Issues with Client mode -> FrootVPN server

aladine

Hello, I would like to turn my pfSense box into a client of FrootVPN.  But for some reason it just wont get up the connection.  Please let me know if you can see anything?

OPENVPN Logs:

Nov 26 18:38:20	fw openvpn[91869]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 26 18:38:20	fw openvpn[91869]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 26 18:38:20	fw openvpn[91869]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 26 18:38:20	fw openvpn[91869]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 26 18:38:20	fw openvpn[91869]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nov 26 18:38:20	fw openvpn[91869]: [server] Peer Connection Initiated with [AF_INET]178.73.212.194:1205
Nov 26 18:38:22	fw openvpn[91869]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Nov 26 18:38:22	fw openvpn[91869]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1159:b::1015/64 2a00:1a28:1159:b::1,dhcp-option DNS 80.x.x.x,dhcp-option DNS 91.x.x.x,redirect-gateway def1,route-ipv6 2000::/3,tun-ipv6,route-gateway 46.x.x.x,topology subnet,ping 10,ping-restart 160,ifconfig 46.x.x.x 255.255.255.224'
Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: route options modified
Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: route-related options modified
Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Nov 26 18:38:22	fw openvpn[91869]: ROUTE_GATEWAY 74.x.x.x
Nov 26 18:38:22	fw openvpn[91869]: ROUTE6: default_gateway=UNDEF
Nov 26 18:38:22	fw openvpn[91869]: TUN/TAP device /dev/tun1 opened
Nov 26 18:38:22	fw openvpn[91869]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Nov 26 18:38:22	fw openvpn[91869]: /sbin/ifconfig tun 46.x.x.x 46.x.x.x mtu 1500 netmask 255.255.255.224 up
Nov 26 18:38:22	fw openvpn[91869]: FreeBSD ifconfig failed: external program exited with error status: 1
Nov 26 18:38:22	fw openvpn[91869]: Exiting due to fatal error

Client1.conf

dev ovpnc1
dev-type tun
#tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 74.x.x.x
engine cryptodev
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote se-openvpn.frootvpn.com 1194
ca /var/etc/openvpn/client1.ca 
cert /var/etc/openvpn/client1.cert 
key /var/etc/openvpn/client1.key 
resolv-retry infinite
auth-user-pass /conf/TUVPN.pas
client
dev tun
proto udp
resolv-retry nfinite
persist-key
persist-tun
verb 3
ns-cert-type server

phil.davis

I am comparing to a client of mine that is actually a site-to-site to another pfSense. My client conf is similar, starting with:

dev ovpnc1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid

When mine does the ifconfig, the line in the OpenVPN log is:

openvpn[26867]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up

Mine does the ifconfig on device ovpnc1.
But yours is trying to do it on "tun":

openvpn[91869]: /sbin/ifconfig tun 46.x.x.x 46.x.x.x mtu 1500 netmask 255.255.255.224 up

And I guess that is why ifconfig exited with error status: 1

Maybe things are all different with a client like this. But I suspect that if someone can work out why it does "ifconfig tun" and fix that to "ifconfig ovpnc1" then it might work.

drzoidberg33

I just finished writing up a quick set up guide on a local forum of ours, please feel free to check it out:

http://mybroadband.co.za/vb/showthread.php/669041-Mini-Guide-Setup-free-VPN-(Froot-using-OpenVPN)-in-PfSense

Seems to be working fine on my side.