Remote access (SSL/TLS) VPN - No Client connectivity



  • Hi all,
    I've set up a Remote access (SSL/TLS) VPN

    The client connects, routes get pushed to the client etc, however no traffic passes, and I cannot ping the OpenVPN gateway. There are no errors in the client log, verb 3 enabled

    The "OpenVPN" tab on the firewall rules has all source/dest open for IPV4*

    One thing of note, is this is a second OpenVPN service I have set up on this server, with the first being configured by the wizard and a "remote access (User Auth) type.
    This works without issue.

    I wonder if I am missing a step when creating the Remote access (SSL/TLS) type manually?

    Could anyone advise where to look to figure this out?


  • Rebel Alliance Global Moderator

    Why not just create with the wizard?  Or post up your settings.  I can tell you I run 2 instances without any issues on either.  1 run via tcp so I can bounce off proxy at work, other I run udp so when on open connection can use that, etc.



  • Thanks, I've tried creating it with the Wizard; same result. Meanwhile, the first config I have continues to work

    An example below of one (of many, different options) I've created as tests;

    It seems any secondary VPN I create has the same issue.

    From the shell on Pfsense, the interface ovpns2  is up and pingable (192.168.100.1) ; the client can ping its IP on the provided subnet for the VPN (192.168.100.2) ; but neither can ping each other. I even tried disabling pf with pfctd -d just in case it was a weird firewall issue.

    Of course, the client subnet is different from the VPN; in that it's 192.168.2.0/24

    – "server 2" config

    dev ovpns2
    verb 3
    dev-type tun
    tun-ipv6
    dev-node /dev/tun2
    writepid /var/run/openvpn_server2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local <hidden>tls-server
    server 192.168.100.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server2
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'itvpn' 1"
    lport 1194
    management /var/etc/openvpn/server2.sock unix
    max-clients 25
    push "route 172.16.0.0 255.240.0.0"
    push "route 10.0.0.0 255.0.0.0"
    push "dhcp-option DNS 172.16.1.84"
    push "dhcp-option DNS 172.16.1.83"
    push "dhcp-option DNS 172.16.1.85"
    push "dhcp-option DNS 172.16.1.89"
    push "dhcp-option NTP 172.16.1.85"
    push "dhcp-option NTP 172.16.1.84"
    client-to-client
    ca /var/etc/openvpn/server2.ca
    cert /var/etc/openvpn/server2.cert
    key /var/etc/openvpn/server2.key
    dh /etc/dh-parameters.2048
    comp-lzo adaptive
    persist-remote-ip
    float
    topology subnet</hidden>


  • Rebel Alliance Global Moderator

    I don't really want to see your asci art.. Post up your setting in your gui..

    Where is the one that works… So your trying to use the same port on both of them??

    lport 1194