Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense 2.2.4 + OpenVPN 2.3.8: LAN Access Problems

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bunkai.Satori
      last edited by

      Dear all,

      Would you be so kind and take a look at this, please? I get frequent Request Timed Out responses after pinging pfSense's LAN port or LAN devices behind pfSense from my OpenVPN client. Within app. 40%, I get correct ping reply from the LAN and within app. 60% I get Request timed out. I as well, can not access any pfSense LAN resources, PCs, Widows Shared Folders, etc.. I have read many threads, but I can not find any similarities with my case.

      Here are the key remarks:

      • I had no difficulties creating and establishing OpenVPN connection and I have received no error messages.

      • I have not implemented any push "route x.x.x.x"; commands yet.

      • My network topology is: ISP Router with public IP -> pfSense behind NAT and Port Forwarding -> pfSense LAN PC(172.20.20.241)

      • -> OpenVPN client (Tunnel IP: 172.21.20.6, Private IP: 192.168.178.3)

      • From the pfSense LAN PC I can not ping and access OpenVPN client throught VPN Tunnel IP Address (172.21.20.6), but can ping and access internal the same device through IP address granted by the ISP router (192.168.178.3)

      • From the OpenVPN client I can ping with frequent timeouts pfSense server through pfSense LAN IP (172.20.20.1)

      • Firewall Rules are without change, as they were set by the OpenVPN wizzard

      Pinging device on pfSense's LAN from OpenVPN client ( "ping 172.20.20.241 -t" ):

      C:\Users\Bunka>ping 172.20.20.241 -t
      
      Pinging 172.20.20.241 with 32 bytes of data:
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=4ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=4ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=6ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Reply from 172.20.20.241: bytes=32 time=4ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=4ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=4ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=3ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=4ms TTL=254
      Reply from 172.20.20.241: bytes=32 time=2ms TTL=254
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      
      

      Pinging pfSense's LAN port from OpenVPN client ( "ping 172.20.20.1 -t" ):

      Request timed out.
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time=1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Reply from 172.20.20.1: bytes=32 time=1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time=1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time=1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Reply from 172.20.20.1: bytes=32 time<1ms TTL=64
      Request timed out.
      Request timed out.
      Request timed out.
      
      

      Pinging TAP-Windows Adapter V9 virtual port of the OpenVPN client ( "ping 172.21.20.6 -t" ):

      C:\Users\Bunka>ping 172.21.20.6 -t
      
      Pinging 172.21.20.6 with 32 bytes of data:
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      Reply from 172.21.20.6: bytes=32 time<1ms TTL=128
      
      

      Pinging pfSense OpenVPN Server through TAP-Windows Adapter V9 and IPv4 Tunnel Network from the OpenVPN client ( "ping 172.21.20.5 -t" ):

      
      C:\Users\Bunka>ping 172.21.20.5 -t
      
      Pinging 172.21.20.5 with 32 bytes of data:
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.
      
      

      config.ovpn:

      
      dev tun
      persist-tun
      persist-key
      cipher AES-256-CBC
      auth SHA1
      tls-client
      client
      resolv-retry infinite
      remote publicIpAddress.com 1194 udp
      lport 0
      verify-x509-name "ServerCert" name
      auth-user-pass
      pkcs12 firewall-udp-1194-xxx.p12
      tls-auth firewall-udp-1194-xxx-tls.key 1
      ns-cert-type server
      
      

      config.log:

