• some HTTPS sites i.e. this forum not available via OpenVPN client

    3
    0 Votes
    3 Posts
    335 Views
    4

    noice

  • [Solved] unable to reach available packages via openvpn

    1
    0 Votes
    1 Posts
    176 Views
    No one has replied
  • Solved-VPN-LDAP-SSL-CA-Verification-Failed-Letsencrypt

    4
    0 Votes
    4 Posts
    632 Views
    E

    Hi,

    I figured it out my mistake and it's fix for good now.
    Thanks for the help.

    Have a nice week-end.

  • Multiple Radius Servers - unable to connect using OpenVPN

    4
    0 Votes
    4 Posts
    822 Views
    S

    Anyone else has an idea?
    I'm out of ideas

  • LAN can reach VPN subnet, but PFSense cannot

    3
    0 Votes
    3 Posts
    434 Views
    M

    If your routing and firewall rules allow it, it should just work. There are several variables to account for though, so we need more details.

    list itemPost your server1.conf and client1.conf.

    What are you allowing thru the tunnel? Post the firewall rules from the OpenVPN tab on both ends.

    Is the remote end using PFsense for DNS or something else? (e.g. AD, Infoblox, etc)

  • OpenVPN auth over Windows Radius issues

    2
    0 Votes
    2 Posts
    333 Views
    V

    We found that trying to use CHAP failed every time without fail. Had to enable PAP to get this working.

  • Issue Connecting pfsense as a client to OpenVPN Access Server

    20
    0 Votes
    20 Posts
    3k Views
    S

    There was a need to add route for specific traffic and change the OpenVPN settings to act as site to site VPN.
    It is now working.

    Thanks for your help @johnpoz @Rico

  • Unable to make a change to an existing (and running) openvpn client setup

    4
    0 Votes
    4 Posts
    561 Views
    DerelictD

    The only thing I can think of is those password fields were somehow populated.

    Try setting the VPN to Peer to Peer (SSL/TLS)

    That should expose the username and password fields.

    Clear them out and set it back to Peer to Peer (Shared Key) and save.

    Might work.

  • Connecting From LAN to VPN Clients

    3
    0 Votes
    3 Posts
    500 Views
    R

    Routing table is empty.
    I’ll try and grab some screenshot.
    Config and firewall is just from the wizard.

  • OpenVPN + Duo - Suspend Issues

    1
    0 Votes
    1 Posts
    417 Views
    No one has replied
  • Windows OpenVPN Clients

    16
    0 Votes
    16 Posts
    3k Views
    GilG

    @derelict said in Windows OpenVPN Clients:

    One thing I would try - sort of a shot in the dark - would be changing the CN for Gil_Mobile to Mobile_Gil.

    I thought I'd give it a try, but has pobably added to the confusion a bit.

    CN: "Gil" fails always (as per previous) CN: "Gil_Mobile" works; but
    it fails on the first attempt if "Mobile_Gil" has just previously connected CN: Mobile_Gil works; but
    it fails on the first attempt if "Gil_Mobile" has just previously connected

    The error message from the first attempt on the OpenVPN Server:

    Feb 5 21:29:23 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 SIGTERM[soft,delayed-exit] received, client-instance exiting
    Feb 5 21:29:17 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 SENT CONTROL [Mobile_Gil]: 'AUTH_FAILED' (status=1)
    Feb 5 21:29:17 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 Delayed exit in 5 seconds
    Feb 5 21:29:17 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 PUSH: Received control message: 'PUSH_REQUEST'
    Feb 5 21:29:16 openvpn user 'Mobile_Gil' authenticated
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 TLS: tls_multi_process: untrusted session promoted to semi-trusted
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1569'
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 TLS Auth Error: Auth Username/Password verification failed for peer
    Feb 5 21:29:16 openvpn 43450
    Gil_Mobile/101.191.59.43:31448 TLS Auth Error: username attempted to change from 'Gil_Mobile' to 'Mobile_Gil' -- tunnel disabled

    I think I'm chasing my tail without some better tools and more understanding of the Microsoft Certificate Storage.

    I am using the openVPN GUI v11.10.0.0 from OpenVPN Technologies Inc. Not sure if there is an alternate app to test with.

    @derelict said in Windows OpenVPN Clients:

    Also there might be some logging that can be turned up on the client that will display what it is doing in that cryptoapicert cal

    I don't see any additional logging options available.

  • Help: VPN site -to -site and Pfsense as a client

    1
    0 Votes
    1 Posts
    387 Views
    No one has replied
  • Pfsense client with open vpn server

    7
    0 Votes
    7 Posts
    2k Views
    K

    @f8dhb

    Hey
    Show the client settings (file client.ovpn)
    Certificates only need to be deleted
    For example, it might look like this
    dev tun
    persist-tun
    persist-key
    cipher AES-128-CBC
    ncp-ciphers AES-128-GCM:AES-256-GCM
    auth SHA256
    tls-client
    client
    resolv-retry infinite
    remote XXX.XXX.XXX.XXX 1194 udp
    verify-x509-name "aaaa.bbbb.local" name
    remote-cert-tls server
    compress
    mssfix 1360

    <ca>
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN PRIVATE KEY-----

    -----END PRIVATE KEY-----
    </key>
    <tls-crypt>
    -----BEGIN OpenVPN Static key V1-----

    -----END OpenVPN Static key V1-----
    </tls-crypt>

  • Can't get LAN to route out OpenVPN tunnel

    9
    0 Votes
    9 Posts
    979 Views
    DerelictD

    Probably not.

