Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] OpenVPN Issues with SlickVPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrLinux
      last edited by MrLinux

      Hi All,

      This is more of a PSA since I've been struggling to get OpenVPN working with SlickVPN (my VPN provider) for the last few days.

      The general tutorials out there are still valid, although they use an older version of pfSense (<2.4.4). For SlickVPN, the critical part is to make sure compression is setup right.

      Tunnel Settings > Compression: Omit Preference (Use OpenVPN Default).
      I was using "No LZO Compression" before, which was wrong.

      Other settings I have that differ from the PIA config settings:

      1. Custom Options
        keepalive 10 120;
        remote-cert-tls server;
        redirect-gateway;
        link-mtu 1557;

      2. Cryptographic Settings
        Encryption Algorithm: AES-256-CBC
        NCP Algorithms: AES-256-CBC

      3. CA Cert
        https://www.slickvpn.com/tutorials/using-openvpn-with-ubuntu-mint-network-manager/

      Once the connection is established, you shouldn't see anything after Sep 17 02:02:03 pfSense openvpn[63732]: Initialization Sequence Completed in the OpenVPN logs.

      During my troubleshooting, I was getting various errors like these after "Initialization Sequence Completed"

      • Bad LZO decompression header byte: 42
      • event_wait : Interrupted system call (code=4)
      • MANAGEMENT: Client disconnected
      • TCP/UDP: Closing socket
      • TLS Error: TLS handshake failed
      • Authenticate/Decrypt packet error: packet HMAC authentication failed
      1 Reply Last reply Reply Quote 0
      • J
        JonesTech
        last edited by

        Sorry to resurrect this thread, but can you share the actual config page for this? I keep getting TLS handshake failed, no matter what I do. Any help is greatly appreciated!

        1 Reply Last reply Reply Quote 0
        • A
          alvarow
          last edited by

          I'm on 2.5 (upgraded from working 2.4.5p1) I imported both their CA the client certificate and set

          Data Encryption Algorithms to:
          Encryption Algorithm: AES-256-CBC
          NCP Algorithms: AES-256-CBC

          The Fallback Data Encryption Algorithm to:

          AES-256-CBC

          Auth digest algorithm to:

          SHA1 (160-bit)

          Allow compression:

          Decompress incoming, do not compress outgoing (Asymmetric)

          Compression:

          Disable Compression [Omit Preference]

          Topology:

          net30 - Isolated /30 network per client

          Ping settings set to:

          Inactive:
          0

          Ping method:
          keepalive

          Interval:
          15

          Timeout:
          120

          Custom options:
          remote-cert-tls server;

          I do have my default gateway set to my ISP, and I and set rules for the packets I want routed via the tunnel. I also tag the packets and added a floating rule looking for those tagged packets in case the tunnel is down,and drop them, since vpn traffic I want out the tunnel only and never routed via default gateway.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.