Server OPENVPN Server problem
-
wholly smoke !!!! it works !!!
In the future if I add any static route under SYSTEM>STATIC ROUTES on the client or server side is that going to affect tun0 again?
Thank You for your help.
-
Only if the routes you add overlap the networks you want to use the VPN.
-
understand
Thank You very much for your help.
-
is that ok If I ask one more question based on the routing?
-
Never ask to ask - just ask. If you think it would get buried in a thread, just start a new thread. It's a community, everyone can help. :-)
-
Simply just do not want to be like rest of ….. begging ..... asking .... pushy .... etc....
1. I have added to my scenario DD-WRT with OPenVpn and simply connected using SHARED KEY (easiest one) so now it looks like:
DDWRT ------ OpenVPN 10.0.7.0/30-----PFSENCE A 1.2.3-------OpenVpn 10.0.8.0/30-------PFSENCE B 1.2.3
192.168.1.1 192.168.99.1 192.168.10.1So clients behind DDWRT and PFSENCE A can ping each other and clients between PFSENCE A and PFSENCE B. What static route should I add (if any) and does it have to be under SYSTEM (STATIC ROUTES) in PFSENCE and respectively in DDWRT to be able ping clients behind DD_WRT and PFSENCE B?
Or just extra line with route "X.X.X.X MASK" to each Open VPN client like in DDWRT:
remote X.X.X.X
port
proto udp
dev tun
ifconfig 10.0.7.1 10.0.7.2
route 192.168.99.0 255.255.255.0
ROUTE 192.168.10.0 255.255.255.0 ???????????????
secret /tmp/static.key
ping 10AND PFSENCE B:
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
ifconfig 10.0.8.1 10.0.8.2
lport
push "dhcp-option DISABLE-NBT"
route 192.168.99.0 255.255.255.0
ROUTE 192.168.1.0 255.255.255.0 ???????????????????????
secret /var/etc/openvpn_server0.secret
comp-lzo
persist-remote-ip
float
comp-lzo
cipher AES-128-CBC
verb 3
mute 102. I see that PFSENCE 1.2.3 does not have TLS_AUTH option in GUI so If I just add in server/client file config --- will it work? Or have to fallow this link http://forum.pfsense.org/index.php/topic,2747.msg16214.html#msg16214 (does it applied to 1.2.3 ?)
I have added 2nd question and this is not a good sign ...... :)
-
On pfSense B, add "route 192.168.1.1 255.255.255.0;" to the custom options.
On DD-WRT, it needs "route 192.168.10.1 255.255.255.0;" - That should be all you need.As for TLS on 1.2.3, I'm not sure what all you need. I've never tried it (I only use 2.0 these days) - but if someone has a howto, it may work.
-
Thank You, this is all what I needed in this topic and got even more answers than I expected.
-
have answer to my question regarding TLS-AUTH
simply go to PACKAGE MANAGER and install OpenVPN-Enhancements (TLS-auth and client/server-options)
unfortunately, it cannot be uninstall-ed later so do not know if affects anything …..
Cheers,
-
regarding the static routing ….
I can ping from XP client behind PFSENCE B DD_WRT and vice versa, but cannot ping any client behind ddwrt like XP .... (after turning off local firewall)
XP1 ----DDWRT------PFSENCEA-------PFSENCEB------XP2 so XP1 cannot ping XP2 and vice versa.
Could be missing gateway on DD-wrt? there is setup IP 192.168.1.1 mask: /24 but no default gateway .....
