Cannot get remote OpenVPN working
-
the error shows a handshake
have the port forwarding correctly configured ?
show some of your firewall rules. so we can see.
on the services status yo are supposed to see one service " OpenVPNServer : OPENVPN" but you see more.maybe a installation corruption.
try to reinstall the OEPNVPN package and see if it helps
-
here is the rule on the firewall
-
here is the rule on the firewall
are you using pfsense as gateway ?
if pfsense facing the internet ?
have you reinstalled openvpn ? -
Jakeyg I had this error several times, please post your openvpn server configuration and your firewall wan rules.
-
Post the server log after you tried to start the remote vpn service.
-
Okay I have attached just about all the config screen shots i can. hopefully theres something in there you guys can see that i cant.
I uninstalled openvpn export, but that didnt help. I have no idea how to reinstall the openvpn service, ill have a look around to see if i can find info on how to do that.
Thanks everyone for your help. Its very much appreciated!
-
Also when i do run ps auxww | grep openvpn this is the result….
root 16465 0.0 0.1 21728 5064 - Ss 8:53AM 0:01.06 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root 16609 0.0 0.1 21728 5076 - Ss 8:53AM 0:06.44 /usr/local/sbin/openvpn --config /var/etc/openvpn/server2.conf
root 61066 0.0 0.1 17136 2644 - S 11:16AM 0:00.00 sh -c ps auxww | grep openvpn 2>&1
root 61467 0.0 0.1 18876 2376 - S 11:16AM 0:00.00 grep openvpn -
Where is your server Cert?? When you go through the wizard it would create your server cert.
This is really clickity clickity thru the wizard and you have a running openvpn server..
-
viragomann - Im not 100% up to speed on pfsense or freebsd, so which log do i need to show? Can i just download it from the webgui?
Cyberbot - are you using pfsense as gateway ? Yep its a gateway
if pfsense facing the internet ? Yep sure is
have you reinstalled openvpn ? No, i couldnt figure out how to do it, and openVPN is working with the remote sites that use a pre shared key using a site-2-site configuration as opposed to a client server architecture.johnpoz - good spot, i didnt have one on that configuration, but i have redone all the steps a few more times and created the server cert, but unfortunately the problem persists.
-
So all site to site OpenVPN setups all work. That is
peer to peer(ssl/tls)
peer to peer(shared key)None of the remote options work
remote access (SSL/TLS)
remote access (user auth)
remote access (SSL/TLS + user auth)Is there some setting that im missing that switches off remote access? Or is it a bad install of openvpn?
-
If you can get a S2S connection working (SSL/TLS or shared) then there's nothing wrong with OpenVPN on pfSense.
It's much more likely that your problem is in the Certificate setup.
My suggestion:
(1) Leave the S2S SSL/TLS conx running.
(2) Make Sure you have a CA for the Remote conx server you will create.
(3) Make Sure you have a Server Certificate for the Remote conx server you will create. It must use the CA from (2).
(4) Add a new User Certificate for the client computer. It must use the CA from (2).
(5) Add a NEW Remote SSL/TLS server running on a DIFFERENT port# than (1) and use the Certificate from (3).
(6) Export the Client package for the User Cert created in (4)
(7) Install the Client package on a machine and test.As mentioned earlier, this is a very basic operation and is usually fairly painless.
-
Thanks everyone for your help. I have solved the problem.
The reason it wasnt working is becuase i was putting a /30 network in the tunnel network, but using a /24 in the local network. As soon as i changed this, it came up in openvpn status.
Thank you everyone so much for your help. Its communities that make products extra good, and this is one hell of a product!