      
      Sat Sep 05 22:57:24 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
      Sat Sep 05 22:57:24 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
      Enter Management Password:
      Sat Sep 05 22:57:43 2015 Control Channel Authentication: using 'firewall-udp-1194-xxx-tls.key' as a OpenVPN static key file
      Sat Sep 05 22:57:43 2015 UDPv4 link local (bound): [undef]
      Sat Sep 05 22:57:43 2015 UDPv4 link remote: [AF_INET]00.000.000.0:1194
      Sat Sep 05 22:57:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Sat Sep 05 22:57:43 2015 [FileResortServerCert] Peer Connection Initiated with [AF_INET]00.000.000.0:1194
      Sat Sep 05 22:57:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Sat Sep 05 22:57:45 2015 open_tun, tt->ipv6=0
      Sat Sep 05 22:57:45 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{564547DE-B3DF-4B0D-BBDA-AFF09687989E}.tap
      Sat Sep 05 22:57:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.21.20.6/255.255.255.252 on interface {564547DE-B3DF-4B0D-BBDA-AFF09687989E} [DHCP-serv: 172.21.20.5, lease-time: 31536000]
      Sat Sep 05 22:57:45 2015 Successful ARP Flush on interface [8] {564547DE-B3DF-4B0D-BBDA-AFF09687989E}
      Sat Sep 05 22:57:50 2015 Initialization Sequence Completed
      Sat Sep 05 22:59:40 2015 [FileResortServerCert] Inactivity timeout (--ping-restart), restarting
      Sat Sep 05 22:59:40 2015 SIGUSR1[soft,ping-restart] received, process restarting
      Sat Sep 05 22:59:42 2015 UDPv4 link local (bound): [undef]
      Sat Sep 05 22:59:42 2015 UDPv4 link remote: [AF_INET]00.000.000.0:1194
      Sat Sep 05 22:59:42 2015 [FileResortServerCert] Peer Connection Initiated with [AF_INET]00.000.000.0:1194
      Sat Sep 05 22:59:44 2015 Preserving previous TUN/TAP instance: Ethernet 2
      Sat Sep 05 22:59:44 2015 Initialization Sequence Completed
      
      

      Routing Table from the OpenVPN client

      
      C:\Users\Bunka>route print
      ===========================================================================
      Interface List
       17...94 de 80 a1 e2 d7 ......Intel(R) Ethernet Connection I217-LM
        8...00 ff 56 45 47 de ......TAP-Windows Adapter V9
        1...........................Software Loopback Interface 1
       12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
       14...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
       10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
      ===========================================================================
      
      IPv4 Route Table
      ===========================================================================
      Active Routes:
      Network Destination        Netmask          Gateway       Interface  Metric
                0.0.0.0          0.0.0.0    192.168.178.1    192.168.178.3    266
              127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
              127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
        127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            172.20.20.0    255.255.254.0      172.21.20.5      172.21.20.6     20
            172.21.20.1  255.255.255.255      172.21.20.5      172.21.20.6     20
            172.21.20.4  255.255.255.252         On-link       172.21.20.6    276
            172.21.20.6  255.255.255.255         On-link       172.21.20.6    276
            172.21.20.7  255.255.255.255         On-link       172.21.20.6    276
          192.168.178.0    255.255.255.0         On-link     192.168.178.3    266
          192.168.178.3  255.255.255.255         On-link     192.168.178.3    266
        192.168.178.255  255.255.255.255         On-link     192.168.178.3    266
              224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
              224.0.0.0        240.0.0.0         On-link       172.21.20.6    276
              224.0.0.0        240.0.0.0         On-link     192.168.178.3    266
        255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        255.255.255.255  255.255.255.255         On-link       172.21.20.6    276
        255.255.255.255  255.255.255.255         On-link     192.168.178.3    266
      ===========================================================================
      Persistent Routes:
        Network Address          Netmask  Gateway Address  Metric
                0.0.0.0          0.0.0.0    192.168.178.1  Default
      ===========================================================================
      
      IPv6 Route Table
      ===========================================================================
      Active Routes:
       If Metric Network Destination      Gateway
        1    306 ::1/128                  On-link
        8    276 fe80::/64                On-link
        8    276 fe80::5941:674c:b441:e844/128
                                          On-link
        1    306 ff00::/8                 On-link
        8    276 ff00::/8                 On-link
      ===========================================================================
      Persistent Routes:
        None
      
      

      "ipconfig /all" from the OpenVPN client

      
      C:\Users\Bunka>ipconfig /all
      
      Windows IP Configuration
      
         Host Name . . . . . . . . . . . . : DESKTOP001
         Primary Dns Suffix  . . . . . . . :
         Node Type . . . . . . . . . . . . : Hybrid
         IP Routing Enabled. . . . . . . . : Yes
         WINS Proxy Enabled. . . . . . . . : No
      
      Ethernet adapter Ethernet:
      
         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
         Physical Address. . . . . . . . . : 94-DE-80-A1-E2-D7
         DHCP Enabled. . . . . . . . . . . : No
         Autoconfiguration Enabled . . . . : Yes
         IPv4 Address. . . . . . . . . . . : 192.168.178.3(Preferred)
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . : 192.168.178.1
         DNS Servers . . . . . . . . . . . : 192.168.178.1
                                             8.8.8.8
         NetBIOS over Tcpip. . . . . . . . : Enabled
      
      Ethernet adapter Ethernet 2:
      
