• PC1 -> pfSense 1 <– site tunnel -> pfSense 2 <- PC2

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    GruensFroeschliG

    Pushes only work for PKI's where the connecting clients recieve their configuration from the server.

    In a site-to-site setup the whole config comes from the local config-file.

  • Yes, another "Can't ping the network behind the firewall" question.

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    GruensFroeschliG

    Could you desribe this a bit more?
    Because as i wrote before: there is no firewall for OpenVPN.

  • OpenVPN tunnel IP's

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A

    Fixed this with a custom ifconfig option :)

  • Max number of vpn client

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G

    @GruensFroeschli:

    As many as you want, limited by the bandwidth and CPU power you have.

    sound nice and interesting ::)

    thanx gurens !!!

  • Vpn connection to opt1 bridged to wan

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    F

    Ahh yes, I'm sorry.

    I'm trying to obtain more information about the setup and what's been done so far. I appologize as this is not my network and I am merely relaying what I have.

  • Openvpn using default gateway

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    E

    Ok, it doesnt seem to have anything to do with the default gw.

    I changed several things and I cant really tell what the solution was, but now it works.

    my systemtime was wrong for some reason it didnt work with wlan (ubuntu client) in the option field i put local xxx.xxx.xxx.xxx (static ip) to force ovpn to listen on the static ip i had to start ovpn with sudo on the commandline because with normal user rights the tun device couldnt be configured

    Maybe this helps somebody.

    e.

  • Problem only with OVPN 2.1 rc9, anyone else?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    AhnHELA

    Thanks Kev, try using the older release openvpn-2.1_rc7 with your same configuration and see if you successfully complete initialization.  Its at the bottom of the following link:

    http://openvpn.net/release/

    Or even openvpn-2.1_rc8 from this link if you use Windows:

    https://secure.openvpn.net/beta/openvpn-2.1_rc8-install.exe

    Those 2 versions still work for me while rc9 does not.

  • Pfsense and a crypto card for vpn acceleration

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    dotdashD

    The hifn chips are supported on pfSense, and work well for IPSec. Search for vpn1411 for some more info. I'm not that familiar with OpenVPN, so I'm not sure if it uses the hardware crypto. BTW, you should have posted in the openvpn forum, not the IPSec forum…

  • OpenVPN gateway

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    G

    @chpalmer:

    I copied from my(release) config file and pasted to the config file for the snapshot.  That may have not been a good idea so Im going to start over later when I get some time.

    Probably not a good idea!  I don't know what might have changed but you never know.  I's suggest that you create it from scratch on teh new GUI.  If you really wanted to you could compare the .xml files to see any changes …

    Cheers
    Jon

  • OpenVPN + dynamic IP

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    S

    Thanks for reply, GruensFroeschli

    @GruensFroeschli:

    1: I suppose it's possible. If one of the connections goes down your other balancer will put the attempt to reestablish the connection just on the second link.

    2: I'm not sure what you're trying to ask.
    Do you mean if it's better to let theRV042 do the loadbalancing or pfSense?
    If you want failover for OpenVPN i think it's better to let the RV042 do the loadbalancing the job.
    I dont think you can create failover-pools for pfSense itself, since pfSense uses outbound only its WAN for services running on it.

    I need site-to-site OpenVPN Loadbanace not fail over. :)
    [pfSense Box]-WAN-192.168.1.2< –--->192.168.1.1-LAN- [RV042 Loadbalance Router]-WAN1-[IP by ISP]–---Modem1--->
    [ OpenVPN  ]                                                              [                                  ]-WAN2-[IP by ISP]–---Modem2--->

    Sompong

  • Remote dns with local dns as secondary?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G

    You don't say what OS you are using on your laptop.

    I would suggest that you run a local DNS server on your laptop.  Configure it to forward to your work DNS for their internal domains and at your home system for its domains.  Then point it at what ever can get out of the door for everything else (can be both).  Finally, point your laptop at its own DNS server on 127.0.0.1.

    Cheers
    Jon

  • OpenVPN and MultiWAN [SOLVED]

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    G

    @razor2000:

    When running OpenVPN on your OPT1/OPT2 lines, be sure to use TCP instead of the default UDP for your port.  pfSense has issues when trying to connect to any port that runs on the UDP protocol when not using the WAN interface.

    Give it a try and good luck! :)

    You sir a genius!  I think I saw that posted somewhere but must have ignored it.

    OpenVPN received wisdom is that TCP over TCP is a bad idea, something to do with a double exponential stand off which can cause serious performance snags.  Funnily enough I've been running it like that for years prior to putting in pfSense but thought I'd do the right thing this time - oh well!

