Vpn gets Up on server, but Donw on Client
-
Good Morning.
Scenario:
Headquarters of the company where I have pfsense 2.2.6. I configured, in Vpn \ OpenVpn \ Server, the vpn server.
I configured a Peer to Peer (Shared Key) vpn, on port 1196 (1194 is busy),protocol: UDP, Encryption algorithm: aes-256-cbc (256 bit), tunnel network: 10.12.0.0/24, remote network: 192.168.0.0/ 24 (lan from where the client is).An Alias has been created pointing to the client WAN ip.
Rule was created, allowing data traffic coming from Alias on port 1196.Client
Pfsense Version 2.4.4.I configured, in Vpn \ OpenVpn \ Client, the Client. I don't have all the data here right now, but I think I did everything the right way. Peer to Peer (Shared Key), protocol: UDP, interface: WAN, Server Port: 1196, Encryption algorithm: aes-256-cbc (256 bit), tunnel network: 10.12.0.0/24, IPv4 Remote Network / s: I put the server WAN ip.
Shared Key: Key generated on the server.
Error :
On the server, vpn status is UP, but on Client VPN status is Donw.
I don't understand what may be happening. -
2.2.6 is very old and unsupported.
Upgrade to the latest version first.-Rico
-
2015-12-21
That is when 2.2.6 came out - JFC people... How can anyone think that is ok to not update their firewall? I can see being a bit behind, corp change control etc. etc. But 4 years??
Prob good opportunity to also change out the hardware, since have to assume its 4+ years old as well?
What version of openvpn could that be? 2.3.7, maybe .8?
-
Ok. I'll update. I took over the IT department recently and didn't upgrade.
-
Good afternoon.
Checking the log, I noticed that there was the error "Bad Compression Stub Unpacking Header Byte (69)".In the vpn settings, in the Comopression field, I selected the "Omit Preference (use Open Vpn Default)" option.
The error is no longer happening, it is already possible to access some servers at corporate headquarters, but I cannot communicate with the AD server. I also can't communicate with clients (users' computers) at headquarters.
-
Alias:
-
Rule:
-
Doesn't look updated to me...
-
Not really updated yet.
At the moment I can not upgrade, as it would impact the work of users. I can do it only on the weekend. -
I'd suggest you to grab a spare box and perform the update there / restore your config to make sure everything is going smooth.
Risky to upgrade from a very old version with just one box if you run critical stuff there.-Rico