         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : TAP-Windows Adapter V9
         Physical Address. . . . . . . . . : 00-FF-56-45-47-DE
         DHCP Enabled. . . . . . . . . . . : Yes
         Autoconfiguration Enabled . . . . : Yes
         Link-local IPv6 Address . . . . . : fe80::5941:674c:b441:e844%8(Preferred)
         IPv4 Address. . . . . . . . . . . : 172.21.20.6(Preferred)
         Subnet Mask . . . . . . . . . . . : 255.255.255.252
         Lease Obtained. . . . . . . . . . : Samstag, 5\. September 2015 22:57:45
         Lease Expires . . . . . . . . . . : Sonntag, 4\. September 2016 22:57:45
         Default Gateway . . . . . . . . . :
         DHCP Server . . . . . . . . . . . : 172.21.20.5
         DHCPv6 IAID . . . . . . . . . . . : 218169174
         DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4F-0C-26-94-DE-80-A1-E2-D7
         DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                             fec0:0:0:ffff::2%1
                                             fec0:0:0:ffff::3%1
         NetBIOS over Tcpip. . . . . . . . : Enabled
      
      Tunnel adapter isatap.{564547DE-B3DF-4B0D-BBDA-AFF09687989E}:
      
         Media State . . . . . . . . . . . : Media disconnected
         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : Microsoft ISATAP Adapter
         Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
         DHCP Enabled. . . . . . . . . . . : No
         Autoconfiguration Enabled . . . . : Yes
      
      Tunnel adapter Teredo Tunneling Pseudo-Interface:
      
         Media State . . . . . . . . . . . : Media disconnected
         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
         Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
         DHCP Enabled. . . . . . . . . . . : No
         Autoconfiguration Enabled . . . . : Yes
      
      Tunnel adapter isatap.{E9E8776D-3514-40A3-8251-705E4A715A2A}:
      
         Media State . . . . . . . . . . . : Media disconnected
         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
         Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
         DHCP Enabled. . . . . . . . . . . : No
         Autoconfiguration Enabled . . . . : Yes
      
      C:\Users\Bunka>
      
      

      Please, tell me if you need more information. Thank you very much.
      ![TAP-Windows Adapter V9.PNG](/public/imported_attachments/1/TAP-Windows Adapter V9.PNG)
      ![TAP-Windows Adapter V9.PNG_thumb](/public/imported_attachments/1/TAP-Windows Adapter V9.PNG_thumb)

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        No trouble here with combination of pfSense 2.2.4 + OpenVPN 2.3.8.

        config.ovpn

        
        dev tun
        persist-tun
        persist-key
        cipher AES-256-CBC
        tls-client
        client
        resolv-retry infinite
        remote <fqdn>1194 udp
        #tls-remote OpenVPN Server Certificate
        verify-x509-name "OpenVPN Server Certificate" name
        #x509-username-field CN
        auth-user-pass
        pkcs12 pfsense-udp-1194-XXX.p12
        tls-auth pfsense-udp-1194-XXX-tls.key 1
        ns-cert-type server
        comp-lzo</fqdn> 
        

        Connection Log

        
        Sat Sep 05 17:44:23 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
        Sat Sep 05 17:44:23 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
        Enter Management Password:
        Sat Sep 05 17:44:28 2015 Control Channel Authentication: using 'pfsense-udp-1194-XXX-tls.key' as a OpenVPN static key file
        Sat Sep 05 17:44:29 2015 UDPv4 link local (bound): [undef]
        Sat Sep 05 17:44:29 2015 UDPv4 link remote: [AF_INET]<publicipaddress:1194<br>Sat Sep 05 17:44:29 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
        Sat Sep 05 17:44:38 2015 [OpenVPN Server Certificate] Peer Connection Initiated with [AF_INET]publicIpAddress:1194
        Sat Sep 05 17:44:40 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
        Sat Sep 05 17:44:40 2015 open_tun, tt->ipv6=0
        Sat Sep 05 17:44:40 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{CD4C1995-6265-4B92-A5DA-BC983BAD3F9F}.tap
        Sat Sep 05 17:44:40 2015 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.22.0/192.168.22.2/255.255.255.0 [SUCCEEDED]
        Sat Sep 05 17:44:40 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.22.2/255.255.255.0 on interface {CD4C1995-6265-4B92-A5DA-BC983BAD3F9F} [DHCP-serv: publicIpAddress, lease-time: 31536000]
        Sat Sep 05 17:44:40 2015 Successful ARP Flush on interface [13] {CD4C1995-6265-4B92-A5DA-BC983BAD3F9F}
        Sat Sep 05 17:44:45 2015 Initialization Sequence Completed</publicipaddress:1194<br> 
        
        1 Reply Last reply Reply Quote 0
        • B
          Bunkai.Satori
          last edited by

          Hi NOYB,

          thank you very much for your samples, I have something to try and change on my side. Did you have to push any explicit route 'push "route x.x.x.x x.x.x.x";' please? None of the tutorials and videos I have seen done that, therefore I haven't done it neither.  Thanks again for your help.

