PfSense OpenVPN Server and Tomato OpenVPN Client
-
I am sending you what I have on the VPN page. I don't see that option. I also checked on the Firewall and it is showing that its allowing everything.
http://www.elkosupertech.com/f/pfsense.elkosupertech.pdf?attredirects=0&d=1
I made the change of adding the Virtual address option but still it's not working.
DJ
-
No option for topology…
What version pfsense? -
2.0.3-RELEASE (amd64)
DJ
-
Thats exactly what I'm using.
Hmmm - Must be you get different options when setting up a point to point tunnel not using a wizard. -
I did use the Wizard for this. My original post shows the options I selected when I set this up. I am thinking of redoing the setup but they didn't recommend those options. Would you tell me what options I should select or any other changes that should be made?
DJ
-
I take it back - I don't have that topology option either. Not sure what I was thinking earlier.
I have two of those but not the topology one. -
Did you set up rules on the firewall to allow/pass Openvpn to anywhere?
-
I take it back - I don't have that topology option either. Not sure what I was thinking earlier.
I have two of those but not the topology one.Important note: You MUST use device type tun, NOT tap. Otherwise the option is just not there. (Read the OVPN docs for details.)
-
Yeah - I definitely thought I saw that option before and now I definitely know I don't in my 2.03
I'm looking at my TUN tunnels that are up and working. Odd. I must have been mistaken. -
As far as I can tell, OpenVPN's settings on the Firewall are set to allow all.
-
The last time I had to config Tomato as a client it had a quirk where, for whatever reason, I had to add this to the Tomato client config:
keepalive 10 60 ping-timer-remAnd then it started connecting and working as expected.
Other than that it was a fairly standard static key config, nothing too special.
-
I have entered this on the Tomato side and still no joy. Any other suggestions?
DJ
-
Get in touch with Tomato guys… DD-WRT had OpenVPN buggy as hell more often than not, I doubt it's any better with Tomato.
-
When pfsense is connected to something else and its broken, I get the feeling that people don't come here because they feel its a pfsense issue. I think they come here because no one will answer their questions in other places. haha.
-
OpenVPN is pretty standard, despite quirks from the router firmware involved.
Given that things have changed from the start to now, it might help to know exactly what settings are in use on both sides as it is right now.
-
Here are the configs I have currently:
pfSense:
OpenVPN: https://docs.google.com/viewer?a=v&pid=sites&srcid=ZWxrb3N1cGVydGVjaC5jb218d2Vic2l0ZXxneDo3MGM3ZWZmNGIzNGI0YzNi
Client Specific Override: https://docs.google.com/viewer?a=v&pid=sites&srcid=ZWxrb3N1cGVydGVjaC5jb218d2Vic2l0ZXxneDozOGVlMjZjZDU0OGFjZWEwTomato
Basic: https://docs.google.com/viewer?a=v&pid=sites&srcid=ZWxrb3N1cGVydGVjaC5jb218d2Vic2l0ZXxneDo0OGQ0N2YxNzY5M2M1NjY3
Advanced: https://docs.google.com/viewer?a=v&pid=sites&srcid=ZWxrb3N1cGVydGVjaC5jb218d2Vic2l0ZXxneDo1OWRjM2M3YmVjYjI0MTU1If you need more please let me know. Thank you for all your help!
DJ
P.S. This Tomato router used to connect up with an Astaro Security appliance before they changed their licensing on it so I know that side works. The only change I did with tomato was change the Keys for the new server.
-
The client basic config for tomato links to the pfsense config.
-
I edited the links, but just in case https://docs.google.com/viewer?a=v&pid=sites&srcid=ZWxrb3N1cGVydGVjaC5jb218d2Vic2l0ZXxneDo0OGQ0N2YxNzY5M2M1NjY3
Thanks again!
DJ
-
Why do you have it on Remote Access SSL/TLS and not Peer to Peer SSL/TLS?
-
I would move it to Peer-to-Peer SSL/TLS, kill the user auth.
Other than the user+pass auth, I don't see anything odd about it from the settings.
We'd need to see the OpenVPN logs from both sides to say much more.
