Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues setting up OpenVPN with TigerVPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jbradshw
      last edited by

      Alix 2d3 with pfSense 2.3.2-p1
      1 WAN
      1 LAN

      So I'm trying to incorporate the OpenVPN directly in the pfsense router vs on the client itself. I've followed several config guides, including this one to assist getting it applied to an interface, along with setting up the gateway on the LAN interface.

      https://forum.pfsense.org/index.php?topic=76015.0

      But after all of that, when I hit any site (like what's my IP sites), it's seeing my real IP, and not the VPN IP. If I do a ping test from the router (Diagnostics/Ping) and choose the VPN interface, it's successful. So I'm not sure what I'm missing here.

      The client sent me this to use for the openvpn config:

      client
      remote nyc.tigervpn.com 1194 udp
      remote nyc.tigervpn.com 443 tcp-client

      pull
      auth-user-pass
      comp-lzo adaptive
      ca ca.crt
      dev tun
      tls-client
      script-security 2
      cipher AES-256-CBC
      mute 10

      route-delay 5
      redirect-gateway def1
      resolv-retry infinite
      #dhcp-renew
      #dhcp-release
      persist-key
      persist-tun
      remote-cert-tls server
      mssfix

      I've since combined these with the current settings from where I set it up (in GUI) and this is the current client1.conf file (I commented out duplicate stuff and moved it to the bottom):

      dev ovpnc1
      verb 4
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 73.82.XX.XX (hiding my IP address)
      engine cryptodev
      tls-client
      client
      lport 0
      management /var/etc/openvpn/client1.sock unix
      remote nyc.tigervpn.com 1194
      auth-user-pass /var/etc/openvpn/client1.up
      ca /var/etc/openvpn/client1.ca
      cert /var/etc/openvpn/client1.cert
      key /var/etc/openvpn/client1.key
      tls-auth /var/etc/openvpn/client1.tls-auth 1
      comp-lzo adaptive
      resolv-retry infinite

      remote nyc.tigervpn.com 443 tcp-client
      auth-user-pass /etc/openvpn-password.txt  <- this was the only way i could get authentication to work, else I got a different error

      pull
      script-security 2
      route-delay 5
      redirect-gateway def1
      remote-cert-tls server
      mssfix

      #client
      #remote nyc.tigervpn.com 1194 udp
      #auth-user-pass
      #comp-lzo adaptive
      #ca ca.crt
      #dev tun
      #tls-client
      #cipher AES-256-CBC
      #mute 10
      #resolv-retry infinite
      #dhcp-renew
      #dhcp-release
      #persist-key
      #persist-tun

      The connection is always in a "Down" state and this is the OpenVPN logs (newest first):

