Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN to LAN access issue

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nikkon
      last edited by

      Hi all,
      have an issue accessing from vpn -> lan network using an application.the app works on port 80.

      • lan netwrok : 192.168.100.0/24
      • device i want to connect to is wired and can be accessed from lan
      • openvpn netw: 10.20.30.0/24
        firewall rulles attached and vpn settings too.
        does the controller application be limited in terms of discoverying the device if it gets ip's from a different netwrok? will it only scan 10.20.30.0/24 netwrok? can i force it to look on 192.168.100.0/24 netw?

      Thank you.
      111.png
      111.png_thumb
      222.png
      222.png_thumb

      pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

      Happy PfSense user :)

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Post your server1.conf and give us a network map.

        After that, I would do a few things:

        • Disable the software firewall on your endpoint devices until basic ip communication is established

        • Verify the endpoint devices are using PFsense as the default gateway

        • Modify your openvpn firewall rule to reflect any/any instead of limiting it to tcp/udp

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          And define discoverying the device.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • N
            nikkon
            last edited by

            @Derelict:

            And define discoverying the device.

            the end point device (phone/tablet) using the application controller is not able to discover the device in the network.(works if both are in LAN, if the client controller is on vpn and the controlled device in LAN it does not)

            pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

            Happy PfSense user :)

            1 Reply Last reply Reply Quote 0
            • N
              nikkon
              last edited by

              @marvosa:

              Post your server1.conf and give us a network map.

              After that, I would do a few things:

              • Disable the software firewall on your endpoint devices until basic ip communication is established

              • Verify the endpoint devices are using PFsense as the default gateway

              • Modify your openvpn firewall rule to reflect any/any instead of limiting it to tcp/udp

              1 & 2 are both checked.need to redo the rule for point 3 and update.
              :)

              pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

              Happy PfSense user :)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Yeah, device discovery usually uses broadcasts/multicasts and doesn't cross router interfaces.

                I verified a couple days ago that the Avahi package does indeed forward these requests between router interfaces including OpenVPN assigned interfaces. Not really a surprise since that's what the package is for but I was unsure it would work across OpenVPN.

                Note that this only holds true for site-to-site VPN. Remote access might or might not work depending on the client. I know it does NOT work on Viscosity for Mac clients.

                That might or might not work in your case depending on the discovery method the app is using.

                Anything relying on this sort of discovery is kind of broken to start with - or designed for the home and nothing else.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • N
                  nikkon
                  last edited by

                  will try this later tonigh and update asap with the findings.
                  thx alot

                  pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

                  Happy PfSense user :)

                  1 Reply Last reply Reply Quote 0
                  • N
                    nikkon
                    last edited by

                    avahi has been installed, firewall rule for openvpn was modified from tcp/udp to any.
                    still the same behaviour.

                    pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

                    Happy PfSense user :)

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      You have to run avahi on both routers. It needs to be forwarded from LAN to OpenVPN on both sides if site-to-site.

                      And, like I said, it probably (almost certainly) won't work with remote access clients.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • N
                        nikkon
                        last edited by

                        this is strange cz the same setup i used on 2.2.x version and it worked.
                        it may be the product application or for some reason pfsense 2.3

                        pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

                        Happy PfSense user :)

                        1 Reply Last reply Reply Quote 0
                        • N
                          nikkon
                          last edited by

                          reconfigured all from scratch. this is what i have on the server side:
                          looks pretty normal :

