Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems getting road warrior to connect to openvpn

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    3
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phospher
      last edited by

      i'm having some problems getting tunnelblick on my macbook to connect to pfsense 1.2 using openvpn.

      here our my configuration files

      server:

      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      dev tun
      proto udp
      cipher BF-CBC
      up /etc/rc.filter_configure
      down /etc/rc.filter_configure
      server 192.168.2.0 255.255.255.0
      client-config-dir /var/etc/openvpn_csc
      push "route 192.168.1.0 255.255.255.0"
      lport 1194
      ca /var/etc/openvpn_server0.ca
      cert /var/etc/openvpn_server0.cert
      key /var/etc/openvpn_server0.key
      dh /var/etc/openvpn_server0.dh
      persist-remote-ip
      float

      client:

      float
      port 1194
      dev tun
      dev-node /sbin/ifconfig en1
      #dev-node /sbin/ifconfig en0
      proto udp
      remote "hostname here" 1194
      ping-restart 45
      persist-tun
      persist-key
      tls-client
      ca ca.crt
      cert client1.crt
      key client1.key
      ns-cert-type server
      pull
      verb 4

      and the tail end of my log file from the client;

      Sep  2 18:46:33 UNIXBOX openvpn[3984]: SENT CONTROL [server]:
      'PUSH_REQUEST' (status=1)
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: PUSH: Received control message:
      'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.2.1,ping
      10,ping-restart 60,ifconfig 192.168.2.6 192.168.2.5'
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: OPTIONS IMPORT: timers and/or
      timeouts modified
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: OPTIONS IMPORT: –ifconfig/up
      options modified
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: OPTIONS IMPORT: route options
      modified
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: gw 172.16.0.1
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: TUN/TAP device /sbin/ifconfig
      opened
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: /sbin/ifconfig tun delete
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: NOTE: Tried to delete pre-
      existing tun/tap instance – No Problem if failure
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: /sbin/ifconfig tun 192.168.2.6
      192.168.2.5 mtu 1500 netmask 255.255.255.255 up
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: MANAGEMENT: Client disconnected
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: Mac OS X ifconfig failed: shell
      command exited with error status: 126
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: MANAGEMENT: TCP send error: Bad
      file descriptor
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: MANAGEMENT: Client disconnected
      Sep  2 18:46:33 UNIXBOX openvpn[3984]: Exiting

      i'm not sure where that 255.255.255.255 netmask is coming from either.

      any thoughts?

      thanks guys,

      1 Reply Last reply Reply Quote 0
      • AhnHELA
        AhnHEL
        last edited by

        I dont see cipher in your client configuration file which should match your server's cipher algorithm

        AhnHEL (Angel)

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          Also could you post the output of the log on pfSense?

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • First post
            Last post