      Apr 10 15:26:05 openvpn 74479 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]162.220.220.26:1194
      Apr 10 15:26:05 openvpn 74479 TLS: Initial packet from [AF_INET]162.220.220.26:1194, sid=03a84775 77171301
      Apr 10 15:26:04 openvpn 74479 MANAGEMENT: Client disconnected
      Apr 10 15:26:04 openvpn 74479 MANAGEMENT: CMD 'state 1'
      Apr 10 15:26:04 openvpn 74479 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Apr 10 15:26:01 openvpn 74479 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]162.220.220.26:1194
      Apr 10 15:26:01 openvpn 74479 TLS: Initial packet from [AF_INET]162.220.220.26:1194, sid=03a84775 77171301
      Apr 10 15:25:59 openvpn 74479 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]162.220.220.26:1194
      Apr 10 15:25:59 openvpn 74479 TLS: Initial packet from [AF_INET]162.220.220.26:1194, sid=03a84775 77171301
      Apr 10 15:25:59 openvpn 74479 UDPv4 link remote: [AF_INET]162.220.220.26:1194
      Apr 10 15:25:59 openvpn 74479 UDPv4 link local (bound): [AF_INET]73.82.XX.XX
      Apr 10 15:25:59 openvpn 74479 Expected Remote Options hash (VER=V4): '162b04de'
      Apr 10 15:25:59 openvpn 74479 Local Options hash (VER=V4): '9e7066d2'
      Apr 10 15:25:59 openvpn 74479 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
      Apr 10 15:25:59 openvpn 74479 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
      Apr 10 15:25:59 openvpn 74479 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
      Apr 10 15:25:59 openvpn 74479 Socket Buffers: R=[42080->42080] S=[57344->57344]
      Apr 10 15:25:59 openvpn 74479 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
      Apr 10 15:25:59 openvpn 74479 LZO compression initialized
      Apr 10 15:25:59 openvpn 74479 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 10 15:25:59 openvpn 74479 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 10 15:25:59 openvpn 74479 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
      Apr 10 15:25:59 openvpn 74479 Initializing OpenSSL support for engine 'cryptodev'
      Apr 10 15:25:59 openvpn 74479 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Apr 10 15:25:59 openvpn 74479 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
      Apr 10 15:25:59 openvpn 74413 WARNING: file '/etc/openvpn-password.txt' is group or others accessible
      Apr 10 15:25:59 openvpn 74413 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
      Apr 10 15:25:59 openvpn 74413 OpenVPN 2.3.11 i386-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
      Apr 10 15:25:59 openvpn 74413 auth_user_pass_file = '/etc/openvpn-password.txt'
      Apr 10 15:25:59 openvpn 74413 pull = ENABLED
      Apr 10 15:25:59 openvpn 74413 client = ENABLED
      Apr 10 15:25:59 openvpn 74413 port_share_port = 0
      Apr 10 15:25:59 openvpn 74413 port_share_host = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 auth_user_pass_verify_script_via_file = DISABLED
      Apr 10 15:25:59 openvpn 74413 auth_user_pass_verify_script = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 max_routes_per_client = 256
      Apr 10 15:25:59 openvpn 74413 max_clients = 1024
      Apr 10 15:25:59 openvpn 74413 cf_per = 0
      Apr 10 15:25:59 openvpn 74413 cf_max = 0
      Apr 10 15:25:59 openvpn 74413 duplicate_cn = DISABLED
      Apr 10 15:25:59 openvpn 74413 enable_c2c = DISABLED
      Apr 10 15:25:59 openvpn 74413 push_ifconfig_ipv6_remote = ::
      Apr 10 15:25:59 openvpn 74413 push_ifconfig_ipv6_local = ::/0
      Apr 10 15:25:59 openvpn 74413 push_ifconfig_ipv6_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 push_ifconfig_remote_netmask = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 push_ifconfig_local = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 push_ifconfig_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 tmp_dir = '/tmp'
      Apr 10 15:25:59 openvpn 74413 ccd_exclusive = DISABLED
      Apr 10 15:25:59 openvpn 74413 client_config_dir = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 client_disconnect_script = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 learn_address_script = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 client_connect_script = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 virtual_hash_size = 256
      Apr 10 15:25:59 openvpn 74413 real_hash_size = 256
      Apr 10 15:25:59 openvpn 74413 tcp_queue_limit = 64
      Apr 10 15:25:59 openvpn 74413 n_bcast_buf = 256
      Apr 10 15:25:59 openvpn 74413 ifconfig_ipv6_pool_netbits = 0
      Apr 10 15:25:59 openvpn 74413 ifconfig_ipv6_pool_base = ::