                          Jul 21 22:32:30 openvpn 70989 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
                          Jul 21 22:32:30 openvpn 70989 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
                          Jul 21 22:32:30 openvpn 71245 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
                          Jul 21 22:32:30 openvpn 71245 Initializing OpenSSL support for engine 'rdrand'
                          Jul 21 22:32:30 openvpn 71245 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
                          Jul 21 22:32:30 openvpn 71245 TUN/TAP device ovpns1 exists previously, keep at program end
                          Jul 21 22:32:30 openvpn 71245 TUN/TAP device /dev/tun1 opened
                          Jul 21 22:32:30 openvpn 71245 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
                          Jul 21 22:32:30 openvpn 71245 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
                          Jul 21 22:32:30 openvpn 71245 /usr/local/sbin/ovpn-linkup ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
                          Jul 21 22:32:30 openvpn 71245 Listening for incoming TCP connection on [AF_INET]188.25.246.65:1194
                          Jul 21 22:32:30 openvpn 71245 TCPv4_SERVER link local (bound): [AF_INET]188.25.246.65:1194
                          Jul 21 22:32:30 openvpn 71245 TCPv4_SERVER link remote: [undef]
                          Jul 21 22:32:30 openvpn 71245 Initialization Sequence Completed
                          Jul 21 22:33:52 openvpn 71245 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
                          Jul 21 22:33:52 openvpn 71245 SIGTERM[hard,] received, process exiting
                          Jul 21 22:33:52 openvpn 57008 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
                          Jul 21 22:33:52 openvpn 57008 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
                          Jul 21 22:33:52 openvpn 57219 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
                          Jul 21 22:33:52 openvpn 57219 Initializing OpenSSL support for engine 'rdrand'
                          Jul 21 22:33:52 openvpn 57219 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
                          Jul 21 22:33:52 openvpn 57219 TUN/TAP device ovpns1 exists previously, keep at program end
                          Jul 21 22:33:52 openvpn 57219 TUN/TAP device /dev/tun1 opened
                          Jul 21 22:33:52 openvpn 57219 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
                          Jul 21 22:33:52 openvpn 57219 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
                          Jul 21 22:33:52 openvpn 57219 /usr/local/sbin/ovpn-linkup ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
                          Jul 21 22:33:52 openvpn 57219 Listening for incoming TCP connection on [AF_INET]188.25.246.65:1194
                          Jul 21 22:33:52 openvpn 57219 TCPv4_SERVER link local (bound): [AF_INET]188.25.246.65:1194
                          Jul 21 22:33:52 openvpn 57219 TCPv4_SERVER link remote: [undef]
                          Jul 21 22:33:52 openvpn 57219 Initialization Sequence Completed
                          Jul 21 22:34:58 openvpn 57219 TCP connection established with [AF_INET]109.166.139.66:60240

                          And on the client side…well here looks verry odd:

