Need help to setup openvpn Server on port 1195

fosiul

HI
I am following this article to setup openvpn on port 1195

http://forum.pfsense.org/index.php?topic=7840.0
but i have few confusion

Address pool: 192.168.200.0/24 (it should be a network that you DONT currently use)
Local Network: 192.168.1.0/24 or whatever the network is that you want the VPN client to connect to !!UPDATE: Note to add this value you need to first add the

so i did :

Address pool: 192.168.200.0/24
Local Network:/24

NOw on 32, its saying to setup rules for LAN

so i chose

Actions :pass
Interface : LAN
protocol : ANY
Source : Type : NETwork , ADdress:192.168.200.0/24
Desti : ANY

what i put in LAN rules, is that Ok ??

but i cant connect , its looks like , client cant even enter to port 1195, in firewall, i chose to LOG packets, but its looks like, nothing coming in via port 1195

Thanks for your help

GruensFroeschli

Rules on the LAN interface are for traffic on the LAN interface.

What you want is to create a rule on the WAN interface.
Allow on WAN
Source: any,
Sourceport: any
Destination: WAN-address
Destinationport: 1195

fosiul

HI thanks
So that means , i dont need to create  setup rules for LAN, only WAN rules will be enough, is not it ??

NOw when i am connecting from my computer to openvpn , its stuck here, it does not go any more further

Fri Aug 13 18:22:55 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Aug 13 18:22:55 2010 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Fri Aug 13 18:22:55 2010 LZO compression initialized
Fri Aug 13 18:22:55 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Aug 13 18:22:55 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Aug 13 18:22:55 2010 Local Options hash (VER=V4): '41690919'
Fri Aug 13 18:22:55 2010 Expected Remote Options hash (VER=V4): '530fdded'
Fri Aug 13 18:22:55 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Aug 13 18:22:55 2010 UDPv4 link local: [undef]
Fri Aug 13 18:22:55 2010 UDPv4 link remote: xx.xx.xx.xx:1195

does  not it mean, firewall still blocking ??

Thanks for your help

GruensFroeschli

Please show the config from your server and from your client.

fosiul

hi thanks
i configures openvpn via gui as said into that article.
From where will get config file from server. Which location

Thanks

fosiul

Hi please help me out…

this is the config

openvpn_client0.ca        openvpn_client0.cert          
openvpn_client0.conf           openvpn_client0.key

openvpn_csc
           openvpn_server0.ca
                         openvpn_server0.cert
                    openvpn_server0.conf
    openvpn_server0.dh
                      openvpn_server0.key

Server config file :

cat openvpn_server0.conf

writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 192.168.200.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route
lport 1195
push "dhcp-option DISABLE-NBT"
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float

And the Client config file :

client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1195
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mycrt.crt
key mycrt.key
ns-cert-type server
comp-lzo
pull
verb 3

what i am doing wrong ??
thanks

fosiul

its working.