Issues with OpenVPN Configuration
-
Here's some info from the OpenVPN GUI on my laptop:
Thu Feb 19 22:48:32 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014 Thu Feb 19 22:48:32 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Thu Feb 19 22:48:38 2015 Control Channel Authentication: using 'pfSense-udp-1194-Dan-tls.key' as a OpenVPN static key file Thu Feb 19 22:48:38 2015 UDPv4 link local (bound): [undef] Thu Feb 19 22:48:38 2015 UDPv4 link remote: [AF_INET]76.23.10.226:1194 Thu Feb 19 22:48:38 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu Feb 19 22:48:44 2015 [HendriksenHomeVPN] Peer Connection Initiated with [AF_INET]76.23.10.226:1194 Thu Feb 19 22:48:46 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Feb 19 22:48:46 2015 open_tun, tt->ipv6=0 Thu Feb 19 22:48:46 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{65809704-ADCD-462F-824C-BD9558079D1F}.tap Thu Feb 19 22:48:46 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.79.6/255.255.255.252 on interface {65809704-ADCD-462F-824C-BD9558079D1F} [DHCP-serv: 192.168.79.5, lease-time: 31536000] Thu Feb 19 22:48:51 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=13] Thu Feb 19 22:48:51 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Thu Feb 19 22:48:51 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1 Thu Feb 19 22:48:51 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=13] Thu Feb 19 22:48:51 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Thu Feb 19 22:48:51 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1 Thu Feb 19 22:48:51 2015 Initialization Sequence Completed -
Well - If you like it broken, leave it as is.
Probably what will happen if you modify pfsense set up and reboot it is all your clients will re-start their connections automatically and all will be fine.
kejianshi, are you saying that you think if I resetup all my DHCP reservations and change the IP of PFSense to something other than 192.168.1.1 that it will solve the VPN issue I'm having?
Or it simply a best practice that I should do, but likely doesn't have anything to do with my VPN issue? If it's a best practice, I'll absolutely do it…when I get back in town. If you are telling me it will likely solve my VPN issue, I'll do it right now. I just know it's going to be very time consuming.
-
Can you do something? Post a few pics here.
First post a pic of the pfsense Status: Dashboard (the main page) - Id love to see the private adresses in use.
Then show the openvpn server setup page - The one where you configured openvpn
Then finally, the local ip of the machine you are trying to connect to openvpn with - before connecting to openvpn, just type ipconfig in windows or ifconfig for linux and dump the contents here.
I like watching you get carpal tunnel and everything, but really I'm pretty sure you just need to fix your IP ranges in use.
-
Yes - Both.
I think your current IPs you are using are very possibly breaking everything for you AND I also think its best practice and will save you tons of trouble in the future.
-
OK - new evolution. So…I ran the OpenVPN GUI as an administrator, and it connects just fine. Works as it should...just as if I'm on the local LAN.
To reiterate, I've created a hotspot on an LTE network using my mobile phone, and connected to it with a Windows8 laptop. It connects and works just fine. I can even browse the PFSense Web GUI.
So...I guess at this point I just need to figure out why my mobile phone connects, but with a seemingly limited connection.
-
Can you do something? Post a few pics here.
First post a pic of the pfsense Status: Dashboard (the main page) - Id love to see the private adresses in use.
Then show the openvpn server setup page - The one where you configured openvpn
Then finally, the local ip of the machine you are trying to connect to openvpn with - before connecting to openvpn, just type ipconfig in windows or ifconfig for linux and dump the contents here.
I like watching you get carpal tunnel and everything, but really I'm pretty sure you just need to fix your IP ranges in use.
I appreciate your help…I really do. So, the Windows laptop connects and works wonderfully.
The problem I need to trouble shoot now is why my phone connects, but has a seemingly limited connection. It can't browse to 192.168.1.1 and the apps on my phone do not connect to the devices on the LAN as they should. It may be worth noting, this used to work great before the HDD in my PFSense died and I had to rebuild everything (without a backup).