                          2016-07-25 21:30:36 official build 0.6.57 running on Sony E6653 (msm8994), Android 6.0.1 (32.2.A.0.253) API 23, ABI arm64-v8a, (Sony/E6653/E6653:6.0.1/32.2.A.0.253/2701308494:user/release-keys)
                          2016-07-25 21:30:49 Building configuration…
                          2016-07-25 21:30:49 started Socket Thread
                          2016-07-25 21:30:49 Current Parameter Settings:
                          2016-07-25 21:30:49  config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
                          2016-07-25 21:30:49  mode = 0
                          2016-07-25 21:30:49  show_ciphers = DISABLED
                          2016-07-25 21:30:49  show_digests = DISABLED
                          2016-07-25 21:30:49  show_engines = DISABLED
                          2016-07-25 21:30:49  genkey = DISABLED
                          2016-07-25 21:30:49  key_pass_file = '[UNDEF]'
                          2016-07-25 21:30:49  show_tls_ciphers = DISABLED
                          2016-07-25 21:30:49  connect_retry_max = 0
                          2016-07-25 21:30:49 Connection profiles [0]:
                          2016-07-25 21:30:49  proto = tcp-client
                          2016-07-25 21:30:49  local = '[UNDEF]'
                          2016-07-25 21:30:49  local_port = '0'
                          2016-07-25 21:30:49  remote = 'nikkon.go.ro'
                          2016-07-25 21:30:49  remote_port = '1194'
                          2016-07-25 21:30:49  remote_float = DISABLED
                          2016-07-25 21:30:49  bind_defined = DISABLED
                          2016-07-25 21:30:49  bind_local = ENABLED
                          2016-07-25 21:30:49  bind_ipv6_only = DISABLED
                          2016-07-25 21:30:49  connect_retry_seconds = 2
                          2016-07-25 21:30:49  connect_timeout = 120
                          2016-07-25 21:30:49  socks_proxy_server = '[UNDEF]'
                          2016-07-25 21:30:49  socks_proxy_port = '[UNDEF]'
                          2016-07-25 21:30:49  tun_mtu = 1500
                          2016-07-25 21:30:49  tun_mtu_defined = ENABLED
                          2016-07-25 21:30:49  link_mtu = 1500
                          2016-07-25 21:30:49  link_mtu_defined = DISABLED
                          2016-07-25 21:30:49  tun_mtu_extra = 0
                          2016-07-25 21:30:49  tun_mtu_extra_defined = DISABLED
                          2016-07-25 21:30:49  mtu_discover_type = -1
                          2016-07-25 21:30:49  fragment = 0
                          2016-07-25 21:30:49  mssfix = 1450
                          2016-07-25 21:30:49  explicit_exit_notification = 0
                          2016-07-25 21:30:49 Connection profiles END
                          2016-07-25 21:30:49  remote_random = DISABLED
                          2016-07-25 21:30:49  ipchange = '[UNDEF]'
                          2016-07-25 21:30:49  dev = 'tun'
                          2016-07-25 21:30:49  dev_type = '[UNDEF]'
                          2016-07-25 21:30:49  dev_node = '[UNDEF]'
                          2016-07-25 21:30:49  lladdr = '[UNDEF]'
                          2016-07-25 21:30:49  topology = 1
                          2016-07-25 21:30:49  tun_ipv6 = DISABLED
                          2016-07-25 21:30:49  ifconfig_local = '[UNDEF]'
                          2016-07-25 21:30:49  ifconfig_remote_netmask = '[UNDEF]'
                          2016-07-25 21:30:49  ifconfig_noexec = DISABLED
                          2016-07-25 21:30:49  ifconfig_nowarn = ENABLED
                          2016-07-25 21:30:49  ifconfig_ipv6_local = '[UNDEF]'
                          2016-07-25 21:30:49  ifconfig_ipv6_netbits = 0
                          2016-07-25 21:30:49  ifconfig_ipv6_remote = '[UNDEF]'
                          2016-07-25 21:30:49  shaper = 0
                          2016-07-25 21:30:49  mtu_test = 0
                          2016-07-25 21:30:49  mlock = DISABLED
                          2016-07-25 21:30:49  keepalive_ping = 0
                          2016-07-25 21:30:49  keepalive_timeout = 0
                          2016-07-25 21:30:49  inactivity_timeout = 0
                          2016-07-25 21:30:49  ping_send_timeout = 0
                          2016-07-25 21:30:49  ping_rec_timeout = 0
                          2016-07-25 21:30:49  ping_rec_timeout_action = 0
                          2016-07-25 21:30:49  ping_timer_remote = DISABLED
                          2016-07-25 21:30:49  remap_sigusr1 = 0
                          2016-07-25 21:30:49  persist_tun = ENABLED
                          2016-07-25 21:30:49  persist_local_ip = DISABLED
                          2016-07-25 21:30:49  persist_remote_ip = DISABLED
                          2016-07-25 21:30:49  persist_key = DISABLED
                          2016-07-25 21:30:49  passtos = DISABLED
                          2016-07-25 21:30:49  resolve_retry_seconds = 60
                          2016-07-25 21:30:49 Network Status: CONNECTED HSPA to MOBILE net
                          2016-07-25 21:30:49  resolve_in_advance = ENABLED
