New OpenVPN setup for road-warriors - connected but no routing

kejianshi · Jul 30, 2013, 4:26 PM

You don't need 2.1 to make it work… Problem is peer to peer. You don't want that.

Cylindric · Jul 30, 2013, 4:27 PM

This is a bit odd. The server is set to "Remote Access (SSL/TLS + User Auth)", but the client is now set to Peer-to-peer, and the only options available are the two "peer to peer" ones.

kejianshi · Jul 30, 2013, 4:32 PM

Recommendation - Delete the server and the client.

Use the wizard and set it up again using TUN from the very beginning.

It sounds big deal but should be a few minutes.

I'm sure 2.1 works fine but 2.3 isn't broken either.

You just got a bit twisted around. Thats all.

Cylindric · Jul 30, 2013, 4:34 PM

I'll try it again tomorrow - getting frazzled now :)

Just deleted both configs, used the wizard to setup the server bit (seemed to create a tun setup anyway) but a new client still only allows server mode Peer to Peer.

kejianshi · Jul 30, 2013, 4:56 PM

Did you try shooting it with a 12 gauge shotgun? (Teasing)

Thats odd. I've never seen anything like that before. It should allow you to configure remote access. Thats very basic.

I wonder… Do you have user accounts and certs set up on your pfsense other than Admin? Because you need too. It required.

If pfsense thinks there are no users and no user certs it might not present you remote access options.

I had assumed these road warriors of yours had limited user accounts installed on pfsense.

You can get away with creating just 1 user and one user cert and allowing multiple concurrent connections by that user, but its better to set up one user account per "road warrior". You just go into system > user manager and add users, passwords and user certs.

Then you might have much better luck.

Cylindric · Jul 31, 2013, 8:30 AM

I do have a user I set up that I've been using for testing, and that's the one I've been using in the OpenVPN client downloader

Cylindric · Jul 31, 2013, 9:20 AM

Hang on, do I even need the "client" tab on the OpenVPN config? Going to try a manual approach as per: http://forum.pfsense.org/index.php?topic=22115.0

Cylindric · Jul 31, 2013, 9:48 AM

Getting the shotgun ready now. Just recreated everything manually, and no difference. VPN client connects fine, lights go green, routes are created, but nothing is passed.

kejianshi · Jul 31, 2013, 1:42 PM

When you want to connect a windows machine to a pfsense for the purposes of tunneling, its a server client relationship. Not peer to peer. I think just a straight up simple TUN tunnel is the way and those are made with wizard.

Cylindric · Jul 31, 2013, 1:49 PM

TUN is what I've been trying :(

I'm going to try it on a different remote computer, in case it's something wonky installed on my PC. Hopefully that's it, although it'll be annoying :)

kejianshi · Jul 31, 2013, 1:51 PM

I don't think thats it. While you arwe doing that, I'm going to get some coffee and try to find why you are not getting anything other than "peer" as options. Because thats not right. Not on pfsense 2.03 for sure.

Cylindric · Jul 31, 2013, 2:12 PM

Gah, just installed the Android client on my phone and it seemed to work right off the bat. Going to try a different remote machine.

kejianshi · Jul 31, 2013, 2:12 PM

hahahahahahahahahahahahah…. DAMN WINDOWS!!!!!!!

(Still doesn't explain your limited tunnel options to me)

Cylindric · Jul 31, 2013, 2:51 PM

Okay, so works on my Android phone and an Ubuntu VM I just spun up, but not on either of my Windows 8 computers. Guess there's something with the OpenVPN client on Windows 8…

kejianshi · Jul 31, 2013, 2:52 PM

Windows 8 firewalls?
Was the install ran as admin?

Beyond that, I cant even imagine what.

Cylindric · Jul 31, 2013, 2:56 PM

Well I'll be… Once I worked out it's a Windows 8 + OpenVPN problem, I had something to Google, and came upon this post by Luis Silva.

You have to start the Network Connections service, which is normally set to "Manual", and only runs when the "network connections" dialog is open. Start that service, and the VPN client works!!

kejianshi · Jul 31, 2013, 3:03 PM

Thank you for helping me with this problem. I have learned something useful…

(True statement - Although, wasn't it supposed to be the other way around!)

Windows 8myopenvpn....

kejianshi · Jul 31, 2013, 3:05 PM

I'd suggest a new thread on Windows 8myopenvpn…. actually.

doktornotor · Jul 31, 2013, 3:06 PM

@Cylindric:

You have to start the Network Connections service, which is normally set to "Manual", and only runs when the "network connections" dialog is open. Start that service, and the VPN client works!!

You know, having huge blinking tiles everywhere is so much more important than network connectivity…

Cylindric · Jul 31, 2013, 3:11 PM

@kejianshi:

I'd suggest a new thread on Windows 8myopenvpn…. actually.

You mean here? I'm happy to write a quick post specifically for Windows 8 to help people find this info :)