          Regards,

          1 Reply Last reply Reply Quote 0
          • B
            Bunkai.Satori
            last edited by

            Hi all,

            additionally, I am pasting VPNClient config.log with 'verb 5' for more detailed information. Please, be aware that I have done some private ip addressing changes, so the IP addresses will not fit with the samplesa above.

            
            Sun Sep 06 11:40:21 2015 us=374408 Current Parameter Settings:
            Sun Sep 06 11:40:21 2015 us=374408   config = 'firewall-udp-1194-xxx-config.ovpn'
            Sun Sep 06 11:40:21 2015 us=374408   mode = 0
            Sun Sep 06 11:40:21 2015 us=374408   show_ciphers = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   show_digests = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   show_engines = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   genkey = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   key_pass_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   show_tls_ciphers = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408 Connection profiles [default]:
            Sun Sep 06 11:40:21 2015 us=374408   proto = udp
            Sun Sep 06 11:40:21 2015 us=374408   local = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   local_port = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote = <fqdn>
            Sun Sep 06 11:40:21 2015 us=374408   remote_port = 1194
            Sun Sep 06 11:40:21 2015 us=374408   remote_float = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   bind_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   bind_local = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   connect_retry_seconds = 5
            Sun Sep 06 11:40:21 2015 us=374408   connect_timeout = 10
            Sun Sep 06 11:40:21 2015 us=374408   connect_retry_max = 0
            Sun Sep 06 11:40:21 2015 us=374408   socks_proxy_server = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   socks_proxy_port = 0
            Sun Sep 06 11:40:21 2015 us=374408   socks_proxy_retry = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tun_mtu = 1500
            Sun Sep 06 11:40:21 2015 us=374408   tun_mtu_defined = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   link_mtu = 1500
            Sun Sep 06 11:40:21 2015 us=374408   link_mtu_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tun_mtu_extra = 0
            Sun Sep 06 11:40:21 2015 us=374408   tun_mtu_extra_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   mtu_discover_type = -1
            Sun Sep 06 11:40:21 2015 us=374408   fragment = 0
            Sun Sep 06 11:40:21 2015 us=374408   mssfix = 1450
            Sun Sep 06 11:40:21 2015 us=374408   explicit_exit_notification = 0
            Sun Sep 06 11:40:21 2015 us=374408 Connection profiles END
            Sun Sep 06 11:40:21 2015 us=374408   remote_random = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ipchange = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   dev = 'tun'
            Sun Sep 06 11:40:21 2015 us=374408   dev_type = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   dev_node = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   lladdr = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   topology = 1
            Sun Sep 06 11:40:21 2015 us=374408   tun_ipv6 = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_local = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_remote_netmask = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_noexec = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_nowarn = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_ipv6_local = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_ipv6_netbits = 0
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_ipv6_remote = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   shaper = 0
            Sun Sep 06 11:40:21 2015 us=374408   mtu_test = 0
            Sun Sep 06 11:40:21 2015 us=374408   mlock = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   keepalive_ping = 0
            Sun Sep 06 11:40:21 2015 us=374408   keepalive_timeout = 0
            Sun Sep 06 11:40:21 2015 us=374408   inactivity_timeout = 0
            Sun Sep 06 11:40:21 2015 us=374408   ping_send_timeout = 0
            Sun Sep 06 11:40:21 2015 us=374408   ping_rec_timeout = 0
            Sun Sep 06 11:40:21 2015 us=374408   ping_rec_timeout_action = 0
            Sun Sep 06 11:40:21 2015 us=374408   ping_timer_remote = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   remap_sigusr1 = 0
            Sun Sep 06 11:40:21 2015 us=374408   persist_tun = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   persist_local_ip = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   persist_remote_ip = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   persist_key = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   passtos = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   resolve_retry_seconds = 1000000000
            Sun Sep 06 11:40:21 2015 us=374408   username = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   groupname = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   chroot_dir = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   cd_dir = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   writepid = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   up_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   down_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   down_pre = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   up_restart = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   up_delay = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   daemon = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   inetd = 0
            Sun Sep 06 11:40:21 2015 us=374408   log = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   suppress_timestamps = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   nice = 0
