PfSense OpenVPN Server and Tomato OpenVPN Client
-
Thank you for your response. I will double check this when I get home. I do remember though that the Firewall had an OpenVPN tab and if memory serves me correctly, it had an allow everything rule. I am a little new with pfSense and had previously had been using Astaro Gateway (until they changed the home license to not include a Site-to-site VPN setup).
Then again I flubbed up on the phone VLAN by using only TCP/UDP traffic and not Any which I found later because of an issue with one of the phones trying to contact a server in the Management VLAN. Figured that one out!
Again thanks, and I'll get back to this.
DJ
-
One more thing that might be worth mentioning. I CAN get the tunnel to work by having tomato use a NAT on it, but then it doesn't route back through.
DJ
-
Have you tried to check the "Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)." button? Never liked the net30 thing.
-
Doktornotor,
I have never heard of those options. Where would I look for them? Please let me know.
DJ
-
I have never heard of those options. Where would I look for them? Please let me know.
Well, in the OpenVPN server configuration on your pfSense box. At least it's definitely there with 2.1RCs.
-
Its in 2.03 also.
-
I am sending you what I have on the VPN page. I don't see that option. I also checked on the Firewall and it is showing that its allowing everything.
http://www.elkosupertech.com/f/pfsense.elkosupertech.pdf?attredirects=0&d=1
I made the change of adding the Virtual address option but still it's not working.
DJ
-
No option for topology…
What version pfsense? -
2.0.3-RELEASE (amd64)
DJ
-
Thats exactly what I'm using.
Hmmm - Must be you get different options when setting up a point to point tunnel not using a wizard. -
I did use the Wizard for this. My original post shows the options I selected when I set this up. I am thinking of redoing the setup but they didn't recommend those options. Would you tell me what options I should select or any other changes that should be made?
DJ
-
I take it back - I don't have that topology option either. Not sure what I was thinking earlier.
I have two of those but not the topology one. -
Did you set up rules on the firewall to allow/pass Openvpn to anywhere?
-
I take it back - I don't have that topology option either. Not sure what I was thinking earlier.
I have two of those but not the topology one.Important note: You MUST use device type tun, NOT tap. Otherwise the option is just not there. (Read the OVPN docs for details.)
-
Yeah - I definitely thought I saw that option before and now I definitely know I don't in my 2.03
I'm looking at my TUN tunnels that are up and working. Odd. I must have been mistaken. -
As far as I can tell, OpenVPN's settings on the Firewall are set to allow all.
-
The last time I had to config Tomato as a client it had a quirk where, for whatever reason, I had to add this to the Tomato client config:
keepalive 10 60 ping-timer-remAnd then it started connecting and working as expected.
Other than that it was a fairly standard static key config, nothing too special.
-
I have entered this on the Tomato side and still no joy. Any other suggestions?
DJ
-
Get in touch with Tomato guys… DD-WRT had OpenVPN buggy as hell more often than not, I doubt it's any better with Tomato.
-
When pfsense is connected to something else and its broken, I get the feeling that people don't come here because they feel its a pfsense issue. I think they come here because no one will answer their questions in other places. haha.
