OpenVPN software (server) TO pfSense OpenVPN (client)
-
Hi!
For the past 3 weeks i've been trying to connect pfSense 2.0.1 OpenVPN's client to a Windows Server 2008 machine with OpenVPN software as a server, downloaded from http://openvpn.net/index.php/open-source/downloads.html.Right now all machines behind pfSense can connect to the Windows OpenVPN server using the software from the above site.
However i need to install the program in all machines (10 pc's = 10 openvpn client installs) and create the same number of certificates.
Everything works fine but i still want to enable pfSense's OpenVPN client so that all machines connect to Windows Server without any modifications.In my attempts to create a usable VPN in pfSense using peer to peer (SSL/TLS), i've made config files for the server and clients using the site's software.
The files below work very well, using only OpenVPN software in both server and clients.OpenVPN Windows 2008 Server config
dev tun ifconfig 10.1.0.1 10.1.0.2 tls-server dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem" ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt" key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key" port 1194 comp-lzo ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key push route 10.0.0.0 255.255.255.0 push route 192.168.202.0 255.255.255.0
OpenVPN client config
dev tun remote xxx.xxx.xxx.xxx ifconfig 10.1.0.2 10.1.0.1 tls-client ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\client.crt" key "C:\\Program Files\\OpenVPN\\config\\client.key" port 1194 comp-lzo ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key verb 3 route 192.168.202.0 255.255.255.0
Enabling the same configuration in pfSense is driving me nuts!!! ???
Clients connect but i cant ping or open server's shares.Additional information:
Windows 2008 Server is connected to a router to receive internet.
Windows Server 2008 ip: 192.168.202.2
Windows Server 2008 gateway: 192.168.202.1pfSense is connected to a router to receive internet.
pfSense ip: 192.168.1.65
pfSense gateway: 192.168.1.254Certificates are working fine in both clients and server.
pfSense OpenVPN Client config page
Server mode: Peer to Peer (SSL/TLS)
Protocol: UDP
Device mode: tun
Interface: WAN
Server host or address: xxx.xxx.xxx.xxx
Server port: 1194
Server host name resolution: enabled
TLS Authentication: disabled
Tunnel Network: 10.1.0.1/24
Remote Network: 192.168.202.1/24
Compression: enabled
Type-of-Service: enabled
Advanced Configuration: blankFirewall configuration
http://imageshack.us/f/545/97288780.jpg/
http://imageshack.us/f/404/15458517.jpg/I have tried several modifications in pfSense without any success.
What i'm i missing? Help is very appreciated! -
Hi,
I have the same problme now.
Did you solved it?tia
Jonny -
Unfortunately no.
:'( -
Hi,
Did you check the openvpn and firewall logs for both server and client?
-
After 3 entire weeks banging my head to the wall, painfully trying all options and seeing this post being ignored by the community i finally gave up.
-
sorry to hear that. i tried quite a number of times using pfsense and windows openvpn as well. but i ended up installing pfsense in VMs and linked it up, just to make up some loss of time
though openvpn connects to one another in different platform but i think there's too many factors including firewall, NAT,routing etc in order to make the connection useful. pfsense just make things easier for people to view all the blocking issues
-
From the pfSense OpenVPN Client config page, this should've given you a clue:
Tunnel Network: 10.1.0.1/24
Remote Network: 192.168.202.1/24You entered host addresses instead of network addresses. They need to be:
Tunnel Network: 10.1.0.0 (match the subnet mask to the tunnel network on your server. you have /24, but you typically see a /30 here)
Remote Network: 192.168.202.0/24