            Sun Sep 06 11:40:21 2015 us=374408   verbosity = 5
            Sun Sep 06 11:40:21 2015 us=374408   mute = 0
            Sun Sep 06 11:40:21 2015 us=374408   status_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   status_file_version = 1
            Sun Sep 06 11:40:21 2015 us=374408   status_file_update_freq = 60
            Sun Sep 06 11:40:21 2015 us=374408   occ = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   rcvbuf = 0
            Sun Sep 06 11:40:21 2015 us=374408   sndbuf = 0
            Sun Sep 06 11:40:21 2015 us=374408   sockflags = 0
            Sun Sep 06 11:40:21 2015 us=374408   fast_io = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   lzo = 0
            Sun Sep 06 11:40:21 2015 us=374408   route_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   route_default_gateway = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   route_default_metric = 0
            Sun Sep 06 11:40:21 2015 us=374408   route_noexec = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   route_delay = 5
            Sun Sep 06 11:40:21 2015 us=374408   route_delay_window = 30
            Sun Sep 06 11:40:21 2015 us=374408   route_delay_defined = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   route_nopull = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   route_gateway_via_dhcp = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   max_routes = 100
            Sun Sep 06 11:40:21 2015 us=374408   allow_pull_fqdn = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   management_addr = '127.0.0.1'
            Sun Sep 06 11:40:21 2015 us=374408   management_port = 25340
            Sun Sep 06 11:40:21 2015 us=374408   management_user_pass = 'stdin'
            Sun Sep 06 11:40:21 2015 us=374408   management_log_history_cache = 250
            Sun Sep 06 11:40:21 2015 us=374408   management_echo_buffer_size = 100
            Sun Sep 06 11:40:21 2015 us=374408   management_write_peer_info_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   management_client_user = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   management_client_group = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   management_flags = 6
            Sun Sep 06 11:40:21 2015 us=374408   shared_secret_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   key_direction = 2
            Sun Sep 06 11:40:21 2015 us=374408   ciphername_defined = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   ciphername = 'AES-256-CBC'
            Sun Sep 06 11:40:21 2015 us=374408   authname_defined = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   authname = 'SHA1'
            Sun Sep 06 11:40:21 2015 us=374408   prng_hash = 'SHA1'
            Sun Sep 06 11:40:21 2015 us=374408   prng_nonce_secret_len = 16
            Sun Sep 06 11:40:21 2015 us=374408   keysize = 0
            Sun Sep 06 11:40:21 2015 us=374408   engine = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   replay = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   mute_replay_warnings = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   replay_window = 64
            Sun Sep 06 11:40:21 2015 us=374408   replay_time = 15
            Sun Sep 06 11:40:21 2015 us=374408   packet_id_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   use_iv = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   test_crypto = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tls_server = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tls_client = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   key_method = 2
            Sun Sep 06 11:40:21 2015 us=374408   ca_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ca_path = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   dh_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   cert_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   priv_key_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   pkcs12_file = 'firewall-udp-1194-xxx.p12'
            Sun Sep 06 11:40:21 2015 us=374408   cryptoapi_cert = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   cipher_list = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   tls_verify = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   tls_export_cert = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   verify_x509_type = 2
            Sun Sep 06 11:40:21 2015 us=374408   verify_x509_name = 'ServerCert'
            Sun Sep 06 11:40:21 2015 us=374408   crl_file = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ns_cert_type = 1
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_ku[i] = 0
            Sun Sep 06 11:40:21 2015 us=374408   remote_cert_eku = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ssl_flags = 0
            Sun Sep 06 11:40:21 2015 us=374408   tls_timeout = 2
            Sun Sep 06 11:40:21 2015 us=374408   renegotiate_bytes = 0
            Sun Sep 06 11:40:21 2015 us=374408   renegotiate_packets = 0
            Sun Sep 06 11:40:21 2015 us=374408   renegotiate_seconds = 3600
            Sun Sep 06 11:40:21 2015 us=374408   handshake_window = 60
            Sun Sep 06 11:40:21 2015 us=374408   transition_window = 3600
            Sun Sep 06 11:40:21 2015 us=374408   single_session = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   push_peer_info = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tls_exit = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tls_auth_file = 'firewall-udp-1194-xxx-tls.key'
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_protected_authentication = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_private_mode = 00000000
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_cert_private = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_pin_cache_period = -1
