OpenVpn - issue to generate client opvn
In a customer's network, they got a pfsense 1.2.3-RELEASE (yeah it's quite old :( ). The problem I have is for the VPN setup for client.
I am quite new using a pfsense so I read the doc. To be able to provide a client package, I should load the OpenVPN client export package. But when going to system -> packages, I got the error :
Unable to communicate to pfSense.com. Please check DNS, default gateway, etc.
I have checked using the ping command if the pfsense could reach pfsense.com and it was:
Ping output: PING pfsense.org (220.127.116.11) from 192.168.254.2: 56 data bytes 64 bytes from 18.104.22.168: icmp_seq=0 ttl=41 time=139.141 ms 64 bytes from 22.214.171.124: icmp_seq=1 ttl=41 time=138.480 ms 64 bytes from 126.96.36.199: icmp_seq=2 ttl=41 time=138.915 ms --- pfsense.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 138.480/138.845/139.141/0.274 ms
Could not find a fix for this problem.
So how could I generate the client installers / configuration (maybe manually) or is it possible to install the package manually?
Thx in advance!
upgrade to current version!!!
I thought about it too but as you see the release is quite old and from my point of view, it's quite risky to do it.
Then install fresh and put rules back… Its utter nonsense to be running a firewall from 2009-12-10 in 2016.. Has not been supported for year and years and years.
Move to current!!
I assume the hardware is from 2009 or older as well.. F'ing christ.. Get some current hardware, install current version and swap it with that OLD time to retire it hardware and software..
The version of freebsd in 1.2.3 was 7.2 which went EOL June 30, 2010..
Time to bite the bullet and get current!
I understand and agree your point of view … but sometimes real life is more complicated. ::)
Changing hardware is not for tomorrow that's why I am looking for a solution with the current hardware / release.
FYI : Pfsense is provided with a soekris box.
Only if you make it so, you should of moved away from 1.2.3 years and years ago!! Did you just take on this customer, why would you agree to even support hardware/software from 2009 that has NO support from its own vendors even. I find it hard to believe that the hardware from 2009 or early is even supported, etc.
Give your customer the bad new that its going to cost them some money to get current!! And now your life is less complicated.. Will be supporting a system that you could actually get support from if needed by the people that make the software and hardware.
Running such outdated something especially when its the security for the network is asking for more complications.. Order some hardware, get it direct from pfsense even - could have it very quickly I would bet. There you go - complications over!!
The only correct solution to your issue is update to current! Period!! Even if was clickity clickity to get the specific thing you want, anyone that would give you such solution would not be doing you any favors on such an old system. How many security fixes do you think have happened both in the under the hood OS and pfsense since 1.2.3?? That you would continue using such a out dated system is beyond comprehension and to be would be complete negligence in support of your customer security!!
I just take on this customer. I am also surprised than you that the hardware is so old and the release too. Not easy to manage indeed.
I will surely change the hardware but believe me this is not the worst surprise I had so I am trying to find solution ….
Is there any way to generate the VPN client package, even on that old old old release?
Packages were deactivated for 1.2.x a long time ago. They no longer exist. You have to upgrade.
There are safe ways to upgrade with minimal risk.
Grab an install disk for 1.2.3 and for 2.3.2. Backup the config. Reinstall with 2.3.2. If it breaks, just reinstall 1.2.3 and restore their old config.
Or yank the old drive, put in a new drive, install 2.3.2 and restore their config. If it breaks, put the old drive back in.
I wouldn't trust the hardware if it's that old, though.
"I wouldn't trust the hardware if it's that old, though."
Exactly which is why I would get new hard, do a nice clean install - put in your config, swap them this provides for very short down time. How ever long it takes to you swap the cables really. And if something not working because you missed a config, etc. Then you could swap the cables back.
To me this is the safest approach since swapping disks maybe something else fails on the ancient hardware on a reboot. Shit does that old of hardware even support sata as a disk connection.. You mention soekris, what model number - prob has some soldered CF so can not even swap that.. I would prob go with their net6501-70 if customer wants to stay with same namebrand, etc.
But for that price point why not just go with pfsense sg-4860 or Netgate RCC-VE 4860, etc.. Sure that would huge improvement to some soekris system from 9 years ago ;)