OVPN Client Export automagic


  • Moderator

    Hi,

    while this was working for quite some time, I can't get any of the automagic settings of the openvpn client export package to work. There are multiple DynDNS names configured that work correctly, OpenVPN is configured for 1194/localhost and a port forwarding is set up on UDP/1194/wan address to localhost/1194. If I manually reconfigure the exported ovpn file and manually enter der "remote" line, the config and setup work as intended.

    But as I try to automate the use for more users than just mine, it's a real PITA that every time I export a config it has an empty line where the "remote" line should be.

    Anyone any idea why that creeps up? pfSense 2.3.4-p1 (latest 2.3) with current openvpn-client-export package. It is running behind another router in front (transfer net with private addresses in between) so we try to use "automagic ddns" for that to work.

    Greets
    Jens


  • Rebel Alliance Developer Netgate

    Was it working before on the same box?

    The automatic code requires port forwards to operate properly, and the port forwards have to have a target of the VPN binding address and port.

    So if it's empty, then somehow it couldn't determine the destination and target properly matched the VPN.


  • Moderator

    Hi Jimp,

    yes it was already working on the mentioned box. I also tested it on a lab device at home and there I have the same effect. Port forward is working. DynDNS names configured and working. Configured names etc. working but somehow the exporter won't find either a name nor an IP for the automagic config.

    Anything I can throw in to help?

    Edit: added screenshots from the test-lab instance below. Explanation: The test lab has WAN configured with 192.168.178.2 (VIP) and 192.168.178.251 (pfsense IP) and has a cable router in front of it. Cable router is passing through everything to pfSense. OpenVPN connect from outside is working perfect. Already tried every possible setup with the port forwarding. Using "this firewall", using "WAN address" or using the VIP IP but neither setting used produced a result.