OpenVPN

• ?

  Securing WLAN with OpenVPN
  • Guest

  13
  0
  Votes
  13
  Posts
  5882
  Views

  T

  If I'm understanding what you want…. On your WLAN... only create a rule to allow the OVPN connection. Then you'll push DNS,WINS, and GATEWAY via OVPN also add a push route to your LAN, if you want a connection there.
• J

  Pfsense and other firewalls
  • jasco

  2
  0
  Votes
  2
  Posts
  2212
  Views

  H

  I haven't used openvpn yet but I have several locations running ipsectunnels. Biggest network consists of 12 locations that are all connected to each other through the mainoffice (only location that has a static IP) which acts as vpn concentrator. This setup is only using pfSense's everywhere. I also have another setup where a pfSense CARP cluster has VPN connections to a cisco pix, another pfSense and a sonicwall. Everything works smooth :-) For some examples how to configure the non pfSense systems see http://doc.m0n0.ch/handbook-single/#Example.VPN . Before you start to set this up you need to do some subnetcalculations. If you use IPSEC for that and need the remote locations to talk to each other through the central location you need to use some bigger subnetmasks at the central unit.
• P

  Connected Users
  • peterclo

  2
  0
  Votes
  2
  Posts
  2036
  Views

  S

  Someone was working on a status page.  Search the forum.
• S

  Site 2 site vpn question
  • StefanSander

  8
  0
  Votes
  8
  Posts
  4620
  Views

  T

  the site 2 site is very simple to set up (with the pdf document)…. but is it also possible to connect 3 pfsense client machines to one openvpnserver-pfsensemachine and routed the networks behind the 3 pfsense machines......(i don't want to open to much external (firewall) ports PC1                                              PC2       |                                                | NETWORK1                                NETWORK2                                NETWORK3       |                                                |                                          | OPENVPNCLIENT1                    OPENVPNCLIENT2                        OPENVPNCLIENT3       |                                                |                                          | PFSENSE1                                  PFSENSE2                                  PFSENSE3       |                                                |                                          |     ---------------------------------------------------------------------                                                       |                                                                                    OPENVPNSERVER                                                 PFSENSE4                                                       |                                                       PC3 So that PC2 can ping PC1 and PC3 and PC3 can ping PC2 and PC1 and PC1 can ping PC2 and PC3
• A

  OpenVPN with Hifn 7955 support
  • awestwell

  10
  0
  Votes
  10
  Posts
  8694
  Views

  B

  @Numbski: billm, I hope you're wrong about this.  Here's why: I have a client that needed some serious entropy available to an application.  We purchased a hifn card to supplement /dev/random.  FreeBSD does not create /dev/hwrandom, and from all appearances, speed of the customer's application went waaay up, and the deployment passed some certification process that I was not involved in.  So….hmm. Interesting stuff.  Perhaps I should dig into this further?  BTW, another option if I recall correctly would be to insert a sound card, get the driver working, get the block device for the mic-in, then take and have that constantly dumping to /dev/random too. (don't hold me to that, never personally tried it!) You're probably correct. –Bill
• E

  Installation problem with openvpn
  • elfron2k

  5
  0
  Votes
  5
  Posts
  2953
  Views

  H

  Maybe a link in the tutorial to http://www.openvpn.se/mycert/ would be nice too.
• T

  1.0.1 possible bug [with openvpn] ?
  • trendchiller

  3
  0
  Votes
  3
  Posts
  2892
  Views

  T

  Ok… Thanks... thought so... then I'll test a little more  :P
• P

  Accessing Windows shares
  • peterclo

  11
  0
  Votes
  11
  Posts
  9713
  Views

  D

  cheers, i will add all solutions & fallbacks to the tutorial so we can prevent further problems like these. will be online next week. kind regards dairaen
• P

  OpenVPN oddity
  • prophecy

  4
  0
  Votes
  4
  Posts
  3021
  Views

  P

  ok scratch that. its fixed
• B

  How to delete vpn tun interface
  • batmanAgen

  4
  0
  Votes
  4
  Posts
  12003
  Views

  N

  ifconfig tunX destroy
• P

  Can't access LAN from WAN
  • peterclo

  15
  0
  Votes
  15
  Posts
  12348
  Views

  D

  Maybe you could add a "Beware of your gateway" line in the section where you're supposed to test your new VPN tunnel? done ;)
• C

  Network from VPN Server unreachable through the Lan
  • cracker

  8
  0
  Votes
  8
  Posts
  8908
  Views

  D

  Your not going to like to hear this but I went with IPSEC vpn's instead.  The interface is much more reliable and pfsense's implementation will allow you to configure the server as a remote client portal.  All the pfsense clients connect as if they were a site to site and it takes care of all routes beautifully.  It doesnt matter if they are dynamic or static ip's with this conifig also.  I will keep checking with OVPN and hopefully they will have all the kinks worked out soon.
• M

