Openvpn status on server
-
That second line is for your OpenVPN client instance, not for clients connected to your local OpenVPN server.
Those should be showing up under that first section. They always show up for me, I've never seen a client connected that didn't show up there.
-
Bother. I had the server mode set to peer/peer instead of remote access. That didn't click until I tried to connect a second client. New to OpenVPN, it's not bad once you get it sorted thru.
Thanks for all the feedback!
-
Hi,
i have to agree cubsfan. I set up a testenvironment with Openvpn PKI and 2 Sites. I followed tutorial.
Testet preshared Key and Certs…all seems to work fine :)
On client, mode "peer to peer (ssl/tls)" everythink is ok. statuspage has entry when lokal port is set.
On Server, if servermode is "peer to peer (ssl/tls)" there is no client shown in OpenVPN status!
If i switch mode to remote access (ssl/tls) client is visible there.
Is that a normal behaviour Jimp?
Cya
-
That is normal, OpenVPN's status function doesn't report peer-to-peer connections in the same way. It's a limitation of OpenVPN, I believe.
-
Ah thank u.
Nice to know. Is there a difference between these modes? Are there some problems if i use remote access in my case?
I ask because OpenVPN status on dashboard is a nice feature :)
Cya
-
It's really a difference between PKI and Shared Key, I thought. you can do site-to-site setups either way, really. Just takes a bit more work to do them with PKI.
-
With Pfsense 2.0 its about one minute more work (generate Ca + Certs -> copy to openvpn Client).
thats really not much more^^
there are 2 questions left:
1. to use auth for TLS pakets is recommeded right? I found nothing about in pfsense book.
2. engine cryptodev is automaticaly applied if option glxsb is set right?
ty
-
For PKI site-to-site you also have to setup client-specific-config entries with iroutes, and custom route statements. It's not all automatic.
cryptodev isn't active unless you put it in the custom options, I think that is still the case. I should probably add an option for that. If it were automatic, it wouldn't just be keyed on glxsb, there are plenty of other accelerators (Padlock, Hifn, etc).
-
y, ur right i forgot.
but im not sure about servermode because u dont answer my question. :)
It's really a difference between PKI and Shared Key, I thought. you can do site-to-site setups either way, really. Just takes a bit more work to do them with PKI.
plz only consider Serverside :
"peer to peer (ssl/tls)" (Openvpn status empty)
"remote access (ssl/tls)" (Openvpn status works)
both are with PKI. Its the same configuration with ca and certs, no preshared keys at all. So where is the difference?
ty
-
I'm not sure then, I'd have to track down what might be going on behind the scenes then. If you look at the openvpn config (under /var/etc/openvpn/) you might be able to see the difference in the config.
I don't think the gui in the status even checks peer-to-peer vs remote access.
-
ur right i ll check config.
"peer to peer (ssl/tls)" is 1:1 connection
"remote access (ssl/tls)" is 1:n connection, so u need to use remote access for 3 sites and more i think, i ll test it.
good night.
thx for replies
