@grimm-spector Exactly, it will work just fine :)

Yeah not a big issue, when you need to install into something that wants to see a password you can just add it via openssl.. Was just curious - thanks. When your wanting your ios phone to connect to a eap-tls wifi network it wants a password. It will not take blank, and space doesn't work, etc. Not a big deal if doing a handful.

@derelict said in Alerts for Remote VPN Access Use / Attempted Unautorized Use: Graylog is free. Awesome, but pfSense is not a log server. It is a firewall. Thanks for passing this along - Do you use it? I'm wondering what you do (if your use case is similar - Home/Home Office-A few PCs, a couple of "Smart Devices/Media Players/IoT or similar) or are you running a large network. I would absolutely agree that it's not ideal as a log server and wouldn't work for a large setup. @gertjan said in Alerts for Remote VPN Access Use / Attempted Unautorized Use: When I inspected my "pfSense" logs - I'm using a remote (but local) log server, I do see lines like : 06-06-2018 12:00:12 Daemon.Notice 192.168.1.1 Jun 6 12:00:14 openvpn[32669]: 80.12.41.173:55353 [GertjaniPhone] Peer Connection Initiated with [AF_INET]80.12.41.173:55353 when I loggin with a VPN client on my VPN server (== pfSense). Scripting against the log file with tools like fail2ban (or whatever hand written shell script) and you have your notification mail. That's what I had in mind! As @Derelict : I'm not keeping the logs (+100 Kbytes every day) on pfSense. You have a FreeNAS system, so I guess you're close to a good solution. If you have a similar use case to me, what software are you using? This discussion has caused me to consider creating a log server on my FreeNAS. Certainly I have the capacity to do it, just worried the learning curve for these other tools may be too steep given my time constraints. Unless I have hardware issues FreeNAS is always running when the other PCs are running and analysis/monitoring is badly needed. I think for OpenVPN I will stick with a simple script on /var/log/openvpn.log - maybe a bit of python. OpenVPN might be running when FreeNAS is down, so I'd rather have this simple bit of monitoring locally.

*BUMP

@jegr Thank you. I will definitely consider your advice :)

@jimp said in TLS Error: Usually that means that some other client (not OpenVPN) hit the port. It might be a port scan, a monitoring probe, or a client that doesn't have the right TLS key for example. I think you are correct, as I just did a port scan, using one of the online tools, on port 1194 and the error appeared. Seems to confirm your thoughts. Thanks.

I used the VPN > OpenVPN > Wizards to create the entry in the Servers > OpenVPN Servers. I believe it also created the OpenVPN firewall rule. The OpenVPN firewall rule is an action: Pass, protocol: Any, source: Any, destination: Any. I thought maybe Suricata could be blocking the connection. I read a post that stated to use port 443 to bypass Suricata. I changed the OpenVPN Server to port 443 and the WAN firewall rule to action: Pass, protocol: UDP, source: Any, destination: WAN address, destination port range: 443, and I'm intermittently able to connect. I'm also observing when I am able to connect, and then I disconnect, and then try to reconnect, I'm having trouble reconnecting. Is there something else I may be missing by chance? Thank you.

@derelict GDG: problem writing to routing socket maybe here? A stupid question since it worked before without: do i have to bridge lan and "opt1 over opvns1"?

@derelict Yup, this was it. The routing even seems to work with my IPSEC tunnel still in place. If this was mentioned in the book, I must have read right over it!

@boxofrox Ah! <Sound of penny dropping, lightbulb turning on, forehead slap> Thank you, I forgot about the “certificate granting” part of a CA. What do you call it when you’re too young for a “senior moment” and too old for a rookie mistake? ;-) Salaam, kudos, thanks!

Hi. For Firewall rules: https://www.youtube.com/watch?v=UZR2LNBtzrw https://www.youtube.com/watch?v=OfZPOO2nu5g For OpenVPN, these tutorials are nice. https://www.youtube.com/watch?v=xiy52Hn5bTc