Pfsense as client using static key to openvpn server on vps
-
Hi all,
I am really a newbie on this topic. I will try to make my story straight so that you may be able to help pin point the cause of problem.
I live in China, as you may know, due to the Great Fire Wall set in between me and the world of internet, I have to fight hard to squeeze myself out of the jail like "national LAN". So I bought myself a vps outside the country, and successfully setup an openvpn server on the vps which is running centos 5.5.
At home, I have a pfsense 2.0 as the router and firewall. I have successfully connected to my openvpn server from windows openvpn client using static key behind pfsense. With the help from option "–route net_gateway", I can even have the openvpn automatically choose whether to use openvpn tunnel based on ip network geo-locations. So all my traffic to outside asia network will use the openvpn tunnel.
(The reason I am using static key is because the GFW drops packets when it detects TLS negotiation, and one ISP even totally block IP addresses.)Based on this success windows openvpn client experience, I thought I could use the openvpn client function on pfsense to directly link all my network traffic. However, when I actually tried the openvpn client in pfsense, I could only get the tunnel up but no traffic at all!?(I could see the openvpn status is up)
Below is my configurations,
Server Confport 80
dev tun
secret key.txt
ifconfig 10.10.10.1 10.10.10.2
float
cipher AES-256-CBC
comp-lzo
log-append /var/log/openvpn.log
verb 3And I have the iptables on the server configured with nat:
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o venet0 -j MASQUERADE
I can use the below config file to successfully connect to my openvpn server and establish a secure tunnel for breaking through the GFW,
remote openvpn.server.onvps 80
dev tun
ifconfig 10.10.10.2 10.10.10.1
secret key.txt
cipher AES-256-CBC
comp-lzo
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
float
verb 3route 1.0.0.0 255.0.0.0 net_gateway 5
route 14.0.0.0 255.0.0.0 net_gateway 5
route 27.0.0.0 255.0.0.0 net_gateway 5
….When there are several configurations I am not sure about, one particular area is the "remote network", what is supposed to put in there? I don't have a local network on my vps server, by ifconfig on the vps server, I see the ip address assigned by the vps company with a network mask of 255.255.255.255 on this venet interface. Where should I start looking for errors? As the server can take the windows client with no problem, I assume there must be something I missed?
Thanks in advance