Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Tunnel ends up in wrong section

    Scheduled Pinned Locked Moved 2.4 Development Snapshots
    6 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pete35
      last edited by

      Latest Pfsense 2.4 Beta Version

      When trying to establish an Openvpn Peer to Peer Tunnel with SSL/TLS Authentication between two Pfsense virtual instances, the Tunnel came up and shows up and running. But the Tunnel shows as Remote VPN Tunnel, not with Peer to Peer Server Instance Section.

      When trying an Openvpn Peer to Peer Tunnel with shared key, everything works perfectly and the Tunnel shows up in Peer to Peer Instance Section.

      Anyone else have these problem?

      <a href="https://carsonlam.ca">bintang88</a>
      <a href="https://carsonlam.ca">slot88</a>

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The status page displays the output as interpreted by OpenVPN.

        Shared Key or Peer to Peer SSL/TLS with a /30 tunnel network are both interpreted the same way, so the get output shown the same way since they can only handle a single client.

        Peer to Peer SSL/TLS with a larger subnet, or Remote Access style VPNs are displayed in a different format because they can handle multiple clients.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pete35
          last edited by

          Ok, thank you for that clarification.

          But i did not configure any subnet in both cases, because quagga with ospf will establish the routing tables.

          So in the case of Peer to Peer with ssl/ tls it assigns a random default subnet which causes the wrong classification of that Tunnel.

          I configured this to avoid all the static routes with multiple Tunnels and subnets, but with ssl/tls it did not work.

          So it looks like a feature request, please do not supply a Default Network, when there is no subnet in that Field.

          Is there another possibility?

          <a href="https://carsonlam.ca">bintang88</a>
          <a href="https://carsonlam.ca">slot88</a>

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Either you configured it incorrectly or we're talking about different things.

            For Quagga to work in SSL/TLS mode you have to use tap mode (or tun with a /30 tunnel network), but you must supply a tunnel network but you don't put and remote network entries in.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              pete35
              last edited by

              Ok, thanks again. I will recheck this.

              <a href="https://carsonlam.ca">bintang88</a>
              <a href="https://carsonlam.ca">slot88</a>

              1 Reply Last reply Reply Quote 0
              • P
                pete35
                last edited by

                Ok, confirmed.

                Wit a Tunnel Network /30 everything shows up correctly. I configured a /24 Tunnel Network which leads to this behavior, which is wrong in case of the peer to peer tunnel.

                Thank you!

                <a href="https://carsonlam.ca">bintang88</a>
                <a href="https://carsonlam.ca">slot88</a>

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.