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_id = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   pkcs11_id_management = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   server_network = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   server_netmask = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   server_network_ipv6 = ::
            Sun Sep 06 11:40:21 2015 us=374408   server_netbits_ipv6 = 0
            Sun Sep 06 11:40:21 2015 us=374408   server_bridge_ip = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   server_bridge_netmask = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   server_bridge_pool_start = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   server_bridge_pool_end = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_pool_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_pool_start = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_pool_end = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_pool_netmask = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_pool_persist_filename = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_pool_persist_refresh_freq = 600
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_ipv6_pool_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_ipv6_pool_base = ::
            Sun Sep 06 11:40:21 2015 us=374408   ifconfig_ipv6_pool_netbits = 0
            Sun Sep 06 11:40:21 2015 us=374408   n_bcast_buf = 256
            Sun Sep 06 11:40:21 2015 us=374408   tcp_queue_limit = 64
            Sun Sep 06 11:40:21 2015 us=374408   real_hash_size = 256
            Sun Sep 06 11:40:21 2015 us=374408   virtual_hash_size = 256
            Sun Sep 06 11:40:21 2015 us=374408   client_connect_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   learn_address_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   client_disconnect_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   client_config_dir = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   ccd_exclusive = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   tmp_dir = 'C:\Users\Bunka\AppData\Local\Temp\'
            Sun Sep 06 11:40:21 2015 us=374408   push_ifconfig_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   push_ifconfig_local = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   push_ifconfig_remote_netmask = 0.0.0.0
            Sun Sep 06 11:40:21 2015 us=374408   push_ifconfig_ipv6_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   push_ifconfig_ipv6_local = ::/0
            Sun Sep 06 11:40:21 2015 us=374408   push_ifconfig_ipv6_remote = ::
            Sun Sep 06 11:40:21 2015 us=374408   enable_c2c = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   duplicate_cn = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   cf_max = 0
            Sun Sep 06 11:40:21 2015 us=374408   cf_per = 0
            Sun Sep 06 11:40:21 2015 us=374408   max_clients = 1024
            Sun Sep 06 11:40:21 2015 us=374408   max_routes_per_client = 256
            Sun Sep 06 11:40:21 2015 us=374408   auth_user_pass_verify_script = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   auth_user_pass_verify_script_via_file = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   client = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   pull = ENABLED
            Sun Sep 06 11:40:21 2015 us=374408   auth_user_pass_file = 'stdin'
            Sun Sep 06 11:40:21 2015 us=374408   show_net_up = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   route_method = 0
            Sun Sep 06 11:40:21 2015 us=374408   ip_win32_defined = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   ip_win32_type = 3
            Sun Sep 06 11:40:21 2015 us=374408   dhcp_masq_offset = 0
            Sun Sep 06 11:40:21 2015 us=374408   dhcp_lease_time = 31536000
            Sun Sep 06 11:40:21 2015 us=374408   tap_sleep = 0
            Sun Sep 06 11:40:21 2015 us=374408   dhcp_options = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   dhcp_renew = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   dhcp_pre_release = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   dhcp_release = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408   domain = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   netbios_scope = '[UNDEF]'
            Sun Sep 06 11:40:21 2015 us=374408   netbios_node_type = 0
            Sun Sep 06 11:40:21 2015 us=374408   disable_nbt = DISABLED
            Sun Sep 06 11:40:21 2015 us=374408 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
            Sun Sep 06 11:40:21 2015 us=374408 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
            Enter Management Password:
            Sun Sep 06 11:40:21 2015 us=374408 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
            Sun Sep 06 11:40:21 2015 us=374408 Need hold release from management interface, waiting...
            Sun Sep 06 11:40:21 2015 us=885577 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
            Sun Sep 06 11:40:21 2015 us=994954 MANAGEMENT: CMD 'state on'
            Sun Sep 06 11:40:21 2015 us=994954 MANAGEMENT: CMD 'log all on'
            Sun Sep 06 11:40:22 2015 us=166818 MANAGEMENT: CMD 'hold off'
            Sun Sep 06 11:40:22 2015 us=166818 MANAGEMENT: CMD 'hold release'
            Sun Sep 06 11:40:45 2015 us=476516 MANAGEMENT: CMD 'username "Auth" "xxx"'
            Sun Sep 06 11:40:45 2015 us=507754 MANAGEMENT: CMD 'password [...]'
            Sun Sep 06 11:40:45 2015 us=570253 Control Channel Authentication: using 'firewall-udp-1194-xxx-tls.key' as a OpenVPN static key file
            Sun Sep 06 11:40:45 2015 us=570253 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
            Sun Sep 06 11:40:45 2015 us=570253 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
            Sun Sep 06 11:40:45 2015 us=570253 Control Channel MTU parms [ L:1557 D:166 EF:66 EB:0 ET:0 EL:3 ]
            Sun Sep 06 11:40:45 2015 us=570253 Socket Buffers: R=[65536->65536] S=[65536->65536]
            Sun Sep 06 11:40:45 2015 us=570253 MANAGEMENT: >STATE:1441532445,RESOLVE,,,
