Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site2Site VPN ipfire to pfsense

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      schleyk
      last edited by

      Hello,
      I have a problem with the OpenVPN connection.
      The pfsense firewall is the OpenVPN-Server and the ipfire firewall is the OpenVPN-Client.

      OpenVPN-Server pfsense config:

      	 <openvpn><openvpn-server><vpnid>1</vpnid>
      			<mode>p2p_tls</mode>
      			<protocol>UDP</protocol>
      			<dev_mode>tun</dev_mode>
      			<ipaddr></ipaddr>
      			<interface>wan</interface>
      			<local_port>1194</local_port>
      			 <description><custom_options><caref>577263a900043</caref>
      
      			<certref>5772b54968d59</certref>
      			<dh_length>2048</dh_length>
      			<cert_depth>1</cert_depth>
      			<crypto>AES-256-CBC</crypto>
      			<digest>RSA-SHA256</digest>
      			<engine>none</engine>
      			<tunnel_network>192.168.111.0/24</tunnel_network>
      			 <tunnel_networkv6><remote_network>10.0.20.0/24</remote_network>
      			 <remote_networkv6><local_network>172.30.0.0/24</local_network>
      			 <local_networkv6><maxclients><compression>no</compression>
      			<passtos></passtos>
      
      			<dynamic_ip>yes</dynamic_ip>
      			<pool_enable>yes</pool_enable>
      			<topology>subnet</topology>
      
      			<serverbridge_interface>none</serverbridge_interface>
      			 <serverbridge_dhcp_start><serverbridge_dhcp_end><netbios_enable></netbios_enable>
      			<netbios_ntype>0</netbios_ntype>
      			 <netbios_scope><verbosity_level>11</verbosity_level></netbios_scope></serverbridge_dhcp_end></serverbridge_dhcp_start></maxclients></local_networkv6></remote_networkv6></tunnel_networkv6></custom_options></description></openvpn-server></openvpn> 
      

      OpenVPN-Client ipfire config:

      
      # IPFire n2n Open VPN Client Config by ummeegge und m.a.d
      # 
      # User Security
      user nobody
      group nobody
      persist-tun
      persist-key
      script-security 2
      # IP/DNS for remote Server Gateway
      remote 195.154.x.x
      float
      # IP adresses of the VPN Subnet
      ifconfig 192.168.111.2 192.168.111.1
      # Server Gateway Network
      route 10.0.10.0 255.255.255.0
      # tun Device
      dev tun
      #Logfile for statistics
      status-version 1
      status /var/run/openvpn/-n2n 10
      # Port and Protokoll
      port 1194
      proto udp
      # Paketsize
      tun-mtu 1500
      fragment 1300
      mssfix
      ns-cert-type server
      # Auth. Client
      tls-client
      # Cipher
      cipher AES-256-CBC
      pkcs12 /var/ipfire/ovpn/certs/pf.p12
      # HMAC algorithm
      auth SHA256
      # Debug Level
      verb 3
      # Tunnel check
      keepalive 10 60
      # Start as daemon
      daemon pfn2n
      writepid /var/run/pfn2n.pid
      # Activate Management Interface and Port
      management localhost 1194
      # remsub 172.30.0.0/255.255.255.0
      
      

      OpenVPN-Server log:

      
      Jun 28 21:52:37 	openvpn 	58809 	PO_CTL rwflags=0x0001 ev=7 arg=0x00692584
      Jun 28 21:52:37 	openvpn 	58809 	PO_CTL rwflags=0x0001 ev=5 arg=0x00692588
      Jun 28 21:52:37 	openvpn 	58809 	I/O WAIT TR|Tw|SR|Sw [10/0]
      Jun 28 21:52:37 	openvpn 	58809 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00693720
      Jun 28 21:52:37 	openvpn 	58809 	event_wait returned 1
      Jun 28 21:52:37 	openvpn 	58809 	I/O WAIT status=0x0001
      Jun 28 21:52:37 	openvpn 	58809 	UDPv4 read returned 114
      Jun 28 21:52:37 	openvpn 	58809 	TLS State Error: No TLS state for client [AF_INET]87.132.x.x:1194, opcode=4
      Jun 28 21:52:37 	openvpn 	58809 	GET INST BY REAL: 87.132.x.x:1194 [failed]
      Jun 28 21:52:37 	openvpn 	58809 	SCHEDULE: schedule_find_least NULL
      Jun 28 21:52:37 	openvpn 	58809 	PO_CTL rwflags=0x0001 ev=6 arg=0x00693720
      Jun 28 21:52:37 	openvpn 	58809 	PO_CTL rwflags=0x0001 ev=7 arg=0x00692584
      Jun 28 21:52:37 	openvpn 	58809 	PO_CTL rwflags=0x0001 ev=5 arg=0x00692588 
      