    I have (briefly) tested all three of my external connections to my office LAN via this and they work very well.  I'm nearly ready to bin the many IPSEC tunnels which are a constant pain - regularly dropping and not recovering, unlike OVPN which has always struck me as far more robust.

  • 0 Votes
    1 Posts
    2k Views
    No one has replied
  • 0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    Well you "could" "try" to uninstall snort and see if it works again.
    If this is the case you can start looking for how you missconfigured snort that this happened.

  • Networkmanager-openvpn and pfsense?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    K

    Yes, I've waded through all available docs.  It seems to be a Fedora rawhide specific problem, FC9 works.

  • New to openVPN

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    Please read the stickies and the howtos since there are step-by-step guides.

  • Routing VNC on VPN

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    GruensFroeschliG

    I assume your mobile warriors dont get NATed to the internet.

    http://forum.pfsense.org/index.php/topic,7001.0.html

    Per default for every local "real" interface a rule will be installed that NAT's from this interface to WAN.
    If you want to have Internet access from multiple LAN subnets (ie. you have a router behind pfSense with another subnet) enable Advanced outbound NAT and create a rule for every IP range you want to be NAT'ed.
    The same goes for OpenVPN if you want the OpenVPN subnet NAT'ed to WAN.
    You need to create a rule for every subnet you want NAT'ed.
    Alternatively you can change the source of single existing rule from LAN to "any" thus NAT'ing everything.
    (screenshots to clarify: http://forum.pfsense.org/index.php/topic,7693.0.html )
    This might create a problem for FTP with multiWAN
    more here: http://forum.pfsense.org/index.php/topic,7096.msg40810.html#msg40810

    Try this.
    I'm not sure, but i think this should help.

  • Pfsense 1.2 + openvpn + road-warrior cannot access windows share?

    Locked
    6
    0 Votes
    6 Posts
    7k Views
    T

    This isn't too hard.

    The point is that you have to have your wins server announce on the subnet where the VPN hosts are too. This requires a few changes in the setup.

    1. You need to make the WINS server know it has another subnet to relate to:
    in smb.conf:

    make sure hosts allow contains the subnet

    hosts allow = 127.0.0.1 10.23.23.0/24
    wins support = yes

    2. The you have to add the following options to the openvpn server:
    push "dhcp-option NBT 2"
    push "dhcp-option DNS <your dns="" ip="">"   
    push "dhcp-option WINS <your wins="" server="" ip="">"

    I find browsing a bit slow. I am not sure why, so if anyone has some input on that, I would be greatfull.</your></your>

  • No way to revoke certs?

    Locked
    10
    0 Votes
    10 Posts
    9k Views
    P

    I'll test this now with creating and revoking certs and see how I go.

    Good to see I wasn't insane and others couldn't revoke as well!

    Update

    Creating certs works ok, you can't do a ./pkitool on its own now to get the usage message because the CN is now defined in the vars (so it generates a passwordless cert called whatever you set that variable to) but if you define your own CN on the command line it overrides vars.

    After playing around it seems to revoke the certs but not actually use the CRL?  I tried a few different things stop start service manually add the crl to the config page etc… but cant do a system restart at the moment.

    What needs to be done to get them to actually be revoked on login?  At the moment they just time out after seemingly verifying ok.  Logs also dont mention revoke.

    Jul 11 12:15:15 openvpn[90005]: xxxxxxxxxxxx:1194 TLS Error: TLS handshake failed
    Jul 11 12:15:15 openvpn[90005]: xxxxxxxxxxxx:1194 TLS Error: TLS object -> incoming plaintext read error
    Jul 11 12:15:15 openvpn[90005]: xxxxxxxxxxxx:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
    Jul 11 12:15:15 openvpn[90005]: xxxxxxxxxxxx:1194 Re-using SSL/TLS context
    Jul 11 12:14:16 openvpn[90005]: xxxxxxxxxxxx:1194 TLS Error: TLS handshake failed
    Jul 11 12:14:16 openvpn[90005]: xxxxxxxxxxxx:1194 TLS Error: TLS object -> incoming plaintext read error
    Jul 11 12:14:16 openvpn[90005]: xxxxxxxxxxxx:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
    Jul 11 12:14:13 openvpn[90005]: xxxxxxxxxxxx:1194 Re-using SSL/TLS context

  • Speed issues reported by roaming users

    Locked
    15
    0 Votes
    15 Posts
    6k Views
    N

    Yep, I have that rule

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.