OpenVPN server.crt is always blank - Also, what ports should be opened for VPN?
-
You still have to install the OpenVPN installer exporter as a package, but yeah it can do that too.
I think that was due to licensing/redistribution issues, but I don't recall for certain.
-
Oh, this comes from the OpenVPN client on Windows side. When I try to connect this is the error I get.
I don't have the luxury of installing 2.0 as the router is in production on a phone system and that if 2.0 is beta I really can't have the client as a guinea pig to test it (down time = lost client).
Thanks,
Bruce -
If that error is from the client then it has nothing to do with the pfSense install and it suggests that your client install is broken.ย What client version did you install, what operating system did you install it on and where did you download it from?
-
OpenVPN GUI Client 1.5.5. It's installed on Windows 7 operating system. Is there any better client you would suggest for Windows?
Thanks
-
That's rather old.
Use this one:
http://openvpn.net/release/openvpn-2.1.2-install.exeJust be sure to run it as admin on Windows 7.
-
Thanks, that worked.
How many OpenVPN connections are safe to make to a 512mbps connection using an Alix board? I don't want to overload either the board cpu or go over my limit of bandwidth which will degrade voice quality as we have about 5 channels of ULAW (g711) SIP running on this box at any time.
More importantly, I am concerned about hardware limits.
Thanks again
-
512mbps or 512kbps?
An ALIX can only handle about 85Mbps without encryption, and maybe about 18Mbps with OpenVPN using the crypto chip on the ALIX. See here: http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported
-
And note that PPS (packets per second) is possibly more significant than raw throughput.
-
Sorry, that's 512kbps. So, I guess on such low bandwidth there is no hardware limit.
1- If there are 5 simultaneous OpenVPN connections does the Alix2D3 handle that fine? in terms of cpu power I mean?
2- Also, now that the connection is established. I would only want the user that has connected to have access to port 443 TCP, 4445 TCP, and 4569 UDP only to one specific host within the LAN network and not to be able to browse internet through the OpenVPN. What do I have to do on the pfSense side to limit this and also what do I have to do on the Windows side so that only requests to a certain IP is routed to the OpenVPN connection and others are handled by the NIC card on the Windows (which is connected an ISP totally separate from pfSense).
You folks have been of great help.
Thanks,
-
1. Shouldn't matter with that little bandwidth. Bandwidth matters more than concurrent connections.
2. You need firewall rules for OpenVPN, which don't exist on 1.2.3. 2.0 can filter out of the box.ย 1.2.3 can do it but it takes some work: http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3
Even without that, it won't get access to browse out the Internet from there without you adding an outbound NAT rule, so that should be safe.
-
Thanks very much.
But I guess I can limit the OpenVPN network of 192.168.200.0/24 to only one specific host in Firewall > Rules > LAN ???
Thanks
-
I have locked myself out but I have OpenVPN access. I am just doing console to the box and option 14 tells me that sshd is enabled. But when I try to reach the box with ssh 192.168.1.1 I can't get any response.
I have checked and iptables -L doesn't exist either.
How can I get this router to accept my HTTPs and SSH requests?
What commands specifically?
Thanks