      Apr 10 15:25:59 openvpn 74413 ifconfig_ipv6_pool_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 ifconfig_pool_persist_refresh_freq = 600
      Apr 10 15:25:59 openvpn 74413 ifconfig_pool_persist_filename = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 ifconfig_pool_netmask = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 ifconfig_pool_end = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 ifconfig_pool_start = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 ifconfig_pool_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 server_bridge_pool_end = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 server_bridge_pool_start = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 server_bridge_netmask = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 server_bridge_ip = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 server_netbits_ipv6 = 0
      Apr 10 15:25:59 openvpn 74413 server_network_ipv6 = ::
      Apr 10 15:25:59 openvpn 74413 server_netmask = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 server_network = 0.0.0.0
      Apr 10 15:25:59 openvpn 74413 tls_auth_file = '/var/etc/openvpn/client1.tls-auth'
      Apr 10 15:25:59 openvpn 74413 tls_exit = DISABLED
      Apr 10 15:25:59 openvpn 74413 push_peer_info = DISABLED
      Apr 10 15:25:59 openvpn 74413 single_session = DISABLED
      Apr 10 15:25:59 openvpn 74413 transition_window = 3600
      Apr 10 15:25:59 openvpn 74413 handshake_window = 60
      Apr 10 15:25:59 openvpn 74413 renegotiate_seconds = 3600
      Apr 10 15:25:59 openvpn 74413 renegotiate_packets = 0
      Apr 10 15:25:59 openvpn 74413 renegotiate_bytes = 0
      Apr 10 15:25:59 openvpn 74413 tls_timeout = 2
      Apr 10 15:25:59 openvpn 74413 ssl_flags = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_eku = 'TLS Web Server Authentication'
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 0
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 136
      Apr 10 15:25:59 openvpn 74413 remote_cert_ku = 160
      Apr 10 15:25:59 openvpn 74413 ns_cert_type = 0
      Apr 10 15:25:59 openvpn 74413 crl_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 verify_x509_name = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 verify_x509_type = 0
      Apr 10 15:25:59 openvpn 74413 tls_export_cert = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 tls_verify = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 cipher_list = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 pkcs12_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 priv_key_file = '/var/etc/openvpn/client1.key'
      Apr 10 15:25:59 openvpn 74413 extra_certs_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 cert_file = '/var/etc/openvpn/client1.cert'
      Apr 10 15:25:59 openvpn 74413 dh_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 ca_path = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 ca_file = '/var/etc/openvpn/client1.ca'
      Apr 10 15:25:59 openvpn 74413 key_method = 2
      Apr 10 15:25:59 openvpn 74413 tls_client = ENABLED
      Apr 10 15:25:59 openvpn 74413 tls_server = DISABLED
      Apr 10 15:25:59 openvpn 74413 test_crypto = DISABLED
      Apr 10 15:25:59 openvpn 74413 use_iv = ENABLED
      Apr 10 15:25:59 openvpn 74413 packet_id_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 replay_time = 15
      Apr 10 15:25:59 openvpn 74413 replay_window = 64
      Apr 10 15:25:59 openvpn 74413 mute_replay_warnings = DISABLED
      Apr 10 15:25:59 openvpn 74413 replay = ENABLED
      Apr 10 15:25:59 openvpn 74413 engine = ENABLED
      Apr 10 15:25:59 openvpn 74413 keysize = 0
      Apr 10 15:25:59 openvpn 74413 prng_nonce_secret_len = 16
      Apr 10 15:25:59 openvpn 74413 prng_hash = 'SHA1'
      Apr 10 15:25:59 openvpn 74413 authname = 'SHA1'
      Apr 10 15:25:59 openvpn 74413 authname_defined = ENABLED
      Apr 10 15:25:59 openvpn 74413 ciphername = 'AES-256-CBC'
      Apr 10 15:25:59 openvpn 74413 ciphername_defined = ENABLED
      Apr 10 15:25:59 openvpn 74413 key_direction = 2
      Apr 10 15:25:59 openvpn 74413 shared_secret_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 management_flags = 256
      Apr 10 15:25:59 openvpn 74413 management_client_group = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 management_client_user = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 management_write_peer_info_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 management_echo_buffer_size = 100
      Apr 10 15:25:59 openvpn 74413 management_log_history_cache = 250
      Apr 10 15:25:59 openvpn 74413 management_user_pass = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 management_port = 0
