Client DHCP Address trouble
-
I have a problem with openVPN on pfSense 1.2.3 and mac clients (all i've tried so far). The client says the openVPN connection is established successfully, but I cant see any traffic going though the VPN tunnel. Either the traffic goes as normal (not though the tun/tap interface), or it does not work.
I'm running openVPN with PKI, all keys/certs are created and I don't think the problem is there. The problem seems to be in client IP addresses and default gateway settings. I've specified a 10.0.1.0/24 network for clients and checked the "dynamic IP" checkbox. Accoring to the instruction I read this seems to enable DHCP for clients, although the explination for this checkbox seems to have changed in more recent version of pfsense. I've also entered 'push "redirect-gateway def1"' into the options field.
This is the log from the client:
Wed Oct 28 13:59:33 2009: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Oct 28 13:59:33 2009: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Wed Oct 28 13:59:33 2009: LZO compression initialized Wed Oct 28 13:59:33 2009: TUN/TAP device /dev/tun0 opened Wed Oct 28 13:59:33 2009: /Applications/Viscosity.app/Contents/Resources/dnsup.py tun0 1500 1544 init Wed Oct 28 13:59:33 2009: Attempting to establish TCP connection with <ip>:1194 [nonblock] Wed Oct 28 13:59:34 2009: TCP connection established with <ip>:1194 Wed Oct 28 13:59:34 2009: TCPv4_CLIENT link local: [undef] Wed Oct 28 13:59:34 2009: TCPv4_CLIENT link remote: <ip>:1194 Wed Oct 28 13:59:34 2009: [server] Peer Connection Initiated with <ip>:1194 Wed Oct 28 13:59:36 2009: Initialization Sequence Completed</ip></ip></ip></ip>
The VPN appears to be up, but no traffic is going though the tunnel. The tap0 interface has no IP:
macbook#ifconfig tun0: flags=8850 <pointopoint,running,simplex,multicast>mtu 1500 open (pid 7475)</pointopoint,running,simplex,multicast>
Shouldn't here be a DHCP address here?
In the openVPN client (Viscosity) I can check "Send all traffic though VPN connection", and an IP address can be filled in. I've tried various settings here, nothing seems to work.
The server log looks like this:
Oct 28 12:14:28 openvpn[2145]: Re-using SSL/TLS context Oct 28 12:14:28 openvpn[2145]: LZO compression initialized Oct 28 12:14:28 openvpn[2145]: TCP connection established with 193.10.30.13:61080 Oct 28 12:14:28 openvpn[2145]: TCPv4_SERVER link local: [undef] Oct 28 12:14:28 openvpn[2145]: TCPv4_SERVER link remote: 193.10.30.13:61080 Oct 28 12:14:30 openvpn[2145]: 193.10.30.13:61080 [client1] Peer Connection Initiated with 193.10.30.13:61080
Routing table on client after VPN Connection establishment:
MacBook:~ ecce$ netstat -nr Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 193.10.30.1 UGSc 19 0 en1 127 127.0.0.1 UCS 0 0 lo0 127.0.0.1 127.0.0.1 UH 2 22527 lo0 169.254 link#5 UCS 0 0 en1 193.10.30 link#5 UCS 1 0 en1 193.10.30.1 0:0:c:7:ac:af UHLWI 9 0 en1 651 193.10.30.13 127.0.0.1 UHS 0 0 lo0
Any idea on what's wrong here?
-
I've made some progress. The problem above still exists, but when I tried on a Windows machine I got a IP address via DHCP. However I can only connect to machines in the VPN Server network, on their public IP addresses. The client gets IP address 10.0.1.6/30 and default gateway is set to 10.0.1.5. Seems fine. The openVPN client is all green, and no error messages in the log file either on the server or client.
I cannot:
- Ping my gateway, 10.0.1.5
- Connect to any machine on internet except the ones in the VPN server network (public IPs)
I can:
- connect to pfsense machine via HTTPS
- connect to another webserver in the same public network as the pfsense server
- make DNS req to the DNS server, also in the same network as the pfsense server
I have Outbound NAT (AON) for 10.0.1.0/28 to WAN interface address.