[SOLVED] new pf version and lost openvpn connection
-
Hi all, need insight or help regarding my issue here
Yesterday I fresh install pfsense 2.4.4-p3 64bit on the same hardware (under esxi 6.0) from previous pfsense 2.3.4-p1 32bit
reason for that: want to try telegraf package
the new pf works fine, just not the openvpn connection to other site (server client connection). Was working good with 2.3.4, but not connected with new 2.4.4
the other site using pf 2.3.4-p1 32bit as a server for the connection
already match all the setting and parameters from previous 2.3.4 but still not connected.
server setting at pf 2.3.4
peer to peer (shared key)
protocol UDP
device mode TUN
interface WAN
local port 1198
shared key (already copy paste between server and client)
encryption algo: AES-256-CBC (256 / 128)
auth digest algo: SHA1 (160bit)
no hardware crypto
ipv4 tunnel network: 10.0.8.0/30
ipv4 remote network: 192.168.5.0/24client setting at pf 2.4.4
same parameters as above
already input server ip address
untick Enable NCP
same ipv4 tunnel network
ipv4 remote network: 192.168.4.0/24
gateway creation: ipv4 onlyfirewall-NAT-outbound = use automatic outbound NAT
status from server: down or reconnecting;ping-restart
status from client: reconnectin; ping-restart with local address and remote host have (pending) below themare there any issues with 2.4.4 with 2.3.4? 32bit with 64bit?
cheers,
mike -
it's possible but you are not providing enought information, you should post screenshot of your configuration to see if it's realy like you say and we need the complete log from openvpn, increase verbosity if needed
i would upgrade the other site too, 2.3.4 is very old and unsupported now -
Come back when both sides are currently supported versions ;) Zero motivation to help someone that can not be bothered to even keep their firewall current.
are there any issues with 2.4.4 with 2.3.4? 32bit with 64bit?
Lets say are just for discussion purposes... The fix for that would be to updated the outdated version to current.. So come back when that has happened and your still having issues.
-
Hi kiokoman and johnpoz,
I plan to upgrade the other site version, but needed time to schedule a visit to the place. So for time being, i'm stuck with 2.3.4 at the other site. So my options are to drop telegraf curiosity and use previous 2.3.4 to connect, or solved this if possible.
*sorry for the long screenshot
this is screenshot for the client (2.4.4):
this is for server side (2.3.4):
this is log for client side:
this is for server side:
-
try to change "Compression" try to set it on, both device, instead of "No Preference" or try to set it off on both device
idk what you have available on 2.3.4, anyway they must match -
It works!! Thanks for yours eagle eye Kiokoman!!
I missed the compression, I just missed it completely
It's very different options in 2.4.4 compared to 2.3.x or 2.2.x
I take it for granted that it would not changeI tried diff compression options, and the one that works best for me is:
at 2.4.4 use LZO Compression [Legacy style, comp-lzo yes]
at 2.3.4 use Enable without Adaptive Compressionthank you again
-
@kiokoman hello brother i am using a open vpn client (expressvpn) in my case the vpn tunnel is up and then restarts every 30 secs i see in logs that the firewall is giving the following error , please please help
/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.23.0.30 -> 10.107.0.10 - Restarting packages. -
open a new 3d, we need more information like what modem / connection /network you have
-
This post is deleted! -
-
@kiokoman i have set the certificates etc as per the instructions of vpn provider the the tunnel is up for a brief moment then disconnects...
-
@akkiz said in [SOLVED] new pf version and lost openvpn connection:
@kiokoman i have set the certificates etc as per the instructions of vpn provider the the tunnel is up for a brief moment then disconnects...
you do NOT have the same problem as the OP. So please don't just jump on any thread because it's OpenVPN and post your problem but open a new one, describe your problem as much as possible and we'll see if we can help you. Also with a custom option box as full as that I'd just delete the thing and start over manually instead of some shady docs from VPN services.
-
@JeGr ok noted