 10.15.10.2 Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 PUSH: Received control message: 'PUSH_REQUEST' Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 send_push_reply(): safe_cap=940 Aug 9 15:51:54 openvpn 99469 mark/92.69.213.93:62051 SENT CONTROL [mark]: 'PUSH_REPLY,route 172.10.15.0 255.255.255.0,route 192.168.20.0 255.255.255.0,route 192.168.150.0 255.255.255.0,dhcp-option DOMAIN argus.local,dhcp-option DNS 192.168.20.13,dhcp-option DNS 192.168.20.15,register-dns,dhcp-option NTP 192.168.20.13,redirect-gateway def1,route-gateway 10.15.10.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.15.10.2 255.255.255.0' (status=1) Aug 9 15:52:04 openvpn 99469 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock Aug 9 15:52:04 openvpn 99469 MANAGEMENT: CMD 'status 2' Aug 9 15:52:04 openvpn 99469 MANAGEMENT: CMD 'quit' Aug 9 15:52:04 openvpn 99469 MANAGEMENT: Client disconnected Hope the log clears up anything. I don't have a clue what I'm missing.
T

How to know openvpn user logout

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

2k Views

P

You could add explicit-exit-notify 2 to your client(s) config. Then you will see in the server log SIGTERM[soft,remote-exit] received, client-instance exiting
J

Client export with multiple OpenVPN servers (one pfsense box)

Watching Ignoring Scheduled Pinned Locked Moved
6

0 Votes

6 Posts

2k Views

D

How can these settings i.e "Backend for Authentification" and "IPv4 Tunnel Network" have anything to do with exporting user certificates? The export wizard tries to limit exposing users for export that cannot possibly log in. If you had Local database selected in the server, had created the user certificate, but did not create the user in the local database, then that user would not be able to log in so the user is not exposed for export. When you select the external authentication method then all it will check for is the presence of a certificate issued by the Peer Certificate Authority.
B

Setting up OpenVPN with LDAP

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

3k Views

No one has replied
D

How to share OpenVPN conenction to my LAN?

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

719 Views

D

More information is needed to help you. What is the server? What is the client? What are the Local and Remote networks on each end? Where are you pinging from? Where are you pinging to? You generally have to specify a specific source IP address (Like the interface address of a network specified as a Local network in the OpenVPN configuration) to ping across an OpenVPN tunnel from the firewall itself so it's pretty unclear what you're actually doing.
N

Openvpn_xorpatch ( openvpn scramble option )

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

3k Views

J

You can't, and you don't want to. Read the last post on that thread. https://forums.openvpn.net/viewtopic.php?f=15&t=12605&sid=c75d657e002504a39d34ae664ddd9ad5&start=60#p49837
M

[SOLVED] Considerations to pfSense OpenVPN Server when behind NAT?

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

4k Views

M

Ok, just to confirm the issue was that the ISP device had a hidden 'advanced' setting which did not forward Internet packets by default, as I thought. Once this was found, and packets forwarded correctly, it worked fine! Thanks for your input!!
A

PfSense can’t authenticate with Windows Radius

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

9k Views

A

I used a NTRadPing and I could see there was something wrong with the user so I went back and I checked if the user was member of the vpn group on DC and it was not i forgot to add the user back in to the group after fiddling around in the DC this guide works https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts
N

Monitor my link VPN

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

1k Views

No one has replied
P

Crypto_alg:SHA not found

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

940 Views

J

That's from the client. The OS or OpenVPN build on that device doesn't support that method of hashing/encryption
J

OEPNVPN stops after the updates

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

1k Views

J

the Pfsense have two WAN, somehow the routing of the openvpn is not on going to the right interface.
P

Pfsense 2.3.2 error on openvpn

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

2k Views

P

I solved my problem i can able to connect from laptop or desktop. Thanks
S

OpenVPN cannot access network on different NIC

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

513 Views

No one has replied
C

[SOLVED] Re: How to block traffic when VPN is down

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

5k Views

C

Thank you for your help, another user just PM'ed me with another method of fixing the issue. The killswitch now works using the link I just posted above and I'm ready to move on in my network issue 'todo' list. Thanks so much for you help. Also I had already deleted the redundant/useless rules. I had just started making any rule on whim to see if I could stumble on the solution.

304 / 494