  Openvpn issues since 1.0RC3
  • MathieuMa

  8
  0
  Votes
  8
  Posts
  4854
  Views

  S

  After the openvpn tunnel comes up, openvpn launches our script that reloads the filter rules, then it notices tun0 and sets everything up.
• R

  OpenVPN Weirdness
  • Russ

  5
  0
  Votes
  5
  Posts
  5417
  Views

  S

  Update to the latest 1.0-RCe… Upload a, b,c,d,e. We changed how OpenVPN is launched now.
• B

  Password protected certificates in openvpnclient
  • bernt

  1
  0
  Votes
  1
  Posts
  2312
  Views

  No one has replied

• A

  Brigde mode in 1.0-RC3
  • adamn

  3
  0
  Votes
  3
  Posts
  2617
  Views

  A

  Thanks, now its works
• C

  Howto restrict traffic to/from OVPN (tunx) interface
  • cracker

  3
  0
  Votes
  3
  Posts
  2914
  Views

  H

  Neither on IPSEC in 1.0 if that is the next question.
• P

  OpenVPN Site 2 Site connection PFSence v1.0-RC3
  • pisang98

  4
  0
  Votes
  4
  Posts
  8242
  Views

  F

  Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!
• S

  How to activate OpenVPN on RC2?
  • StefanSander

  3
  0
  Votes
  3
  Posts
  3245
  Views

  D

  I am having the same issue and have recently upgraded to R3 with no help.  I also tried downloading the latest snapshot but the images arent available from the link.  Any ideas?
• S

  OVPN Troubleshooting, please help
  • StefanSander

  7
  0
  Votes
  7
  Posts
  6657
  Views

  N

  Yeah, that only works when bridging, and well, you can see the novella being created by my efforts to get that working. :P
• 

  OpenVPN Client configuration in Snapshot 06-09-21 and previous
  • JeGr

  3
  0
  Votes
  3
  Posts
  3045
  Views

  

  Ah didn't figure that out - must be missing the "both" keyword in the "ports" keyword description. Thanks for pointing out. Yeah, right, the tunnel is supposed to be established between the two devices on the same port on both ends, as that makes maintaining the firewall ports easier and more transparent.
• B

  Need Help Understanding OPENvpn to the pfsense - security - be gentle :-)
  • bullwinkle

  4
  0
  Votes
  4
  Posts
  3084
  Views

  H

  That howto needs some additional work. Seems there are some things not completely correct. You won't open up your network to the whole internet, only to authenticated clients that then have an encrypted connection to your site.
• V

  Help with OpenVPN tunnel without encryption
  • VaCUm

  1
  0
  Votes
  1
  Posts
  3284
  Views

  No one has replied

• S

  This setup possible with pfsense?
  • StefanSander

  3
  0
  Votes
  3
  Posts
  3217
  Views

  

  OpenVPN should work, as long as its standard UDP Port (1194) ist properly redirected to the pfSense box behind the Cisco. The other pfsense on the ADSL (I assume) line should work just fine. Anything further depends on the ip/netmasks used on either side and the mode used for openvpn. But at a first glance I can't see anything that should spoil the fun here - as long as the cisco is fowarding the openvpn-udp packets adressed for the public ip to the pfsense on its transfer-net (wan)
• M

  OpenVPN kills WAN and LAN connections
  • mbower

  10
  0
  Votes
  10
  Posts
  5489
  Views

  N

  This is going to sound dumb, but just reload.  Seriously. I've had this bug occur on firefox on various platforms depending on what extensions I have installed.  Reload, disable NoScript, whitelist the site in Adblock, do whatever you have to do to make sure javascript executes, etc etc etc. It'll come back.  If not, try leaving some cat food out on the front porch.  Maybe it'll find it's way home then.  ;D
• R

  OpenVPN and dual WAN
  • rcasas

  12
  0
  Votes
  12
  Posts
  9095
  Views

  N

  there are also route-up and route-down, plus just plain route statments that can be placed into your server config.  ;D Please look more carefully at the examples.  You'll be amazed at how customized openvpn can get.
• S

  Article on creating OpenVPN keys
  • sullrich

  3
  0
  Votes
  3
  Posts
  13737
  Views

  F

  For users portuguese and brazilian http://www.dicas-l.com.br/dicas-l/20060316.php Article in portuguese about Openvpn and create keys
• S

  OpenVPN error with 0.0.0.0/0 Remote network
  • sbyoon

  2
  0
  Votes
  2
  Posts
  6272
  Views

  S

  I solved this problme with custom option of push "redirect-gateway". Thank you.