-
Can you do something? Post a few pics here.
First post a pic of the pfsense Status: Dashboard (the main page) - Id love to see the private adresses in use.
Then show the openvpn server setup page - The one where you configured openvpn
Then finally, the local ip of the machine you are trying to connect to openvpn with - before connecting to openvpn, just type ipconfig in windows or ifconfig for linux and dump the contents here.
I like watching you get carpal tunnel and everything, but really I'm pretty sure you just need to fix your IP ranges in use.
Here are the pictures. I blocked out my IP address. Don't know why, just seemed like the right thing to do.
 -
Damn - Blacked out - Now I can't magically hack you…
OK - Now, what is the IP of the machine that is trying to connect to your server?
I need to know its PRIVATE address.
-
Damn - Blacked out - Now I can't magically hack you…
OK - Now, what is the IP of the machine that is trying to connect to your server?
I need to know its PRIVATE address.
The private IP address of my cell phone? When I go in to Status while connected to the LTE network, the IP address has two listed.
2607:fb90:480:dc2e:45a6:fe5f:b457:5b55
192.0.0.4Is that what you needed? And like I said it connects…it just seems to be on a limited basis.
-
Do you want to tunnel everything? Or just connections to 192.168.1.0/24?
-
Do you want to tunnel everything? Or just connections to 192.168.1.0/24?
I'm sorry, but I don't know what it means to "tunnel everything". When I'm connected to the VPN, I want to be able to access all the devices on the local LAN. I want all "internet" or "IP" traffic from the phone to through the VPN. From within the web browser or otherwise (IE: My Control4 app needs to connect to the Control4 controller on the LAN/VPN).
Does that answer your question? Sorry I'm such a novice at this. I truly appreciate your help.
-
Tunnel everything means that the client gets a default route that sends all traffic through the tunnel and nothing should egress the client's WAN natively while connected to the OpenVPN server.
Alternately, the client can get routes for just the remote networks, usually private networks (Remote LAN, etc). Only traffic for those networks will be sent to OpenVPN. All other traffic will be given to the client host's routing table and be routed accordingly.
-
OK - Baby steps…
I want you to change a few things if thats ok?
Force all client generated traffic through the tunnel.
Also, provide DNS Servers.
192.168.1.1
8.8.8.8 -
So, this is my cell phone we're talking about. While the cell phone is connected to the VPN, I think I want all internet/IP based traffic to go through the VPN.
What do I need to do for that to happen, because it doesn't appear to be happening now.
-
OK - Baby steps…
I want you to change a few things if thats ok?
Force all client generated traffic through the tunnel.
Also, provide DNS Servers.
192.168.1.1
8.8.8.8I'm down with the baby steps, but let me make sure I understand. You want me to recheck the DNS servers box in the VPN config, and add those 2 DNS servers?
-
Please make the initial changes to the openvpn server that I suggested. Then test it.
BTW - How are you seeing your server config if you are away and your VPN isn't working?
"You want me to recheck the DNS servers box in the VPN config, and add those 2 DNS servers?" - Yes
I want you to use your pfsense LAN as DNS server (192,168.1.1) and if something on your local network interferes with that, like the subnet in use, 8.8.8.8, just in case.
Just temporary to ensure you have DNS.
BTW - What kind of phone? What is the openvpn client software being used?
-
Please make the initial changes to the openvpn server that I suggested. Then test it.
BTW - How are you seeing your server config if you are away and your VPN isn't working?
I'm not away. I'm at home. I've got computers that are hard wired on the LAN here. I'm testing it from mobile phones and hotspots.
I think I made those changes correctly. I'm going to test it now.
-
I made those changes. The VPN from my phone still works the same. Do I need to redownload the client export after making those changes?
-
Just saw the edits to your last post. It's an Android phone. Google Nexus 6. I'm using the "OpenVPN Connect" client.
-
Not yet. Now I'd like to see the:
Firewall: Rules
The LAN tab and the OpenVPN tab.
