Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Struggling to get OpenVPN working

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhjdhj
      last edited by

      @Derelict

      Below are the logs –- 192.168.1.3 is the WAN address of the SG-2440 (it is connected to a subnet of a Verizon FIOS router). That address is configured as the DMZ for the FIOS router so all connections from the outside world are passed directly to the SG-2440. Yes, I'm using a cellular phone as a hotspot specially to ensure that connections are coming from the outside.

      @W4RH34D
      I only got this router a few days ago, so it's a brand new system for me. According to the dashboard it is running 2.2.6

      Jan 18 13:37:33 pfSense openvpn[76611]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
      Jan 18 13:37:33 pfSense openvpn[76611]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
      Jan 18 13:37:33 pfSense openvpn[76915]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 18 13:37:33 pfSense openvpn[76915]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
      Jan 18 13:37:33 pfSense openvpn[76915]: TUN/TAP device ovpns1 exists previously, keep at program end
      Jan 18 13:37:33 pfSense openvpn[76915]: TUN/TAP device /dev/tun1 opened
      Jan 18 13:37:33 pfSense openvpn[76915]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
      Jan 18 13:37:33 pfSense openvpn[76915]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Jan 18 13:37:33 pfSense openvpn[76915]: /sbin/ifconfig ovpns1 192.168.18.1 192.168.18.2 mtu 1500 netmask 255.255.255.255 up
      Jan 18 13:37:33 pfSense openvpn[76915]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1557 192.168.18.1 192.168.18.2 init
      Jan 18 13:37:33 pfSense openvpn[76915]: UDPv4 link local (bound): [AF_INET]192.168.1.3:1194
      Jan 18 13:37:33 pfSense openvpn[76915]: UDPv4 link remote: [undef]
      Jan 18 13:37:33 pfSense openvpn[76915]: Initialization Sequence Completed
      Jan 18 15:17:27 pfSense openvpn[76915]: event_wait : Interrupted system call (code=4)
      Jan 18 15:17:27 pfSense openvpn[76915]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1557 192.168.18.1 192.168.18.2 init
      Jan 18 15:17:27 pfSense openvpn[76915]: SIGTERM[hard,] received, process exiting
      Jan 18 15:20:19 pfSense openvpn[94758]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
      Jan 18 15:20:19 pfSense openvpn[94758]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
      Jan 18 15:20:19 pfSense openvpn[94864]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 18 15:20:19 pfSense openvpn[94864]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
      Jan 18 15:20:19 pfSense openvpn[94864]: TUN/TAP device ovpns1 exists previously, keep at program end
      Jan 18 15:20:19 pfSense openvpn[94864]: TUN/TAP device /dev/tun1 opened
      Jan 18 15:20:19 pfSense openvpn[94864]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
      Jan 18 15:20:19 pfSense openvpn[94864]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Jan 18 15:20:19 pfSense openvpn[94864]: /sbin/ifconfig ovpns1 10.0.9.1 10.0.9.2 mtu 1500 netmask 255.255.255.255 up
      Jan 18 15:20:19 pfSense openvpn[94864]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1558 10.0.9.1 10.0.9.2 init
      Jan 18 15:20:19 pfSense openvpn[94864]: UDPv4 link local (bound): [AF_INET]192.168.1.3:1194
      Jan 18 15:20:19 pfSense openvpn[94864]: UDPv4 link remote: [undef]
      Jan 18 15:20:19 pfSense openvpn[94864]: Initialization Sequence Completed

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        I don't think that shows a connection attempt.

        You exported the config for viscosity using the client export package right?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          I don't see anything connecting either

          ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)

          Looks to be a problem..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • D
            dhjdhj
            last edited by

            Yes, I installed the client export package, created the ovpn files and installed them into OpenVPN client on my Mac and on an iPhone

            I don't believe that Verizon FIOS blocks port 1194. So that's why I don't understand why I'm not seeing anything

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              your not seeing anything because its never trying to connect because it says

              Device busy: Device busy (errno=16)

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • D
                dhjdhj
                last edited by

                So then the questions is why? I have Viscosity on a Mac, and the Mac is connected to a hotspot that is outside my LAN (I've checked that with such tools as whatismyip.com, etc)

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  dude your openvpn interface is most likely hung.. disable and then enable the interface or reboot ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhjdhj
                    last edited by

                    It's not down –- already tried restarting.

                    Here are the logs from the remote Viscosity client. The last line of that log is the correct IP address of the WAN interface on my firewall so it would seem to have managed to connect through the Verizon router with no problem.
                    It just doesn't go any further.

                    Jan 19 10:31:16: Viscosity Mac 1.5.11 (1314)
                    Jan 19 10:31:16: Viscosity OpenVPN Engine Started
                    Jan 19 10:31:16: Running on Mac OS X 10.11.4
                    Jan 19 10:31:16: ---------
                    Jan 19 10:31:16: Checking reachability status of connection...
                    Jan 19 10:31:16: Connection is reachable. Starting connection attempt.
                    Jan 19 10:31:16: OpenVPN 2.3.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 23 2015
                    Jan 19 10:31:16: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
                    Jan 19 10:31:23: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.NGQTco/ta.key' as a OpenVPN static key file
                    Jan 19 10:31:23: UDPv4 link local (bound): [undef]
                    Jan 19 10:31:23: UDPv4 link remote: [AF_INET]192.168.1.3:1194

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      Where is your initial packet?  So for example I just connected..

                      Tue Jan 19 09:41:23 2016 TCPv4_CLIENT link local (bound): [undef]
                      Tue Jan 19 09:41:23 2016 TCPv4_CLIENT link remote: [AF_INET]10.56.226.130:8080
                      Tue Jan 19 09:41:23 2016 MANAGEMENT: >STATE:1453218083,WAIT,,,
                      Tue Jan 19 09:41:23 2016 MANAGEMENT: >STATE:1453218083,AUTH,,,
                      Tue Jan 19 09:41:23 2016 TLS: Initial packet from [AF_INET]10.56.226.130:8080, sid=bd72773b 9ed9bb88

                      I bounce off a proxy here, which is why you see the rfc1918 address and port 8080..  But you should see something sim, do you see the packet leave your machine??  If so then its not getting to your pfsense server..  What is the next few lines in the log say?

                      What is your logging level?  Bump it up to say 4 or so..  In your config its the verb statement on the client.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • D
                        dhjdhj
                        last edited by

                        That's the thing –- the connection seems to be hanging at that point, there are no new lines in the Viscosity log after

                        Jan 19 10:31:23: UDPv4 link remote: [AF_INET]192.168.1.3:1194

                        By the way, I really appreciate the help and feedback from you guys.

                        D

                        1 Reply Last reply Reply Quote 0
                        • D
                          dhjdhj
                          last edited by

                          I figured everything out –- the problem was with the OVPN export part. I needed to change the hostname resolution part because it was defaulting to the WAN IP address but because there is a Verizon Router in front of my pfSense box, that WAN IP address is still an internal subnet address. After I changed the host name resolution to use a name, everything worked fine.

                          Hope this helps anyone else who runs a pfSense behind a Verizon router

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.