  • OpenVPN + Load Balancing + STunnel

    4
    0 Votes
    4 Posts
    813 Views
    D

    Maybe I have found a solution for me. OpenVPN error messages are still there:

    Jan 27 13:09:38 php-fpm 47087 /rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1548594578] unbound[17890:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953 [1548594578] unbound[17890:0] error: cannot open control interface 127.0.0.1 953 [1548594578] unbound[17890:0] fatal error: could not open ports' Jan 27 12:41:03 openvpn 97238 ERROR: FreeBSD route add command failed: external program exited with error status: 1 Feb 2 18:56:11 openvpn 47315 PUSH: Received control message: 'PUSH_REPLY,topology subnet,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,comp-lzo adaptive,route-gateway 10.3.2.3,redirect-gateway ipv6,route-ipv6 2000::/3,ping 10,ping-restart 60,dhcp-option DNS 95.211.146.77,dhcp-option DNS 37.48.94.55,ifconfig-ipv6 fdbf:1d37:bbe0:0:48:18:0:f1/112 fdbf:1d37:bbe0:0:48:18:0:1,ifconfig 10.3.2.241 255.255.255.0,peer-id 0' Feb 2 18:56:11 openvpn 47315 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Feb 2 18:56:11 openvpn 47315 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Feb 2 18:56:11 openvpn 47315 Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS]) Feb 2 18:56:11 openvpn 47315 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Feb 2 18:56:11 openvpn 47315 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])

    I do not have the full speed, but it works with these NAT rules:

    0_1549135808917_NAT.PNG

    Why do i need this localhost rules for OpenVPN?
    Do I need more rules like these?

    browse "System: General Setup" specify desired third-party DNS servers on WAN_DHCP [x] Do not use the DNS Forwarder as a DNS server for the firewall browse "Services: DNS Forwarder" [ ] Enable DNS forwarder browse "System: Advanced: Networking" [ ] Allow IPv6 [x] Prefer to use IPv4 even if IPv6 is available browse "System: Advanced: Miscellaneous" [x] Skip rules when gateway is down [x] Enable gateway monitoring debug logging
  • Cannot ping new host from remote site

    10
    0 Votes
    10 Posts
    900 Views
    DerelictD

    If you can exchange traffic with other hosts on that remote network and not THAT particular host, check for a firewall on THAT host. Check the gateway settings on THAT host. Packet capture on the interface THAT host is connected to for icmp traffic to THAT host IP address and try to ping it. Look at the capture. Are echo requests sent to THAT host captured? Are there replies? No? Check THAT host for the reason.

  • OpenVPN to internal sites

    2
    0 Votes
    2 Posts
    389 Views
    ?

    Hi @pfsmooth ,

    If these addresses are all internal, why redact them? It only prevents observers from being able to accurately assess your configuration. What do your firewall rules look like on the OpenVPN interface? If you are trying to reach multiple LANs from VPN client, are all of the networks you are trying to access listed in the Local Networks field under the OpenVPN server instance? Or do you have the setting "Redirect IPv4 Gateway" enabled?

    The more information you can provide, including the unredacted internal addresses of the devices involved, the better it will help others be able to understand and provide suggestions to resolve your problem.

    Thank you,

    -James

  • OpenVPN Config for Usenetserver VPN for one host only

    3
    1 Votes
    3 Posts
    2k Views
    DudleydoggD

    Found Ubuntu manual setup and found this Line:

    Remember that you will use append @usenetserver at the end of your username (ex. username@usenetserver).

    so no ".com" and it worked.

    thank you for the Info

  • Site to site OpenVPN with destination set to Remote Access (SSL/TLS)?

    7
    0 Votes
    7 Posts
    934 Views
    iorxI

    Yeah! I was missing those. Had an idea that CSO should be enough.

    Gave it a try.

    server pfsense:

    Config: Remote Access added route statement for the remote subnet in custom options local networks: local subnet, remote subnet
    (peer to peer server should have this, still trying to figure out why the remote subnet should be here, but according the pf-guide-doc it should, and it works as intended) CSO: remote networks: remote subnet
    Question here: In the CSO i got a Local Network field. Does this have effect on this kind of config?

    remote pfsense:

    Config: Peer to peer tunnel network: empty remote network: empty (in peer to peer config these are configured at time of connect, true for this scenario too?)

    But, no, can't pass traffic LAN to LAN.

  • Issue to resolve by DNS name and timeouts?

    1
    0 Votes
    1 Posts
    163 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.