      Apr 10 15:25:59 openvpn 74413 management_addr = '/var/etc/openvpn/client1.sock'
      Apr 10 15:25:59 openvpn 74413 [redirect_default_gateway local=0]
      Apr 10 15:25:59 openvpn 74413 allow_pull_fqdn = DISABLED
      Apr 10 15:25:59 openvpn 74413 max_routes = 100
      Apr 10 15:25:59 openvpn 74413 route_gateway_via_dhcp = DISABLED
      Apr 10 15:25:59 openvpn 74413 route_nopull = DISABLED
      Apr 10 15:25:59 openvpn 74413 route_delay_defined = ENABLED
      Apr 10 15:25:59 openvpn 74413 route_delay_window = 30
      Apr 10 15:25:59 openvpn 74413 route_delay = 5
      Apr 10 15:25:59 openvpn 74413 route_noexec = DISABLED
      Apr 10 15:25:59 openvpn 74413 route_default_metric = 0
      Apr 10 15:25:59 openvpn 74413 route_default_gateway = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 route_script = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 lzo = 7
      Apr 10 15:25:59 openvpn 74413 fast_io = DISABLED
      Apr 10 15:25:59 openvpn 74413 sockflags = 0
      Apr 10 15:25:59 openvpn 74413 sndbuf = 0
      Apr 10 15:25:59 openvpn 74413 rcvbuf = 0
      Apr 10 15:25:59 openvpn 74413 occ = ENABLED
      Apr 10 15:25:59 openvpn 74413 status_file_update_freq = 60
      Apr 10 15:25:59 openvpn 74413 status_file_version = 1
      Apr 10 15:25:59 openvpn 74413 status_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 gremlin = 0
      Apr 10 15:25:59 openvpn 74413 mute = 0
      Apr 10 15:25:59 openvpn 74413 verbosity = 4
      Apr 10 15:25:59 openvpn 74413 nice = 0
      Apr 10 15:25:59 openvpn 74413 suppress_timestamps = DISABLED
      Apr 10 15:25:59 openvpn 74413 log = DISABLED
      Apr 10 15:25:59 openvpn 74413 inetd = 0
      Apr 10 15:25:59 openvpn 74413 daemon = ENABLED
      Apr 10 15:25:59 openvpn 74413 up_delay = DISABLED
      Apr 10 15:25:59 openvpn 74413 up_restart = DISABLED
      Apr 10 15:25:59 openvpn 74413 down_pre = DISABLED
      Apr 10 15:25:59 openvpn 74413 down_script = '/usr/local/sbin/ovpn-linkdown'
      Apr 10 15:25:59 openvpn 74413 up_script = '/usr/local/sbin/ovpn-linkup'
      Apr 10 15:25:59 openvpn 74413 writepid = '/var/run/openvpn_client1.pid'
      Apr 10 15:25:59 openvpn 74413 cd_dir = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 chroot_dir = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 groupname = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 username = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 resolve_retry_seconds = 1000000000
      Apr 10 15:25:59 openvpn 74413 passtos = DISABLED
      Apr 10 15:25:59 openvpn 74413 persist_key = ENABLED
      Apr 10 15:25:59 openvpn 74413 persist_remote_ip = DISABLED
      Apr 10 15:25:59 openvpn 74413 persist_local_ip = DISABLED
      Apr 10 15:25:59 openvpn 74413 persist_tun = ENABLED
      Apr 10 15:25:59 openvpn 74413 remap_sigusr1 = 0
      Apr 10 15:25:59 openvpn 74413 ping_timer_remote = ENABLED
      Apr 10 15:25:59 openvpn 74413 ping_rec_timeout_action = 2
      Apr 10 15:25:59 openvpn 74413 ping_rec_timeout = 60
      Apr 10 15:25:59 openvpn 74413 ping_send_timeout = 10
      Apr 10 15:25:59 openvpn 74413 inactivity_timeout = 0
      Apr 10 15:25:59 openvpn 74413 keepalive_timeout = 60
      Apr 10 15:25:59 openvpn 74413 keepalive_ping = 10
      Apr 10 15:25:59 openvpn 74413 mlock = DISABLED
      Apr 10 15:25:59 openvpn 74413 mtu_test = 0
      Apr 10 15:25:59 openvpn 74413 shaper = 0
      Apr 10 15:25:59 openvpn 74413 ifconfig_ipv6_remote = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 ifconfig_ipv6_netbits = 0
      Apr 10 15:25:59 openvpn 74413 ifconfig_ipv6_local = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 ifconfig_nowarn = DISABLED
      Apr 10 15:25:59 openvpn 74413 ifconfig_noexec = DISABLED
      Apr 10 15:25:59 openvpn 74413 ifconfig_remote_netmask = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 ifconfig_local = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 tun_ipv6 = DISABLED
      Apr 10 15:25:59 openvpn 74413 topology = 1
      Apr 10 15:25:59 openvpn 74413 lladdr = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 dev_node = '/dev/tun1'
      Apr 10 15:25:59 openvpn 74413 dev_type = 'tun'
      Apr 10 15:25:59 openvpn 74413 dev = 'ovpnc1'
      Apr 10 15:25:59 openvpn 74413 ipchange = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 remote_random = DISABLED
      Apr 10 15:25:59 openvpn 74413 Connection profiles END
      Apr 10 15:25:59 openvpn 74413 explicit_exit_notification = 0
      Apr 10 15:25:59 openvpn 74413 mssfix = 1450
      Apr 10 15:25:59 openvpn 74413 fragment = 0
      Apr 10 15:25:59 openvpn 74413 mtu_discover_type = -1
      Apr 10 15:25:59 openvpn 74413 tun_mtu_extra_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 tun_mtu_extra = 0
      Apr 10 15:25:59 openvpn 74413 link_mtu_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 link_mtu = 1500
      Apr 10 15:25:59 openvpn 74413 tun_mtu_defined = ENABLED
      Apr 10 15:25:59 openvpn 74413 tun_mtu = 1500
      Apr 10 15:25:59 openvpn 74413 socks_proxy_retry = DISABLED
      Apr 10 15:25:59 openvpn 74413 socks_proxy_port = 0
      Apr 10 15:25:59 openvpn 74413 socks_proxy_server = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 connect_retry_max = 0
      Apr 10 15:25:59 openvpn 74413 connect_timeout = 10
      Apr 10 15:25:59 openvpn 74413 connect_retry_seconds = 5
      Apr 10 15:25:59 openvpn 74413 bind_local = ENABLED
      Apr 10 15:25:59 openvpn 74413 bind_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 remote_float = DISABLED
      Apr 10 15:25:59 openvpn 74413 remote_port = 443
      Apr 10 15:25:59 openvpn 74413 remote = 'nyc.tigervpn.com'
      Apr 10 15:25:59 openvpn 74413 local_port = 0
      Apr 10 15:25:59 openvpn 74413 local = '73.82.XX.XX'
      Apr 10 15:25:59 openvpn 74413 proto = tcp-client
      Apr 10 15:25:59 openvpn 74413 Connection profiles [1]:
      Apr 10 15:25:59 openvpn 74413 explicit_exit_notification = 0
      Apr 10 15:25:59 openvpn 74413 mssfix = 1450
      Apr 10 15:25:59 openvpn 74413 fragment = 0
      Apr 10 15:25:59 openvpn 74413 mtu_discover_type = -1
      Apr 10 15:25:59 openvpn 74413 tun_mtu_extra_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 tun_mtu_extra = 0
      Apr 10 15:25:59 openvpn 74413 link_mtu_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 link_mtu = 1500
      Apr 10 15:25:59 openvpn 74413 tun_mtu_defined = ENABLED
      Apr 10 15:25:59 openvpn 74413 tun_mtu = 1500
      Apr 10 15:25:59 openvpn 74413 socks_proxy_retry = DISABLED
      Apr 10 15:25:59 openvpn 74413 socks_proxy_port = 0
      Apr 10 15:25:59 openvpn 74413 socks_proxy_server = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 connect_retry_max = 0
      Apr 10 15:25:59 openvpn 74413 connect_timeout = 10
      Apr 10 15:25:59 openvpn 74413 connect_retry_seconds = 5
      Apr 10 15:25:59 openvpn 74413 bind_local = ENABLED
      Apr 10 15:25:59 openvpn 74413 bind_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 remote_float = DISABLED
      Apr 10 15:25:59 openvpn 74413 remote_port = 1194
      Apr 10 15:25:59 openvpn 74413 remote = 'nyc.tigervpn.com'
      Apr 10 15:25:59 openvpn 74413 local_port = 0
      Apr 10 15:25:59 openvpn 74413 local = '73.82.XX.XX'
      Apr 10 15:25:59 openvpn 74413 proto = udp
      Apr 10 15:25:59 openvpn 74413 Connection profiles [0]:
      Apr 10 15:25:59 openvpn 74413 explicit_exit_notification = 0
      Apr 10 15:25:59 openvpn 74413 mssfix = 1450
      Apr 10 15:25:59 openvpn 74413 fragment = 0
      Apr 10 15:25:59 openvpn 74413 mtu_discover_type = -1
      Apr 10 15:25:59 openvpn 74413 tun_mtu_extra_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 tun_mtu_extra = 0
      Apr 10 15:25:59 openvpn 74413 link_mtu_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 link_mtu = 1500
      Apr 10 15:25:59 openvpn 74413 tun_mtu_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 tun_mtu = 1500
      Apr 10 15:25:59 openvpn 74413 socks_proxy_retry = DISABLED
      Apr 10 15:25:59 openvpn 74413 socks_proxy_port = 0
      Apr 10 15:25:59 openvpn 74413 socks_proxy_server = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 connect_retry_max = 0
      Apr 10 15:25:59 openvpn 74413 connect_timeout = 10
      Apr 10 15:25:59 openvpn 74413 connect_retry_seconds = 5
      Apr 10 15:25:59 openvpn 74413 bind_local = ENABLED
      Apr 10 15:25:59 openvpn 74413 bind_defined = DISABLED
      Apr 10 15:25:59 openvpn 74413 remote_float = DISABLED
      Apr 10 15:25:59 openvpn 74413 remote_port = 1194
      Apr 10 15:25:59 openvpn 74413 remote = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 local_port = 0
      Apr 10 15:25:59 openvpn 74413 local = '73.82.XX.XX'
      Apr 10 15:25:59 openvpn 74413 proto = udp
      Apr 10 15:25:59 openvpn 74413 Connection profiles [default]:
      Apr 10 15:25:59 openvpn 74413 show_tls_ciphers = DISABLED
      Apr 10 15:25:59 openvpn 74413 key_pass_file = '[UNDEF]'
      Apr 10 15:25:59 openvpn 74413 genkey = DISABLED
      Apr 10 15:25:59 openvpn 74413 show_engines = DISABLED
      Apr 10 15:25:59 openvpn 74413 show_digests = DISABLED
      Apr 10 15:25:59 openvpn 74413 show_ciphers = DISABLED
      Apr 10 15:25:59 openvpn 74413 mode = 0
      Apr 10 15:25:59 openvpn 74413 config = '/var/etc/openvpn/client1.conf'
      Apr 10 15:25:59 openvpn 74413 Current Parameter Settings:

      1 Reply Last reply Reply Quote 0
      • J
        jelter
        last edited by

        Just wondering if you ever got this working.  I have been struggling and have tried much of the same.

        1 Reply Last reply Reply Quote 0
        • J
          jbradshw
          last edited by

          @jelter:

          Just wondering if you ever got this working.  I have been struggling and have tried much of the same.

          I actually did get this working, as far as the VPN interface getting an IP address (if you need these settings, PM me), but I can not route anything through it to the outside.

          My goal is to define specific LAN traffic to go out the interface.

          Current setup:

          WAN (Comcast): 73.82.XX.XX

          LAN: 10.0.0.0/24

          VPN IP: 100.97.0.40  Remote IP: 162.250.2.18
          Note the VPN IP changes very often, maybe once every 5 mins. Probably normal but I figured I would mention.

          I've looked over several guides on how to set up routing (created manual NAT rules, etc), but when I tell it to route all LAN traffic through the VPN interface, nothing goes out.

          When I do ping tests from withing pfSense (Diagnostics/Ping):

          WAN->VPN IP success
          LAN->VPN IP success
          VPN->WAN IP success
          VPN->LAN gateway success

          VPN->any internet IP fails
          VPN->Remote IP fails

          (Should the above two lines work?)

          Rules:

          Tiger_VPN
          Protocol: IPv4
          Source: *
          Port: *
          Destination: *
          Port: *
          Gateway: *

          OpenVPN:
          Same as above except:
          Source: LAN net
          Gateway: TIGER_VPN_VPNV4

          WAN/LAN rules: Currently nothing involving VPN

          Pending rule added to top of the list (which doesn't work - no net traffic goes out the VPN interface):

          LAN
          Protocol: IPv4 TCP
          Source: *
          Port: *
          Destination: *
          Port: *
          Gateway: TIGER_VPN_VPNV4

          It seems a lot of people are getting stuck at this point where nothing routes through the VPN interface to the internet. Just seeing if I'm missing any rules here.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.