            Sun Sep 06 11:40:45 2015 us=585888 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:12 ET:0 EL:3 ]
            Sun Sep 06 11:40:45 2015 us=585888 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
            Sun Sep 06 11:40:45 2015 us=585888 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
            Sun Sep 06 11:40:45 2015 us=585888 Local Options hash (VER=V4): 'ed844052'
            Sun Sep 06 11:40:45 2015 us=585888 Expected Remote Options hash (VER=V4): '8a244582'
            Sun Sep 06 11:40:45 2015 us=585888 UDPv4 link local (bound): [undef]
            Sun Sep 06 11:40:45 2015 us=585888 UDPv4 link remote: [AF_INET]00.000.000.0:1194
            Sun Sep 06 11:40:45 2015 us=585888 MANAGEMENT: >STATE:1441532445,WAIT,,,
            Sun Sep 06 11:40:45 2015 us=585888 MANAGEMENT: >STATE:1441532445,AUTH,,,
            Sun Sep 06 11:40:45 2015 us=585888 TLS: Initial packet from [AF_INET]00.000.000.0:1194, sid=a3605d5d bd3315b4
            Sun Sep 06 11:40:45 2015 us=585888 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
            Sun Sep 06 11:40:45 2015 us=617144 VERIFY OK: depth=1, C=SK, ST=ST, L=L, O=Organisation, emailAddress=email@email.com, CN=MyCA
            Sun Sep 06 11:40:45 2015 us=617144 VERIFY OK: nsCertType=SERVER
            Sun Sep 06 11:40:45 2015 us=617144 VERIFY X509NAME OK: C=SK, ST=ST, L=L, O=Organisation, emailAddress=email@email.com, CN=ServerCert
            Sun Sep 06 11:40:45 2015 us=617144 VERIFY OK: depth=0, C=SK, ST=ST, L=L, O=Organisation, emailAddress=email@email.com, CN=ServerCert
            Sun Sep 06 11:40:45 2015 us=664018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
            Sun Sep 06 11:40:45 2015 us=664018 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
            Sun Sep 06 11:40:45 2015 us=664018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
            Sun Sep 06 11:40:45 2015 us=664018 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
            Sun Sep 06 11:40:45 2015 us=664018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
            Sun Sep 06 11:40:45 2015 us=664018 [ServerCert] Peer Connection Initiated with [AF_INET]00.000.000.0:1194
            Sun Sep 06 11:40:46 2015 us=798997 MANAGEMENT: >STATE:1441532446,GET_CONFIG,,,
            Sun Sep 06 11:40:47 2015 us=924012 SENT CONTROL [ServerCert]: 'PUSH_REQUEST' (status=1)
            Sun Sep 06 11:40:47 2015 us=924012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.168.0 255.255.255.0,route 192.168.169.0 255.255.255.0,route 192.168.178.1 255.255.255.0,route 192.168.188.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.188.6 192.168.188.5'
            Sun Sep 06 11:40:47 2015 us=924012 OPTIONS IMPORT: timers and/or timeouts modified
            Sun Sep 06 11:40:47 2015 us=924012 OPTIONS IMPORT: --ifconfig/up options modified
            Sun Sep 06 11:40:47 2015 us=924012 OPTIONS IMPORT: route options modified
            Sun Sep 06 11:40:47 2015 us=924012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
            Sun Sep 06 11:40:47 2015 us=924012 MANAGEMENT: >STATE:1441532447,ASSIGN_IP,,192.168.188.6,
            Sun Sep 06 11:40:47 2015 us=924012 open_tun, tt->ipv6=0
            Sun Sep 06 11:40:47 2015 us=924012 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{04E863BA-8478-4818-BC9A-9DC0BF6CB04E}.tap
            Sun Sep 06 11:40:47 2015 us=924012 TAP-Windows Driver Version 9.21 
            Sun Sep 06 11:40:47 2015 us=924012 TAP-Windows MTU=1500
            Sun Sep 06 11:40:47 2015 us=939639 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.188.6/255.255.255.252 on interface {04E863BA-8478-4818-BC9A-9DC0BF6CB04E} [DHCP-serv: 192.168.188.5, lease-time: 31536000]
            Sun Sep 06 11:40:47 2015 us=939639 Successful ARP Flush on interface [8] {04E863BA-8478-4818-BC9A-9DC0BF6CB04E}
            Sun Sep 06 11:40:53 2015 us=89982 TEST ROUTES: 4/4 succeeded len=4 ret=1 a=0 u/d=up
            Sun Sep 06 11:40:53 2015 us=89982 MANAGEMENT: >STATE:1441532453,ADD_ROUTES,,,
            Sun Sep 06 11:40:53 2015 us=89982 C:\Windows\system32\route.exe ADD 192.168.168.0 MASK 255.255.255.0 192.168.188.5
            Sun Sep 06 11:40:53 2015 us=89982 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
            Sun Sep 06 11:40:53 2015 us=89982 Route addition via IPAPI succeeded [adaptive]
            Sun Sep 06 11:40:53 2015 us=89982 C:\Windows\system32\route.exe ADD 192.168.169.0 MASK 255.255.255.0 192.168.188.5
            Sun Sep 06 11:40:53 2015 us=89982 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
            Sun Sep 06 11:40:53 2015 us=89982 Route addition via IPAPI succeeded [adaptive]
            Sun Sep 06 11:40:53 2015 us=89982 C:\Windows\system32\route.exe ADD 192.168.178.1 MASK 255.255.255.0 192.168.188.5
            Sun Sep 06 11:40:53 2015 us=105596 Warning: address 192.168.178.1 is not a network address in relation to netmask 255.255.255.0
            Sun Sep 06 11:40:53 2015 us=105596 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=8]
            Sun Sep 06 11:40:53 2015 us=105596 Route addition via IPAPI failed [adaptive]
            Sun Sep 06 11:40:53 2015 us=105596 Route addition fallback to route.exe
            Sun Sep 06 11:40:53 2015 us=105596 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
            Sun Sep 06 11:40:53 2015 us=152471 C:\Windows\system32\route.exe ADD 192.168.188.1 MASK 255.255.255.255 192.168.188.5
            Sun Sep 06 11:40:53 2015 us=152471 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
            Sun Sep 06 11:40:53 2015 us=152471 Route addition via IPAPI succeeded [adaptive]
            Sun Sep 06 11:40:53 2015 us=152471 Initialization Sequence Completed
            Sun Sep 06 11:40:53 2015 us=152471 MANAGEMENT: >STATE:1441532453,CONNECTED,SUCCESS,192.168.188.6,00.000.000.0
            [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]</fqdn>
            
