Setting up OpenVPN
-
What is your local network? Mine is 192.168.1.0/24 What is yours?? Is it really 10.0.8.192/26 ??
What are the IPs addresses of your vms? What is the LAN IP / Network of pfsense? Did you change it from
LAN 10.0.0.1 / 8
If not your tunnel still falls into it.
-
The local network at home is 192.168.1.0/24.
The local network for the vm's is 10.0.0.1/8.I think it's getting clearer. You mean the local network in OpenVPN has to be the same like the lokal network for pfsense?
So I would need to change the local networks to 10.0.1.0/24 and the tunnel to 10.0.200.0/24?
-
All your networks need to have different subnet address ranges (not overlapping). Even the remote network that the Road Warrior is connected to should have a different subnet,
Home LAN subnet: 192.168.1.0/24
Servers at home subnet: 10.0.1.0/24
OpenVPN tunnel: 10.0.200.0/24That will work fine. Your router's server LAN address could be 10.0.1.1 and servers can then be 10.0.1.2, 10.0.1.3 etc.
When the tunnel establishes, its ends will be given addresses like 10.0.200.1, 10.0.200.2 (maybe 10.0.200.5 and 10.0.200.6 will appear actually, OpenVPN will take care of allocating those itself as Road Warrior/s connect).If you also want to allow Road Warriors to connect to Home LAN in future, then you might find that a Road Warrior will often be on a WiFi net somewhere that already uses 192.168.1.0/24 (that is a popular default). You could change Home LAN to something less popular - 192.168.n.0/24 where n is a random number up to 255, or some 10.n.n.0/24 network.
-
Hi
Thanks for helping, but this still doesn't work. I have now all networks configured like in your example.
Here the screenshots:WAN:
LAN:
OpenVPN:
Is this even correct configured in the tunnel settings?
If I try to connect to pfsense (192.168.1.20), there's nothing visible in the status page of OpenVPN and the client aborts with the same error like in the first post.
-
where are you trying to connect from?
-
I'm trying to connect from my PC 192.168.1.8.
-
can you ping pfsense wan IP? allow for it in wan rules on pfsense.
Looks like you don't have connectivity even. Sniff on pfsense wan – do you see the packets?
-
Yes, I can ping pfsense and also establish a connection with telnet when I changed to TCP (just for testing).
I could get it running now with disabling "TLS Authentication" but still with a server certificate. Maybe something is wrong with the certificate…
I also had to set the "Local Network" to 10.0.1.0/24 so I could access the VM's. -
did you run through the wizard - this should of walked through creating the certs.
I sniff on pfsense to see if you see the udp packets - there might be something weird going on their with the vswitch? Are you in promiscuous mode.
-
I created the certs but independent from the wizard. Maybe there went something wrong…
I will try it the next few days again and notify about the result.