Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Management Daemon Unreachable

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mpreissner
      last edited by

      I'm running pfSense 2.0.3, and have set up an OpenVPN instance listening on TCP port 443 (I've tried various UDP ports as well, to the same effect).  I cannot get my client to connect (Mac or Windows).  The Mac client (Tunnelblick) never shows an entry on the OpenVPN status page, but the Windows client shows the OpenVPN Management Daemon Unreachable error.  I can't seem to find the solution for this, and I've been looking for a few hours.  Here are some more details of my setup…

      Using external CA for certificate generation (a CentOS VM that I use for all my domain certs)
      Authenticating users agains Server 2008R2 Active Directory (works when logging in as admin user on pfSense)
      OpenVPN using TUN mode
      My pfSense machine is sitting on my local network behind my provider's router.  I'm trying to get pfSense built to replace the provider's router once I've finished testing.

      I used the client export package to export the configuration, cert, and tls key.  Can anyone point me in the right direction?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        My pfSense machine is sitting on my local network behind my provider's router.

        Have you setup a port forward on provider's router to forward port 443 to the pfSense WAN IP (which will be an IP on the local network)?
        "my local network" will be a private address space. You will need something (Dynamic DNS name) that points to the  current public IP on provider's router. When you do the client export, you will need to have it use that name. That will get the connect to the provider's router public IP, which then forwards it to your pfSense.
        There also has to be a firewall rule on pfSense WAN  allowing the incoming on port 443.
        If checking the above doesn't get the connection through, post more detailed info of your network and settings.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • M
          mpreissner
          last edited by

          Well, I figured out half of my issue…

          In the OpenVPN configuration, I mistakenly assumed that leaving the "Concurrent connections" field blank would default to unlimited, but once I plugged an arbitrary positive integer in there, VOILA!  My Tunnelblick client on the Mac can now fully establish a connection.

          I still can't get the Windows machine to connect.  I originally installed the client, the imported the configuration from the client export package.  I think I'm going to try and use the Windows Installer export instead and see if that fixes the issue.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.