Pfsense client with open vpn server
-
Hi
i'm a problem to configure pfsense openvpn client with a vps server with openvpnserver
i have buying a VPS with openvpn server above. i'm configured a tab client vpn
i don't know this config is good because in status / openvpn the vpn is Pending
and the log file
Feb 1 11:39:01 openvpn 28472 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Feb 1 11:39:01 openvpn 28472 MANAGEMENT: CMD 'state 1'
Feb 1 11:39:01 openvpn 28472 MANAGEMENT: Client disconnected
Feb 1 11:39:22 openvpn 28472 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 1 11:39:22 openvpn 28472 Re-using SSL/TLS context
Feb 1 11:39:22 openvpn 28472 LZO compression initializing
Feb 1 11:39:22 openvpn 28472 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Feb 1 11:39:22 openvpn 28472 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Feb 1 11:39:22 openvpn 28472 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA256,keysize 128,key-method 2,tls-client'
Feb 1 11:39:22 openvpn 28472 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA256,keysize 128,key-method 2,tls-server'
Feb 1 11:39:22 openvpn 28472 TCP/UDP: Preserving recently used remote address: [AF_INET]52.77.231.86:1194
Feb 1 11:39:22 openvpn 28472 Socket Buffers: R=[42080->42080] S=[57344->57344]
Feb 1 11:39:22 openvpn 28472 UDPv4 link local (bound): [AF_INET]192.168.2.5:0
Feb 1 11:39:22 openvpn 28472 UDPv4 link remote: [AF_INET]52.77.231.86:1194i have create an interface openvpn
and nat outband
please help me to configure correctly the vpn
thank you very much
Best regards
F8DHB
-
@f8dhb
Hey
Need to see server settings
I hope that links will help you configure everything correctlyWhat I see ,
Peer certificate authority - Openvpn OVH-CA
Client certificate - webConfigurator default !!!!https://support.nordvpn.com/Connectivity/Router/1089079142/pfSense-2-4-4-setup-with-NordVPN.htm
https://www.netgate.com/docs/pfsense/vpn/openvpn/configuring-a-site-to-site-pki-ssl-openvpn-instance.html -
@konstanti said in Pfsense client with open vpn server:
@f8dhb
Hey
Need to see server settings
I hope that links will help you configure everything correctlyWhat I see ,
Peer certificate authority - Openvpn OVH-CA
Client certificate - webConfigurator default !!!!https://support.nordvpn.com/Connectivity/Router/1089079142/pfSense-2-4-4-setup-with-NordVPN.htm
https://www.netgate.com/docs/pfsense/vpn/openvpn/configuring-a-site-to-site-pki-ssl-openvpn-instance.htmlClient certificate - **webConfigurator default !!!!< can be set to none, see:-https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html
https://www.slideshare.net/NetgateUSA/openvpn-as-a-wan-pfsense-hangout-october-2016
-
@nogbadthebad said in Pfsense client with open vpn server:
Says that too in the page you linked, it soes work.
I gave a link to the NORDVPN as an example
Just this instruction is very helpful when setting up an OPENVPN client
https://docs.ovh.com/fr/vps/openvpn/ -
Hi Konstanti
the vpn not connect. i followed the tuto but not connect the event log is identical error message i don't know.
best regards
f8dhb
-
Check out and follow https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html
-Rico
-
Hey
Show the client settings (file client.ovpn)
Certificates only need to be deleted
For example, it might look like this
dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM:AES-256-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote XXX.XXX.XXX.XXX 1194 udp
verify-x509-name "aaaa.bbbb.local" name
remote-cert-tls server
compress
mssfix 1360<ca>
-----BEGIN CERTIFICATE----------END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE----------END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1----------END OpenVPN Static key V1-----
</tls-crypt>