      

      OpenVPN-Client log:

      
      IPFire diagnostics
      Section: openvpn
      Date: June 28, 2016
      
      21:51:03 pfn2n[17087]:  VERIFY OK: depth=0, C=DE, ST=BaWu, L=xxx, O=xxxx, emailAddress=vpn@xxxx, CN=test.xxxx
      21:51:03 pfn2n[17087]:  VERIFY OK: nsCertType=SERVER
      21:51:03 pfn2n[17087]:  VERIFY OK: depth=1, C=DE, ST=BaWu, L=xxx, O=xxxx, emailAddress=vpn@xxxx, CN=internal-ca
      21:51:03 pfn2n[17087]:  TLS: Initial packet from [AF_INET]195.154.x.x:1194, sid=478bfbc1 106c30b7
      21:51:03 pfn2n[17087]:  UDPv4 link remote: [AF_INET]195.154.x.x:1194
      21:51:03 pfn2n[17087]:  UDPv4 link local (bound): [AF_INET]192.168.2.254:1194
      21:51:03 pfn2n[17087]:  Preserving previous TUN/TAP instance: tun1
      21:51:03 pfn2n[17087]:  Socket Buffers: R=[212992->131072] S=[212992->131072]
      21:51:03 pfn2n[17087]:  NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      21:51:01 pfn2n[17087]:  Restart pause, 2 second(s)
      21:51:01 pfn2n[17087]:  SIGUSR1[soft,ping-restart] received, process restarting
      21:51:01 pfn2n[17087]:  [test.xxxx] Inactivity timeout (--ping-restart), restarting
      21:50:03 pfn2n[17087]:  MANAGEMENT: Client disconnected
      21:50:03 pfn2n[17087]:  MANAGEMENT: CMD 'state'
      21:50:03 pfn2n[17087]:  MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1194
      21:50:00 pfn2n[17087]:  VERIFY OK: depth=0, C=DE, ST=BaWu, L=xxx, O=xxxx, emailAddress=vpn@xxxx, CN=test.xxxx
      21:50:00 pfn2n[17087]:  VERIFY OK: nsCertType=SERVER
      21:50:00 pfn2n[17087]:  VERIFY OK: depth=1, C=DE, ST=BaWu, L=xxx, O=xxxx, emailAddress=vpn@xxxx, CN=internal-ca
      21:50:00 pfn2n[17087]:  TLS: Initial packet from [AF_INET]195.154.x.x:1194, sid=bc4d0405 6a7a28f4
      21:50:00 pfn2n[17087]:  UDPv4 link remote: [AF_INET]195.154.x.x:1194
      21:50:00 pfn2n[17087]:  UDPv4 link local (bound): [AF_INET]192.168.2.254:1194
      21:50:00 pfn2n[17087]:  UID set to nobody
      21:50:00 pfn2n[17087]:  GID set to nobody
      21:50:00 pfn2n[17087]:  /sbin/ip route add 172.30.0.0/24 via 192.168.111.1
      21:50:00 pfn2n[17087]:  /etc/init.d/static-routes start tun1 1500 1573 192.168.111.2 192.168.111.1 init
      21:50:00 pfn2n[17087]:  /sbin/ip addr add dev tun1 local 192.168.111.2 peer 192.168.111.1
      21:50:00 pfn2n[17087]:  /sbin/ip link set dev tun1 up mtu 1500
      21:50:00 pfn2n[17087]:  do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      21:50:00 pfn2n[17087]:  TUN/TAP TX queue length set to 100
      21:50:00 pfn2n[17087]:  TUN/TAP device tun1 opened
      21:50:00 pfn2n[17087]:  ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=red0 HWADDR=00:0d:b9:xx:xx:xx
      21:50:00 pfn2n[17087]:  Socket Buffers: R=[212992->131072] S=[212992->131072]
      21:50:00 pfn2n[17087]:  NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      21:50:00 pfn2n[17087]:  MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1194
      21:50:00 pfn2n[17086]:  library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
      21:50:00 pfn2n[17086]:  OpenVPN 2.3.7 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr  1 2016
      
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.