Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn - issue to generate client opvn

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      venizia
      last edited by

      Hello!

      In a customer's network, they got a pfsense 1.2.3-RELEASE (yeah it's quite old  :( ). The problem I have is for the VPN setup for client.
      I am quite new using a pfsense so I read the doc. To be able to provide a client package, I should load the OpenVPN client export package. But when going to system -> packages, I got the error :

      Unable to communicate to pfSense.com. Please check DNS, default gateway, etc.
      

      I have checked using the ping command if the pfsense could reach pfsense.com and it was:

      
      Ping output:
      PING pfsense.org (208.123.73.69) from 192.168.254.2: 56 data bytes
      64 bytes from 208.123.73.69: icmp_seq=0 ttl=41 time=139.141 ms
      64 bytes from 208.123.73.69: icmp_seq=1 ttl=41 time=138.480 ms
      64 bytes from 208.123.73.69: icmp_seq=2 ttl=41 time=138.915 ms
      
      --- pfsense.org ping statistics ---
      3 packets transmitted, 3 packets received, 0.0% packet loss
      round-trip min/avg/max/stddev = 138.480/138.845/139.141/0.274 ms
      
      

      Could not find a fix for this problem.

      So how could I generate the client installers / configuration (maybe manually) or is it possible to install the package manually?

      Thx in advance!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        upgrade to current version!!!

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • V
          venizia
          last edited by

          I thought about it too but as you see the release is quite old and from my point of view, it's quite risky to do it.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Then install fresh and put rules back… Its utter nonsense to be running a firewall from 2009-12-10 in 2016.. Has not been supported for year and years and years.

            Move to current!!

            I assume the hardware is from 2009 or older as well.. F'ing christ..  Get some current hardware, install current version and swap it with that OLD time to retire it hardware and software..

            The version of freebsd in 1.2.3 was 7.2 which went EOL June 30, 2010..

            Time to bite the bullet and get current!

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • V
              venizia
              last edited by

              I understand and agree your point of view … but sometimes real life is more complicated.  ::)

              Changing hardware is not for tomorrow that's why I am looking for a solution with the current hardware / release.

              FYI : Pfsense is provided with a soekris box.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Only if you make it so, you should of moved away from 1.2.3 years and years ago!!  Did you just take on this customer, why would you agree to even support hardware/software from 2009 that has NO support from its own vendors even.  I find it hard to believe that the hardware from 2009 or early is even supported, etc.

                Give your customer the bad new that its going to cost them some money to get current!!  And now your life is less complicated.. Will be supporting a system that you could actually get support from if needed by the people that make the software and hardware.

                Running such outdated something especially when its the security for the network is asking for more complications.. Order some hardware, get it direct from pfsense even - could have it very quickly I would bet.  There you go - complications over!!

                The only correct solution to your issue is update to current!  Period!!  Even if was clickity clickity to get the specific thing you want, anyone that would give you such solution would not be doing you any favors on such an old system.  How many security fixes do you think have happened both in the under the hood OS and pfsense since 1.2.3??  That you would continue using such a out dated system is beyond comprehension and to be would be complete negligence in support of your customer security!!

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • V
                  venizia
                  last edited by

                  I just take on this customer. I am also surprised than you that the hardware is so old and the release too. Not easy to manage indeed.
                  I will surely change the hardware but believe me this is not the worst surprise I had so I am trying to find solution ….

                  Is there any way to generate the VPN client package, even on that old old old release?

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Packages were deactivated for 1.2.x a long time ago. They no longer exist. You have to upgrade.

                    There are safe ways to upgrade with minimal risk.

                    Grab an install disk for 1.2.3 and for 2.3.2. Backup the config. Reinstall with 2.3.2. If it breaks, just reinstall 1.2.3 and restore their old config.

                    Or yank the old drive, put in a new drive, install 2.3.2 and restore their config. If it breaks, put the old drive back in.

                    I wouldn't trust the hardware if it's that old, though.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      "I wouldn't trust the hardware if it's that old, though."

                      Exactly which is why I would get new hard, do a nice clean install - put in your config, swap them this provides for very short down time.  How ever long it takes to you swap the cables really.  And if something not working because you missed a config, etc.  Then you could swap the cables back.

                      To me this is the safest approach since swapping disks maybe something else fails on the ancient hardware on a reboot.  Shit does that old of hardware even support sata as a disk connection..  You mention soekris, what model number - prob has some soldered CF so can not even swap that.. I would prob go with their net6501-70 if customer wants to stay with same namebrand, etc.

                      But for that price point why not just go with pfsense sg-4860 or Netgate RCC-VE 4860, etc..  Sure that would huge improvement to some soekris system from 9 years ago ;)

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.