Remote access (SSL/TLS) VPN - No Client connectivity
-
Hi all,
I've set up a Remote access (SSL/TLS) VPNThe client connects, routes get pushed to the client etc, however no traffic passes, and I cannot ping the OpenVPN gateway. There are no errors in the client log, verb 3 enabled
The "OpenVPN" tab on the firewall rules has all source/dest open for IPV4*
One thing of note, is this is a second OpenVPN service I have set up on this server, with the first being configured by the wizard and a "remote access (User Auth) type.
This works without issue.I wonder if I am missing a step when creating the Remote access (SSL/TLS) type manually?
Could anyone advise where to look to figure this out?
-
Why not just create with the wizard? Or post up your settings. I can tell you I run 2 instances without any issues on either. 1 run via tcp so I can bounce off proxy at work, other I run udp so when on open connection can use that, etc.
-
Thanks, I've tried creating it with the Wizard; same result. Meanwhile, the first config I have continues to work
An example below of one (of many, different options) I've created as tests;
It seems any secondary VPN I create has the same issue.
From the shell on Pfsense, the interface ovpns2 is up and pingable (192.168.100.1) ; the client can ping its IP on the provided subnet for the VPN (192.168.100.2) ; but neither can ping each other. I even tried disabling pf with pfctd -d just in case it was a weird firewall issue.
Of course, the client subnet is different from the VPN; in that it's 192.168.2.0/24
– "server 2" config
dev ovpns2
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local <hidden>tls-server
server 192.168.100.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'itvpn' 1"
lport 1194
management /var/etc/openvpn/server2.sock unix
max-clients 25
push "route 172.16.0.0 255.240.0.0"
push "route 10.0.0.0 255.0.0.0"
push "dhcp-option DNS 172.16.1.84"
push "dhcp-option DNS 172.16.1.83"
push "dhcp-option DNS 172.16.1.85"
push "dhcp-option DNS 172.16.1.89"
push "dhcp-option NTP 172.16.1.85"
push "dhcp-option NTP 172.16.1.84"
client-to-client
ca /var/etc/openvpn/server2.ca
cert /var/etc/openvpn/server2.cert
key /var/etc/openvpn/server2.key
dh /etc/dh-parameters.2048
comp-lzo adaptive
persist-remote-ip
float
topology subnet</hidden> -
I don't really want to see your asci art.. Post up your setting in your gui..
Where is the one that works… So your trying to use the same port on both of them??
lport 1194