• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Migration from Monowall to PFSense

Scheduled Pinned Locked Moved OpenVPN
5 Posts 3 Posters 4.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    sebas
    last edited by Jun 4, 2007, 1:35 AM

    (Sorry about my english !)

    I was user of Monowall and I have an OpenVPN Tunnel between 2 offices.
    I don't know the config of the server office, but my client OpenVPN config look's like this:

    <if>tap1</if>
      <cport>5001</cport>
      <type>tap</type>
      <proto>udp</proto>
      <sport>1194</sport>
      <ver>2</ver>
      <saddr>xxxxxxxxxxxxx</saddr>
      <descr>VPN</descr>
      <ca_cert>XXX</ca_cert>
      <cli_cert>XXX</cli_cert>
      <cli_key>XXX</cli_key>
      <crypto>BF-CBC</crypto>

    That configuration gives me an ip like 192.168.5.4. My LAN IP is 172.16.1.0/24. This, merged with a static route saing that all that want to go to 192.168.2.0/24 (the other office IPs) passes through 192.168.5.1 (the gateway of the subnet where openVPN sends me inn), works for me.

    PFSense doesnt create TAP interface, so i cannot create the route. I cannot ping 192.168.5.1 … I cannot do anything.

    If I see the logs ... i understand that im connected:

    Somebody can help me ?

    Tnx a lot.

    Sebastián

    Jun 3 20:31:48 openvpn[21383]: Initialization Sequence Completed
    Jun 3 20:31:47 openvpn[21383]: /etc/rc.filter_configure tun0 1500 1541 192.168.5.4 255.255.255.0 init
    Jun 3 20:31:47 openvpn[21383]: /sbin/ifconfig tun0 192.168.5.4 255.255.255.0 mtu 1500 netmask 255.255.255.255 up
    Jun 3 20:31:47 openvpn[21383]: TUN/TAP device /dev/tun0 opened
    Jun 3 20:31:47 openvpn[21383]: WARNING: Since you are using –dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
    Jun 3 20:31:45 openvpn[21383]: [fwarg] Peer Connection Initiated with 200.80.231.196:1194
    Jun 3 20:31:45 openvpn[21383]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
    Jun 3 20:31:45 openvpn[21383]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1573'
    Jun 3 20:31:45 openvpn[21383]: WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
    Jun 3 20:31:42 openvpn[21383]: UDPv4 link remote: 200.80.231.196:1194
    Jun 3 20:31:42 openvpn[21383]: UDPv4 link local (bound): [undef]:1194
    Jun 3 20:31:42 openvpn[21382]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
    Jun 3 20:31:42 openvpn[21382]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jun 3 20:31:42 openvpn[21382]: WARNING: using –pull/--client and --ifconfig together is probably not what you want
    Jun 3 20:31:42 openvpn[21382]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Jun 3 20:31:42 openvpn[21382]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
    Jun 3 20:31:40 openvpn[293]: SIGTERM[hard,] received, process exiting
    Jun 3 20:31:40 openvpn[293]: /etc/rc.filter_configure tun0 1500 1541 192.168.5.4 255.255.255.0 init
    Jun 3 20:31:40 openvpn[293]: event_wait : Interrupted system call (code=4)

    1 Reply Last reply Reply Quote 0
    • C Offline
      Cry Havok
      last edited by Jun 4, 2007, 11:45 AM

      The errors you post show that one end is using TUN and one TAP - from the openvpn man page:

      You cannot mix them, as they represent different underlying protocols.

      If I understand it correctly, TUN devices are for routing and TAP devices for bridging.  As you want to route then you want to use the TUN device at both ends.

      1 Reply Last reply Reply Quote 0
      • S Offline
        sebas
        last edited by Jun 4, 2007, 3:40 PM

        Ok,

        but it seems that pfsense takes TUN as default.
        Monowall had a combobox to select between TUN or TAP … how can i change this into pfsense ?

        1 Reply Last reply Reply Quote 0
        • C Offline
          Cry Havok
          last edited by Jun 4, 2007, 7:11 PM

          Don't know I'm afraid, I'm still fairly new to pfSense myself :)

          1 Reply Last reply Reply Quote 0
          • G Offline
            GruensFroeschli
            last edited by Jun 5, 2007, 5:02 AM

            http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

            part at the bottom: "advanced hackery"

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received