Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VPN interface is up, but is being bypassed.

    OpenVPN
    2
    2
    225
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gunnerrrrrrr last edited by

      I had to replace the certificate for my VPN as it expired and now I am having trouble getting to work again. Please keep in mind my friend help me set pfSense for me and initially installed the VPN as well. However I know I will be able to fix it. Also I got a premium CyberGhost VPN for free so don't hate  :P

      CA: I downloaded the keys from the CyberGhost website and selected UDP OpenVPN as the protocol.
      https://image.prntscr.com/image/TJ2_jsY3RQio0eEBT41dow.png

      Certificate: NOTE I did not change this since they are not expired!
      https://image.prntscr.com/image/Db-6EOIVQJyxPKEM6qhr6Q.png

      OpenVPN Client Page:
      https://image.prntscr.com/image/Rsuet_jbSyyef-FJdynV1g.png
      https://image.prntscr.com/image/6khfkjGTQhS196ImepnRjA.png
      Everything else on this page is left blank except the IPv4 tunnel network, and IPv6 is checked to be disabled.

      This is in the "custom options" box at the bottom of the page. My friend added this and frankly I have no idea what it means so I have never touched it.

      tun-mtu 1500 
      fragment 1300
      mssfix 1300
      remote-cert-tls server
      

      EDIT: I removed the images and added the links as the images were huge and made the post very cluttered.

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        That all looks reasonable.

        Custom options should be separated by a semicolon as it says on the page so if you've entered them like that, new lines for each, it won't work. The actual options look fine but those set to 1300 they may not right now.

        If the tunnel is up and you're receiving an IP address it's not an issue with your certs/CA. If it was you would never get that far.

        What exactly are you seeing happen? Traffic just goes out the WAN directly? What have you done to route that traffic via the VPN? Your screenshots don't show the tunnel settings there.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy