Using a vpn internet gateway ?
-
Hello.
After 2 day of search i have to come here to ask for help.
I have a router with a wan to the internet.
a lan on one subnet with dhcp
a wlan with another subnet and his own dhcp.
Is there a way to do something that the routeur connects to a pptp internet vpn gateway and all user that connect to the routeur by wlan goes to the internet by the pptp vpn ?
Thank you for your help my friend.
Sorry for my english, i don't speak very good english.
-
You can do this with OpenVPN and the Redirect Gateway (Force all client generated traffic through the tunnel.) option. Just have to setup the NAT on the server side of the tunnel to NAT traffic out to the internet. I did this at a remote site once to bypass the building's onsite network that was filtered and not under my control. When the tunnel is down on the client side users use the local internet and when the link comes up traffic is redirected over the tunnel.
-
hello.
thank you for your answer.
where is the redirect gateway ? i don't find it !!!
i can not do the same thing with pptp ?
Thank you.
-
Didn't you notice the sticky in this forum? http://forum.pfsense.org/index.php/topic,29944.0.html
Should be almost the same with other VPN types…
-
thank you for your answer.
But i don't find the pptp client in pfsense…
-
You need to add a PPTP interface as a 2nd 'WAN'.
This should fall under Interfaces -> Assign -> PPP -> Add new (plus sign).
Once you've this PPTP connection setup, you need to edit the NAT rules section and use Advance outbound NAT.
You will see a default "Auto created rule for LAN to WAN". Clone this rule by clicking the "+" sign beside it.
Now, change the 'Interface' to the interface you created for the PPTP connection.
Then change the source subnet to the WLAN subnet.
Lastly, rename the description to "Rule for WLAN to PPTP"Now, after clicking ok, you will see the rule below the "Auto created rule for LAN to WAN" rule. Check the box to the left of this rule and then move it above the "Auto created rule for LAN to WAN" by clicking the left arrow triangle sign.
-
Thank you for your help.
But i have a first problem.
When i set the login, password, source (my wan ip) and remote adress of the vpn in the pptp interface.
I go to the status of interfaces.
I click on connect and i can not get to connect to the pptp vpn.
But when i try to connect with my win 7 pc wich is behin the same router than my pfsense server. It connect to the vpn without any probleme.
Do you have an idea ?
Thank you
-
Hello.
i also tried to connect on an openvpn vpn server that is https://www.vpntunnel.se/en/ using this sticky post : http://forum.pfsense.org/index.php/topic,29944.0.html
but i couldn't because in the tutorial it need a private key and the vpn server does not provide a private key as you can see here :
http://www.vpntunnel.se/howto/linux.pdfsomeone can tell me how to use the tutorial without private key ?
Thank you.
-
You have also got a private key….you always need a private key for your connection...
I tested vpntunnel.se a couple of months ago but they were way too slow...
-
and where do i find this private key ?
they don't talk about it in the conf pdf file….
-
nobody can help me ?
-
Try the instructions in this post
http://forum.pfsense.org/index.php?topic=28969.0Worked fine for me with vpntunnel.se
-
thank you for your help.
i made everything on the post but i don't have the "Direct-gateway def1" log.
here is my log.
the /conf/openvpn-auth.conf file exist and have a chmod 777 i checked it.
Do you know what can be the problem ?
Thank you
Jun 6 20:06:22 openvpn[11951]: Exiting Jun 6 20:06:22 openvpn[11951]: Error opening 'Auth' auth file: /conf/openvpn-auth.conf: No such file or directory (errno=2) Jun 6 20:06:22 openvpn[11951]: WARNING: cannot stat file '/conf/openvpn-auth.conf': No such file or directory (errno=2) Jun 6 20:06:22 openvpn[11951]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Jun 6 20:06:22 openvpn[11951]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on May 18 2011 Jun 6 20:06:22 openvpn[11951]: auth_user_pass_file = '/conf/openvpn-auth.conf' Jun 6 20:06:22 openvpn[11951]: pull = ENABLED Jun 6 20:06:22 openvpn[11951]: client = ENABLED Jun 6 20:06:22 openvpn[11951]: port_share_port = 0 Jun 6 20:06:22 openvpn[11951]: port_share_host = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ssl_flags = 0 Jun 6 20:06:22 openvpn[11951]: auth_user_pass_verify_script_via_file = DISABLED Jun 6 20:06:22 openvpn[11951]: auth_user_pass_verify_script = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: max_routes_per_client = 256 Jun 6 20:06:22 openvpn[11951]: max_clients = 1024 Jun 6 20:06:22 openvpn[11951]: cf_per = 0 Jun 6 20:06:22 openvpn[11951]: cf_max = 0 Jun 6 20:06:22 openvpn[11951]: duplicate_cn = DISABLED Jun 6 20:06:22 openvpn[11951]: enable_c2c = DISABLED Jun 6 20:06:22 openvpn[11951]: push_ifconfig_ipv6_remote = :: Jun 6 20:06:22 openvpn[11951]: push_ifconfig_ipv6_local = ::/0 Jun 6 20:06:22 openvpn[11951]: push_ifconfig_ipv6_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: push_ifconfig_remote_netmask = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: push_ifconfig_local = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: push_ifconfig_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: tmp_dir = '/tmp' Jun 6 20:06:22 openvpn[11951]: ccd_exclusive = DISABLED Jun 6 20:06:22 openvpn[11951]: client_config_dir = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: client_disconnect_script = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: learn_address_script = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: client_connect_script = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: virtual_hash_size = 256 Jun 6 20:06:22 openvpn[11951]: real_hash_size = 256 Jun 6 20:06:22 openvpn[11951]: tcp_queue_limit = 64 Jun 6 20:06:22 openvpn[11951]: n_bcast_buf = 256 Jun 6 20:06:22 openvpn[11951]: ifconfig_ipv6_pool_netbits = 0 Jun 6 20:06:22 openvpn[11951]: ifconfig_ipv6_pool_base = :: Jun 6 20:06:22 openvpn[11951]: ifconfig_ipv6_pool_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: ifconfig_pool_persist_refresh_freq = 600 Jun 6 20:06:22 openvpn[11951]: ifconfig_pool_persist_filename = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ifconfig_pool_netmask = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: ifconfig_pool_end = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: ifconfig_pool_start = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: ifconfig_pool_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: server_bridge_pool_end = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: server_bridge_pool_start = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: server_bridge_netmask = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: server_bridge_ip = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: server_netbits_ipv6 = 0 Jun 6 20:06:22 openvpn[11951]: server_network_ipv6 = :: Jun 6 20:06:22 openvpn[11951]: server_netmask = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: server_network = 0.0.0.0 Jun 6 20:06:22 openvpn[11951]: tls_auth_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: tls_exit = DISABLED Jun 6 20:06:22 openvpn[11951]: push_peer_info = DISABLED Jun 6 20:06:22 openvpn[11951]: single_session = DISABLED Jun 6 20:06:22 openvpn[11951]: transition_window = 3600 Jun 6 20:06:22 openvpn[11951]: handshake_window = 60 Jun 6 20:06:22 openvpn[11951]: renegotiate_seconds = 3600 Jun 6 20:06:22 openvpn[11951]: renegotiate_packets = 0 Jun 6 20:06:22 openvpn[11951]: renegotiate_bytes = 0 Jun 6 20:06:22 openvpn[11951]: tls_timeout = 2 Jun 6 20:06:22 openvpn[11951]: remote_cert_eku = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: remote_cert_ku[i] = 0 Jun 6 20:06:22 openvpn[11951]: ns_cert_type = 0 Jun 6 20:06:22 openvpn[11951]: crl_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: tls_remote = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: tls_export_cert = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: tls_verify = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: cipher_list = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: pkcs12_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: priv_key_file = '/var/etc/openvpn/client1.key' Jun 6 20:06:22 openvpn[11951]: cert_file = '/var/etc/openvpn/client1.cert' Jun 6 20:06:22 openvpn[11951]: dh_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ca_path = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ca_file = '/var/etc/openvpn/client1.ca' Jun 6 20:06:22 openvpn[11951]: key_method = 2 Jun 6 20:06:22 openvpn[11951]: tls_client = ENABLED Jun 6 20:06:22 openvpn[11951]: tls_server = DISABLED Jun 6 20:06:22 openvpn[11951]: test_crypto = DISABLED Jun 6 20:06:22 openvpn[11951]: use_iv = ENABLED Jun 6 20:06:22 openvpn[11951]: packet_id_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: replay_time = 15 Jun 6 20:06:22 openvpn[11951]: replay_window = 64 Jun 6 20:06:22 openvpn[11951]: mute_replay_warnings = DISABLED Jun 6 20:06:22 openvpn[11951]: replay = ENABLED Jun 6 20:06:22 openvpn[11951]: engine = DISABLED Jun 6 20:06:22 openvpn[11951]: keysize = 0 Jun 6 20:06:22 openvpn[11951]: prng_nonce_secret_len = 16 Jun 6 20:06:22 openvpn[11951]: prng_hash = 'SHA1' Jun 6 20:06:22 openvpn[11951]: authname = 'SHA1' Jun 6 20:06:22 openvpn[11951]: authname_defined = ENABLED Jun 6 20:06:22 openvpn[11951]: ciphername = 'BF-CBC' Jun 6 20:06:22 openvpn[11951]: ciphername_defined = ENABLED Jun 6 20:06:22 openvpn[11951]: key_direction = 0 Jun 6 20:06:22 openvpn[11951]: shared_secret_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: management_flags = 256 Jun 6 20:06:22 openvpn[11951]: management_client_group = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: management_client_user = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: management_write_peer_info_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: management_echo_buffer_size = 100 Jun 6 20:06:22 openvpn[11951]: management_log_history_cache = 250 Jun 6 20:06:22 openvpn[11951]: management_user_pass = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: management_port = 0 Jun 6 20:06:22 openvpn[11951]: management_addr = '/var/etc/openvpn/client1.sock' Jun 6 20:06:22 openvpn[11951]: allow_pull_fqdn = DISABLED Jun 6 20:06:22 openvpn[11951]: max_routes = 100 Jun 6 20:06:22 openvpn[11951]: route_gateway_via_dhcp = DISABLED Jun 6 20:06:22 openvpn[11951]: route_nopull = DISABLED Jun 6 20:06:22 openvpn[11951]: route_delay_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: route_delay_window = 30 Jun 6 20:06:22 openvpn[11951]: route_delay = 0 Jun 6 20:06:22 openvpn[11951]: route_noexec = DISABLED Jun 6 20:06:22 openvpn[11951]: route_default_metric = 0 Jun 6 20:06:22 openvpn[11951]: route_default_gateway = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: route_script = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: lzo = 7 Jun 6 20:06:22 openvpn[11951]: fast_io = DISABLED Jun 6 20:06:22 openvpn[11951]: sockflags = 0 Jun 6 20:06:22 openvpn[11951]: sndbuf = 65536 Jun 6 20:06:22 openvpn[11951]: rcvbuf = 65536 Jun 6 20:06:22 openvpn[11951]: occ = ENABLED Jun 6 20:06:22 openvpn[11951]: status_file_update_freq = 60 Jun 6 20:06:22 openvpn[11951]: status_file_version = 1 Jun 6 20:06:22 openvpn[11951]: status_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: gremlin = 0 Jun 6 20:06:22 openvpn[11951]: mute = 0 Jun 6 20:06:22 openvpn[11951]: verbosity = 5 Jun 6 20:06:22 openvpn[11951]: nice = 0 Jun 6 20:06:22 openvpn[11951]: suppress_timestamps = DISABLED Jun 6 20:06:22 openvpn[11951]: log = DISABLED Jun 6 20:06:22 openvpn[11951]: inetd = 0 Jun 6 20:06:22 openvpn[11951]: daemon = ENABLED Jun 6 20:06:22 openvpn[11951]: up_delay = DISABLED Jun 6 20:06:22 openvpn[11951]: up_restart = DISABLED Jun 6 20:06:22 openvpn[11951]: down_pre = DISABLED Jun 6 20:06:22 openvpn[11951]: down_script = '/usr/local/sbin/ovpn-linkdown' Jun 6 20:06:22 openvpn[11951]: up_script = '/usr/local/sbin/ovpn-linkup' Jun 6 20:06:22 openvpn[11951]: writepid = '/var/run/openvpn_client1.pid' Jun 6 20:06:22 openvpn[11951]: cd_dir = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: chroot_dir = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: groupname = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: username = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: resolve_retry_seconds = 1000000000 Jun 6 20:06:22 openvpn[11951]: passtos = DISABLED Jun 6 20:06:22 openvpn[11951]: mssfix = 1450 Jun 6 20:06:22 openvpn[11951]: persist_key = ENABLED Jun 6 20:06:22 openvpn[11951]: persist_remote_ip = DISABLED Jun 6 20:06:22 openvpn[11951]: persist_local_ip = DISABLED Jun 6 20:06:22 openvpn[11951]: persist_tun = ENABLED Jun 6 20:06:22 openvpn[11951]: explicit_exit_notification = 0 Jun 6 20:06:22 openvpn[11951]: remap_sigusr1 = 0 Jun 6 20:06:22 openvpn[11951]: ping_timer_remote = ENABLED Jun 6 20:06:22 openvpn[11951]: ping_rec_timeout_action = 2 Jun 6 20:06:22 openvpn[11951]: ping_rec_timeout = 60 Jun 6 20:06:22 openvpn[11951]: ping_send_timeout = 10 Jun 6 20:06:22 openvpn[11951]: inactivity_timeout = 0 Jun 6 20:06:22 openvpn[11951]: keepalive_timeout = 60 Jun 6 20:06:22 openvpn[11951]: keepalive_ping = 10 Jun 6 20:06:22 openvpn[11951]: mlock = DISABLED Jun 6 20:06:22 openvpn[11951]: mtu_test = 0 Jun 6 20:06:22 openvpn[11951]: mtu_discover_type = -1 Jun 6 20:06:22 openvpn[11951]: fragment = 0 Jun 6 20:06:22 openvpn[11951]: tun_mtu_extra_defined = ENABLED Jun 6 20:06:22 openvpn[11951]: tun_mtu_extra = 32 Jun 6 20:06:22 openvpn[11951]: link_mtu_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: link_mtu = 1500 Jun 6 20:06:22 openvpn[11951]: tun_mtu_defined = ENABLED Jun 6 20:06:22 openvpn[11951]: tun_mtu = 1500 Jun 6 20:06:22 openvpn[11951]: shaper = 0 Jun 6 20:06:22 openvpn[11951]: ifconfig_ipv6_remote = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ifconfig_ipv6_netbits = 0 Jun 6 20:06:22 openvpn[11951]: ifconfig_ipv6_local = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ifconfig_nowarn = DISABLED Jun 6 20:06:22 openvpn[11951]: ifconfig_noexec = DISABLED Jun 6 20:06:22 openvpn[11951]: ifconfig_remote_netmask = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: ifconfig_local = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: tun_ipv6 = DISABLED Jun 6 20:06:22 openvpn[11951]: topology = 1 Jun 6 20:06:22 openvpn[11951]: lladdr = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: dev_node = '/dev/tap1' Jun 6 20:06:22 openvpn[11951]: dev_type = 'tap' Jun 6 20:06:22 openvpn[11951]: dev = 'ovpnc1' Jun 6 20:06:22 openvpn[11951]: ipchange = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: remote_random = DISABLED Jun 6 20:06:22 openvpn[11951]: Connection profiles END Jun 6 20:06:22 openvpn[11951]: socks_proxy_retry = DISABLED Jun 6 20:06:22 openvpn[11951]: socks_proxy_port = 0 Jun 6 20:06:22 openvpn[11951]: socks_proxy_server = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: connect_retry_max = 0 Jun 6 20:06:22 openvpn[11951]: connect_timeout = 10 Jun 6 20:06:22 openvpn[11951]: connect_retry_seconds = 5 Jun 6 20:06:22 openvpn[11951]: bind_local = ENABLED Jun 6 20:06:22 openvpn[11951]: bind_defined = DISABLED Jun 6 20:06:22 openvpn[11951]: remote_float = ENABLED Jun 6 20:06:22 openvpn[11951]: remote_port = 10010 Jun 6 20:06:22 openvpn[11951]: remote = 'melissa.vpntunnel.se' Jun 6 20:06:22 openvpn[11951]: local_port = 50011 Jun 6 20:06:22 openvpn[11951]: local = '192.168.1.63' Jun 6 20:06:22 openvpn[11951]: proto = udp Jun 6 20:06:22 openvpn[11951]: Connection profiles [default]: Jun 6 20:06:22 openvpn[11951]: show_tls_ciphers = DISABLED Jun 6 20:06:22 openvpn[11951]: key_pass_file = '[UNDEF]' Jun 6 20:06:22 openvpn[11951]: genkey = DISABLED Jun 6 20:06:22 openvpn[11951]: show_engines = DISABLED Jun 6 20:06:22 openvpn[11951]: show_digests = DISABLED Jun 6 20:06:22 openvpn[11951]: show_ciphers = DISABLED Jun 6 20:06:22 openvpn[11951]: mode = 0 Jun 6 20:06:22 openvpn[11951]: config = '/var/etc/openvpn/client1.conf' Jun 6 20:06:22 openvpn[11951]: Current Parameter Settings: [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i] -
Well I'm a complete novice but did you follow step 2 correctly?
Looks like it is saying it can't find the file containing your user name and password.Step 2: Configure your username/password
1. Navigate to Diagnostics -> Edit file
2. Write /conf/openvpn-auth.conf in the “Save/Load from path” field
3. Add your username to the first line, and your password on the second, and press save. It should look like this:USERNAME
PASSWORD -
thank you for your answer.
but as i edited my post after.
the file exist.
[2.0-RC2][root@pfsense.localdomain]/conf(11): ls /conf backup config.xml openvpn-auth.confand is chmod 777
i don't understand.
(it is in red when i do a ls do you know why ?)
-
i just recreated the file with vi and it is perfectly working.
Thank you thank you thank you thank you
-
No problem. Glad it is working.
Only created an account to post that link :) -
While it is working…
i have always this error on the openvpn log
someone know what this means ?
TLS Error: local/remote TLS keys are out of sync
Thank you
-
I just went into similar problem:
"TLS Error: local/remote TLS keys are out of sync: "
version: 2.0-RC3 (i386) built on Mon Jul 4 16:48:37 EDT 2011
using OpenVPN + Remote Access (user auth) + UDP tun
I used that before, so issue seems to be related to latest snapshot.
This sometimes causes client disconnection.