                          2016-07-25 21:30:49  username = '[UNDEF]'
                          2016-07-25 21:30:49  groupname = '[UNDEF]'
                          2016-07-25 21:30:49  chroot_dir = '[UNDEF]'
                          2016-07-25 21:30:49  cd_dir = '[UNDEF]'
                          2016-07-25 21:30:49  writepid = '[UNDEF]'
                          2016-07-25 21:30:49  up_script = '[UNDEF]'
                          2016-07-25 21:30:49  down_script = '[UNDEF]'
                          2016-07-25 21:30:49  down_pre = DISABLED
                          2016-07-25 21:30:49  up_restart = DISABLED
                          2016-07-25 21:30:49  up_delay = DISABLED
                          2016-07-25 21:30:49  daemon = DISABLED
                          2016-07-25 21:30:49  inetd = 0
                          2016-07-25 21:30:49  log = DISABLED
                          2016-07-25 21:30:49  suppress_timestamps = DISABLED
                          2016-07-25 21:30:49  machine_readable_output = ENABLED
                          2016-07-25 21:30:49  nice = 0
                          2016-07-25 21:30:49  verbosity = 4
                          2016-07-25 21:30:49  mute = 0
                          2016-07-25 21:30:49  gremlin = 0
                          2016-07-25 21:30:49  status_file = '[UNDEF]'
                          2016-07-25 21:30:49  status_file_version = 1
                          2016-07-25 21:30:49  status_file_update_freq = 60
                          2016-07-25 21:30:49  occ = ENABLED
                          2016-07-25 21:30:49  rcvbuf = 0
                          2016-07-25 21:30:49  sndbuf = 0
                          2016-07-25 21:30:49  sockflags = 0
                          2016-07-25 21:30:49  fast_io = DISABLED
                          2016-07-25 21:30:49  comp.alg = 2
                          2016-07-25 21:30:49  comp.flags = 1
                          2016-07-25 21:30:49  route_script = '[UNDEF]'
                          2016-07-25 21:30:49  route_default_gateway = '[UNDEF]'
                          2016-07-25 21:30:49  route_default_metric = 0
                          2016-07-25 21:30:49  route_noexec = DISABLED
                          2016-07-25 21:30:49  route_delay = 0
                          2016-07-25 21:30:49  route_delay_window = 30
                          2016-07-25 21:30:49  route_delay_defined = DISABLED
                          2016-07-25 21:30:49  route_nopull = DISABLED
                          2016-07-25 21:30:49  route_gateway_via_dhcp = DISABLED
                          2016-07-25 21:30:49  allow_pull_fqdn = DISABLED
                          2016-07-25 21:30:49  management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
                          2016-07-25 21:30:49  management_port = 'unix'
                          2016-07-25 21:30:49  management_user_pass = '[UNDEF]'
                          2016-07-25 21:30:49  management_log_history_cache = 250
                          2016-07-25 21:30:49  management_echo_buffer_size = 100
                          2016-07-25 21:30:49  management_write_peer_info_file = '[UNDEF]'
                          2016-07-25 21:30:49  management_client_user = '[UNDEF]'
                          2016-07-25 21:30:49  management_client_group = '[UNDEF]'
                          2016-07-25 21:30:49  management_flags = 4390
                          2016-07-25 21:30:49  shared_secret_file = '[UNDEF]'
                          2016-07-25 21:30:49  key_direction = 2
                          2016-07-25 21:30:49  ciphername_defined = ENABLED
                          2016-07-25 21:30:49  ciphername = 'AES-256-CBC'
                          2016-07-25 21:30:49  authname_defined = ENABLED
                          2016-07-25 21:30:49  authname = 'SHA1'
                          2016-07-25 21:30:49  prng_hash = 'SHA1'
                          2016-07-25 21:30:49  prng_nonce_secret_len = 16
                          2016-07-25 21:30:49  keysize = 0
                          2016-07-25 21:30:49  engine = DISABLED
                          2016-07-25 21:30:49  replay = ENABLED
                          2016-07-25 21:30:49  mute_replay_warnings = DISABLED
                          2016-07-25 21:30:49  replay_window = 64
                          2016-07-25 21:30:49  replay_time = 15
                          2016-07-25 21:30:49  packet_id_file = '[UNDEF]'
                          2016-07-25 21:30:49  use_iv = ENABLED
                          2016-07-25 21:30:49  test_crypto = DISABLED
                          2016-07-25 21:30:49  tls_server = DISABLED
                          2016-07-25 21:30:49  tls_client = ENABLED
                          2016-07-25 21:30:49  key_method = 2
                          2016-07-25 21:30:49  ca_file = '[[INLINE]]'
                          2016-07-25 21:30:49  ca_path = '[UNDEF]'
                          2016-07-25 21:30:49  dh_file = '[UNDEF]'
                          2016-07-25 21:30:49  cert_file = '[[INLINE]]'
                          2016-07-25 21:30:49  extra_certs_file = '[UNDEF]'
                          2016-07-25 21:30:49  priv_key_file = '[[INLINE]]'
