Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN "Connected" but not routing..

    Scheduled Pinned Locked Moved OpenVPN
    21 Posts 3 Posters 10.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      profIT
      last edited by

      If that's something from the pfSense GUI or Console, then I will get to you with that soon. Also, I'm assigning the specific user SSL certs + the group certs... It tells me connected, but I stay on my physical local network...

      Thanks for the reply, will get back to you soon with more details...

      1 Reply Last reply Reply Quote 0
      • P
        profIT
        last edited by

        dev tun
        persist-tun
        persist-key
        cipher AES-256-CBC
        ncp-ciphers AES-256-GCM:AES-128-GCM
        auth SHA1
        tls-client
        client
        resolv-retry infinite
        remote xxx.xxx.x.xxx 1194 udp
        verify-x509-name "VPNApp" name
        auth-user-pass
        pkcs12 pfSense-UDP4-1194-ryany.p12
        tls-auth pfSense-UDP4-1194-ryany-tls.key 1
        remote-cert-tls server

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by marvosa

          That looks like the client config, we need the server config.

          Your server1.conf is here:

          /var/etc/openvpn
          

          You can get there via the shell or Diagnostics -> Edit File

          1 Reply Last reply Reply Quote 0
          • P
            profIT
            last edited by

            dev ovpns1
            verb 1
            dev-type tun
            dev-node /dev/tun1
            writepid /var/run/openvpn_server1.pid
            #user nobody
            #group nobody
            script-security 3
            daemon
            keepalive 10 60
            ping-timer-rem
            persist-tun
            persist-key
            proto udp4
            cipher AES-256-CBC
            auth SHA1
            up /usr/local/sbin/ovpn-linkup
            down /usr/local/sbin/ovpn-linkdown
            client-connect /usr/local/sbin/openvpn.attributes.sh
            client-disconnect /usr/local/sbin/openvpn.attributes.sh
            local xxx.xxx.x.xxx
            tls-server
            server 10.0.8.0 255.255.255.0
            client-config-dir /var/etc/openvpn-csc/server1
            username-as-common-name
            auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
            tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'VPNApp' 1"
            lport 1194
            management /var/etc/openvpn/server1.sock unix
            max-clients 32
            push "route 192.168.1.1 255.255.255.0"
            client-to-client
            ca /var/etc/openvpn/server1.ca
            cert /var/etc/openvpn/server1.cert
            key /var/etc/openvpn/server1.key
            dh /etc/dh-parameters.2048
            tls-auth /var/etc/openvpn/server1.tls-auth 0
            ncp-ciphers AES-256-GCM:AES-128-GCM
            persist-remote-ip
            float
            topology subnet

            1 Reply Last reply Reply Quote 0
            • P
              profIT
              last edited by

              Still haven't gotten OpenVPN to work properly.. Don't know whats wrong, I've tried various forms of certs, and still nothing.

              1 Reply Last reply Reply Quote 0
              • P
                profIT
                last edited by

                This is what i still get on the gui, but im not really VPNd in...

                0_1529462383774_openVPNbs.png

                1 Reply Last reply Reply Quote 0
                • House Of CardsH
                  House Of Cards
                  last edited by

                  This post is deleted!
                  P 1 Reply Last reply Reply Quote 0
                  • P
                    profIT @House Of Cards
                    last edited by

                    @wormuths Yes I did. Its most likely a WAN rule
                    issue for you too, as that's the first barrier OpenVPN encounters.

                    0_1531183629392_WAN rule.png

                    Also make sure your rules include TCP/UDP and not just one or the other (unless you want it like that)

                    Something so simple, but some OpenVPN "Experts" couldn't even tell me what was wrong ๐Ÿ˜† ๐Ÿ˜†

                    Let me know how it goes.

                    1 Reply Last reply Reply Quote 0
                    • House Of CardsH
                      House Of Cards
                      last edited by

                      Nope. LOL

                      I created that rule, but same thing. Still shows my real IP. In all the tutorials I followed, once OpenVPN was set up, people couldn't browse until they went in and copied the NAT rules for the OpenVPN interface.

                      I didn't have that problem. I can browse even without creating the NAT outbound rules, but creating them makes no difference either. This is insanely frustrating.

                      P 1 Reply Last reply Reply Quote 0
                      • P
                        profIT @House Of Cards
                        last edited by

                        @wormuths Make sure you OpenVPN setup has this ticked off

                        0_1531185299619_red.png

                        Also are you bridging the connections or is it going to be on a separate subnet like 10.0.8.0?

                        1 Reply Last reply Reply Quote 0
                        • House Of CardsH
                          House Of Cards
                          last edited by

                          Sorry. Where is that setting?

                          This is a relatively new setup, but I have 4 interfaces besides WAN. I just have default pass rules set up for each right now so everything talks internally, and can get online. My goal is to set up specific pass rules after some testing period to ensure everything works first. It's a learning experience, so I'm just not locked down right now in the onset. Allowing all outbound, but nothing coming in except Plex is set up through NAT and works. No other incoming allowed.

                          The only incoming rule for WAN right now is the NAT rule for Plex. I set up the OpenVPN with the hopes of getting that part functioning, and then I'll disable the default "allow all" internal rules and start specifically specifying what can connect to each other.

                          Right now, all works, it just won't pass traffic through the VPN...

                          P 1 Reply Last reply Reply Quote 0
                          • P
                            profIT @House Of Cards
                            last edited by profIT

                            @wormuths VPN/OpenVPN/Servers (There should be only one listed)/Edit
                            Also take a look at the type of Protocol, and keep it consistent on all your rules.
                            Also are you using SSL/TLS?
                            You may need to re-export the client file and try again after changing some settings.

                            1 Reply Last reply Reply Quote 0
                            • House Of CardsH
                              House Of Cards
                              last edited by

                              I don't have a server setup. All the tutorials had me setup a client.

                              P 1 Reply Last reply Reply Quote 0
                              • House Of CardsH
                                House Of Cards
                                last edited by

                                TLS

                                1 Reply Last reply Reply Quote 0
                                • House Of CardsH
                                  House Of Cards
                                  last edited by

                                  Did exactly this... If it helps?

                                  https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    profIT @House Of Cards
                                    last edited by

                                    @wormuths The tutorials are bad. Go to wizard under VPN/OpenVPN and set up a server. And then recreate your clients with user certs AND then the server certs. This is SSL/TLS authentication, its how I have it set up. It may get confusing, but there is not a tutorial about this one.

                                    I'd try to help you remotely, if you're up for it.

                                    1 Reply Last reply Reply Quote 0
                                    • House Of CardsH
                                      House Of Cards
                                      last edited by

                                      Okay. I appreciate the help. I'll run through trying to go the wizard route tomorrow and post back how it works out.

                                      Long workday today, time to crash!!

                                      TTYL, and thanks!

                                      1 Reply Last reply Reply Quote 0
                                      • House Of CardsH
                                        House Of Cards
                                        last edited by

                                        Okay, so I don't know if some setting got "stuck" and corrected when I was clicking around, but it came up and is working now...

                                        Thanks for the help!!

                                        P 1 Reply Last reply Reply Quote 0
                                        • P
                                          profIT @House Of Cards
                                          last edited by

                                          @wormuths np problem! good luck with it

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.