            1 Reply Last reply Reply Quote 0
            • N
              NOYB
              last edited by

              No I did not push any routes.  Pretty plain straight forward setup.

              OpenVPN-1.jpg
              OpenVPN-1.jpg_thumb
              OpenVPN-2.jpg
              OpenVPN-2.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • B
                Bunkai.Satori
                last edited by

                Hi Noyb,

                thank you for your screenshots. Excellent help. Today, I was able to stabilize the connection on my own. To be honest, I do not exactly know where was problem. I have reset pfSense to factory defaults, and configured everything from scratch. After that, the ping reply from pfSense was stable and without timeouts. I was able to get to pfSense and manage it through VPN channel. Despite my settings are slightly different, I tried your ones, and they work in my case as well.

                Now I face an issue how to see LAN devices which are connected to pfSense. Despite I can ping the pfSense appliance, I can not ping any of the devices behind it. Are you able to access your devices that are on your network, please?

                Thank you very much for trying to help me. Bye for now.

                1 Reply Last reply Reply Quote 0
                • N
                  NOYB
                  last edited by

                  Yes.  That's pretty much the purpose of the VPN; to access the LAN.  Have full access to everything 192.168.2.0/24.  Also to the LAN the client is connected to (assuming it's not the same as the remote LAN; 192.168.2.0/24).

                  Be sure the LAN the client is connected to is not the same as the remote LAN.  That's why I use 192.168.2.0/24 instead of the common defaults 192.168.0.0/24 or 192.168.1.0/24 that most private LANs are configured as.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.