                          2016-07-25 21:30:49  pkcs12_file = '[UNDEF]'
                          2016-07-25 21:30:49  cipher_list = '[UNDEF]'
                          2016-07-25 21:30:49  tls_verify = '[UNDEF]'
                          2016-07-25 21:30:49  tls_export_cert = '[UNDEF]'
                          2016-07-25 21:30:49  verify_x509_type = 2
                          2016-07-25 21:30:49  verify_x509_name = 'nikkon.go.ro'
                          2016-07-25 21:30:49  crl_file = '[UNDEF]'
                          2016-07-25 21:30:49  ns_cert_type = 1
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_ku _= 0
                          2016-07-25 21:30:49  remote_cert_eku = '[UNDEF]'
                          2016-07-25 21:30:49  ssl_flags = 0
                          2016-07-25 21:30:49  tls_timeout = 2
                          2016-07-25 21:30:49  renegotiate_bytes = 0
                          2016-07-25 21:30:49  renegotiate_packets = 0
                          2016-07-25 21:30:49  renegotiate_seconds = 3600
                          2016-07-25 21:30:49  handshake_window = 60
                          2016-07-25 21:30:49  transition_window = 3600
                          2016-07-25 21:30:49  single_session = DISABLED
                          2016-07-25 21:30:49  push_peer_info = DISABLED
                          2016-07-25 21:30:49  tls_exit = DISABLED
                          2016-07-25 21:30:49  tls_auth_file = '[[INLINE]]'
                          2016-07-25 21:30:49  client = ENABLED
                          2016-07-25 21:30:49  pull = ENABLED
                          2016-07-25 21:30:49  auth_user_pass_file = 'stdin'
                          2016-07-25 21:30:49 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-b89b098fc66488b9] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jul  6 2016
                          2016-07-25 21:30:49 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
                          2016-07-25 21:30:49 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
                          2016-07-25 21:30:49 MANAGEMENT: CMD 'hold release'
                          2016-07-25 21:30:49 MANAGEMENT: CMD 'bytecount 2'
                          2016-07-25 21:30:49 MANAGEMENT: CMD 'state on'
                          2016-07-25 21:30:49 MANAGEMENT: CMD 'username 'Auth' mihai'
                          2016-07-25 21:30:49 MANAGEMENT: CMD 'password […]'
                          2016-07-25 21:30:49 MANAGEMENT: >STATE:1469471449,RESOLVE,,,,,,
                          2016-07-25 21:30:50 MANAGEMENT: CMD 'proxy NONE'
                          2016-07-25 21:30:51 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
                          2016-07-25 21:30:51 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
                          2016-07-25 21:30:51 LZO compression initializing
                          2016-07-25 21:30:51 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
                          2016-07-25 21:30:51 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
                          2016-07-25 21:30:51 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
                          2016-07-25 21:30:51 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
                          2016-07-25 21:30:51 TCP/UDP: Preserving recently used remote address: [AF_INET]188.25.246.65:1194
                          2016-07-25 21:30:51 Socket Buffers: R=[87380->87380] S=[16384->16384]
                          2016-07-25 21:30:51 Attempting to establish TCP connection with [AF_INET]188.25.246.65:1194 [nonblock]
                          2016-07-25 21:30:51 MANAGEMENT: >STATE:1469471451,TCP_CONNECT,,,,,,
                          2016-07-25 21:30:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
                          2016-07-25 21:30:52 TCP connection established with [AF_INET]188.25.246.65:1194
                          2016-07-25 21:30:52 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
                          2016-07-25 21:30:52 TCP_CLIENT link local (bound): [AF_INET][undef]:0
                          2016-07-25 21:30:52 TCP_CLIENT link remote: [AF_INET]188.25.246.65:1194
                          2016-07-25 21:30:52 MANAGEMENT: >STATE:1469471452,WAIT,,,,,,
                          2016-07-25 21:30:52 MANAGEMENT: >STATE:1469471452,AUTH,,,,,,
                          2016-07-25 21:30:52 TLS: Initial packet from [AF_INET]188.25.246.65:1194, sid=c1e295de d16d0ace
                          2016-07-25 21:30:52 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
                          2016-07-25 21:30:52 VERIFY OK: depth=1, C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=Mihai Balaci
                          2016-07-25 21:30:52 VERIFY OK: nsCertType=SERVER
                          2016-07-25 21:30:52 VERIFY X509NAME OK: C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=nikkon.go.ro
                          2016-07-25 21:30:52 VERIFY OK: depth=0, C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=nikkon.go.ro
                          2016-07-25 21:30:53 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
