OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7
-
Hi @heuvep
I finally received an answer by mail last friday (with
however, after revisiting my pfSense configuration with following params (see below), OpenVpn Tunnel is up, but none traffic can be routed inside ... :-(
of course, no modif in pfSense FW rules between old config (down) and new (up)client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert m_nge.crt
key m_nge.key
remote 151.80.148.150 1281
cipher AES-128-CBC
verb 2
mute 20
keepalive 3 10
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
auth-nocache
remote-cert-tls serverDid I miss something ? Can you please confirm each field ?
Regards !!
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
but none traffic can be routed inside
What can not be routed where?
-
no traffic inside VPN.S OpenVPN tunnel whereas flux should be OK (no change in menu Firewall / Rules / LAN )
I think I missed something in my VPN.S client configuration (menu services / VPN / openvpn / client) ; I look for what, so my question ...
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
no traffic inside VPN.S OpenVPN tunnel whereas flux should be OK
Not helping to be honest, its more like you just had a stroke or something.. "whereas flux should be OK " ???
I think I missed something in my VPN.S client configuration
How would you have missed something.. If all you did was upgrade there wouldn't be any changes, etc..
-
I try to check each param
client
proto udp => field protocol
dev tun => field device mode
ca ca.crt => field ...
dh dh2048.pem => field ...
cert m_nge.crt => field ...
key m_nge.key => field client certificate
remote 151.80.148.150 1281 => fields server host + server port
cipher AES-128-CBC => field data encryption algorithms
verb 2 => field ...
mute 20 => field ...
keepalive 3 10 => field ...
comp-lzo => field ...
persist-key => field ...
persist-tun => field ...
float => field ...
resolv-retry infinite => field ...
nobind => field ...
auth-nocache => field ...
remote-cert-tls server => field ...a screenshot or precisions would be appreciate to be sure ...
Regards
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
I try to check each param
You said you connected, none of those settings would have anything to do with "routing" or not routing.. If you wan some clients to use your vpn connection, that would be setup via a policy route in your firewall rules.
If you want all of your traffic to go out this vpn that could also be set in your gateways and what is set as default..
-
@johnpoz said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
I try to check each param
You said you connected, none of those settings would have anything to do with "routing" or not routing.. If you wan some clients to use your vpn connection, that would be setup via a policy route in your firewall rules.
Perhaps, but not sure ... I really appreciate to have a verif for each field ... only because I didn't change anything in my firewall rules ...
However, I never said I want some client to use my vpn connection
If you really want to help me, please check with me each field in the conf ...If you want all of your traffic to go out this vpn that could also be set in your gateways and what is set as default..
That's no either the subject ... but thx !
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
If you really want to help me, please check with me each field in the conf ...
Why would I waste such time.. Again none of those have anything to do with routing.. Just a quick glance your not actually showing the config anyway.. Here is a client config from pfsense for openvpn
[23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3: cat config.ovpn dev ovpnc3 disable-dco verb 1 dev-type tun dev-node /dev/tun3 writepid /var/run/openvpn_client3.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 209.snipped tls-client lport 0 management /var/etc/openvpn/client3/sock unix remote 209.snipped 1194 udp4 pull capath /var/etc/openvpn/client3/ca cert /var/etc/openvpn/client3/cert key /var/etc/openvpn/client3/key tls-crypt /var/etc/openvpn/client3/tls-crypt data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM data-ciphers-fallback AES-128-GCM allow-compression no resolv-retry infinite route-noexec tls-version-min 1.3 route-nopull [23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3:Not sure what you posted - but clearly its not complete, nor a screenshot even from your gui setup of your client, etc.
So how do I know if you even put in what you posted, etc.
-
@johnpoz said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
Please note we are in a particular case, around VPN.S provider ...
Regarding my post, I only share information communicated by provider ; as I said, I just try WITH PEOPLE WHO SHARES THE SAME DIFFICULTIES WITH THIS PROVIDER to confront configurations and experience return@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
If you really want to help me, please check with me each field in the conf ...
Why would I waste such time.. Again none of those have anything to do with routing.. Just a quick glance your not actually showing the config anyway.. Here is a client config from pfsense for openvpn
If you answer, it's because you have solution ... or not !
If you don't want to waste such time, don't answer ... I didn't ping you, but @heuvep[23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3: cat config.ovpn dev ovpnc3 disable-dco verb 1 dev-type tun dev-node /dev/tun3 writepid /var/run/openvpn_client3.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 209.snipped tls-client lport 0 management /var/etc/openvpn/client3/sock unix remote 209.snipped 1194 udp4 pull capath /var/etc/openvpn/client3/ca cert /var/etc/openvpn/client3/cert key /var/etc/openvpn/client3/key tls-crypt /var/etc/openvpn/client3/tls-crypt data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM data-ciphers-fallback AES-128-GCM allow-compression no resolv-retry infinite route-noexec tls-version-min 1.3 route-nopull [23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3:Not sure what you posted - but clearly its not complete, nor a screenshot even from your gui setup of your client, etc.
see above ...
So how do I know if you even put in what you posted, etc.
I didn't catch your point, but thx anyway for your efforts
Regards
W.
-
I found my issue : compression param was misconfigured ! :-)
I was able to find thanks to @johnpoz config share !
Regards
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
compression param was misconfigured
which has nothing to do with "routing" which was your question.. Glad you got it sorted!
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
I found my issue : compression param was misconfigured ! :-)
I was able to find thanks to @johnpoz config share !
you're right ; however, if your compression param is not OK, there's no traffic in the OpenVPN tunnel ... and no byte sent / received in Status / openVPN menu ...
Symptoms are the same as routing issue ... which was my interrogation ...Have a nice end of day !
W.