                          2016-07-25 21:30:53 [nikkon.go.ro] Peer Connection Initiated with [AF_INET]188.25.246.65:1194
                          2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,GET_CONFIG,,,,,,
                          2016-07-25 21:30:54 SENT CONTROL [nikkon.go.ro]: 'PUSH_REQUEST' (status=1)
                          2016-07-25 21:30:54 PUSH: Received control message: 'PUSH_REPLY,route 192.168.100.0 255.255.255.0,dhcp-option DNS 192.168.100.1,dhcp-option DNS 193.231.252.1,dhcp-option DNS 8.8.8.8,route-gateway 10.20.30.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.20.30.2 255.255.255.0'
                          2016-07-25 21:30:54 OPTIONS IMPORT: timers and/or timeouts modified
                          2016-07-25 21:30:54 OPTIONS IMPORT: –ifconfig/up options modified
                          2016-07-25 21:30:54 OPTIONS IMPORT: route options modified
                          2016-07-25 21:30:54 OPTIONS IMPORT: route-related options modified
                          2016-07-25 21:30:54 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
                          2016-07-25 21:30:54 Data Channel MTU parms [ L:1560 D:1560 EF:60 EB:406 ET:0 EL:3 ]
                          2016-07-25 21:30:54 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
                          2016-07-25 21:30:54 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                          2016-07-25 21:30:54 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
                          2016-07-25 21:30:54 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                          2016-07-25 21:30:54 GDG: SIOCGIFHWADDR(lo) failed
                          2016-07-25 21:30:54 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
                          2016-07-25 21:30:54 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
                          2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,ASSIGN_IP,,10.20.30.2,,,,
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
                          2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,ADD_ROUTES,,,,,,
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'ROUTE' ok'
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
                          2016-07-25 21:30:54 Opening tun interface:
                          2016-07-25 21:30:54 Local IPv4: 10.20.30.2/24 IPv6: null MTU: 1500
                          2016-07-25 21:30:54 DNS Server: 192.168.100.1, 193.231.252.1, 8.8.8.8, Domain: null
                          2016-07-25 21:30:54 Routes: 10.20.30.0/24, 192.168.100.0/24
                          2016-07-25 21:30:54 Routes excluded: 
                          2016-07-25 21:30:54 VpnService routes installed: 10.20.30.0/24, 192.168.100.0/24
                          2016-07-25 21:30:54 Disallowed VPN apps:
                          2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
                          2016-07-25 21:30:54 Initialization Sequence Completed
                          2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,CONNECTED,SUCCESS,10.20.30.2,188.25.246.65,1194,10.141.250.36,52787
                          2016-07-25 21:30:55 Network Status: CONNECTED HSPA+ to MOBILE net
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:19 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:22 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:26 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:31 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:31 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:36 read TCP_CLIENT []: Connection refused (code=111)
                          2016-07-25 21:31:38 read TCP_CLIENT []: Connection refused (code=111)

                          It connects but when i try to access anything from internal LAN i get the latest message.________________

                          pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

                          Happy PfSense user :)

                          1 Reply Last reply Reply Quote 0
                          • PippinP
                            Pippin
                            last edited by

                            Try to exempt OpenVPN App from Power Saving.
                            That is a known issue, at least on Samsung Android 6.

                            According to the maker of your App the "GDG: SIOCGIFHWADDR(lo) failed" can be ignored.

                            " read TCP_CLIENT []: Connection refused (code=111)"
                            Here I would think, check firewall, but also the app uses port 80?
                            I ask myself, would that conflict with other service?

                            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                            Halton Arp

                            1 Reply Last reply Reply Quote 0
                            • N
                              nikkon
                              last edited by

                              Well, after the update to 2.3.2 works perfectly

                              pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

                              Happy PfSense user :)

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.