Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN and TorGuard

    OpenVPN
    1
    1
    750
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anjan42 last edited by

      I am using Pfsense 2.3.4.

      I configured openvpn as mentioned here
      https://torguard.net…yarticle&id=208

      The only difference I did was enabled TLS authentication and copied the key in zip file I received. If I dont select TLS it wont connect, also I have changed encryption to AES and hash to SHA256 in VPN config as in the client file. If I configure SHA1 it wont work. I am using UDP tunnel files.
      THe intial certification configuration is exactly the same mentioned in the article.

      I have sucessfully configured NAT and I can see the default route too but the problem is VPN is up but send receive bytes are 3-4 KB all the time. I cannot access the internet using it, I think there is some mistake in the configuration

      Here are the logs from verb 3 configuartion

      Oct 21 09:31:36 openvpn 53208 Restart pause, 5 second(s)
      Oct 21 09:31:41 openvpn 53208 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Oct 21 09:31:41 openvpn 53208 Socket Buffers: R=[65228->65228] S=[65228->65228]
      Oct 21 09:31:41 openvpn 53208 Attempting to establish TCP connection with [AF_INET]195.154.209.57:1912 [nonblock]
      Oct 21 09:31:42 openvpn 53208 TCP connection established with [AF_INET]195.154.209.57:1912
      Oct 21 09:31:42 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
      Oct 21 09:31:42 openvpn 53208 TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.66
      Oct 21 09:31:42 openvpn 53208 TCPv4_CLIENT link remote: [AF_INET]195.154.209.57:1912
      Oct 21 09:31:42 openvpn 53208 TLS: Initial packet from [AF_INET]195.154.209.57:1912, sid=7dfe3564 874ca556
      Oct 21 09:31:42 openvpn 53208 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
      Oct 21 09:31:42 openvpn 53208 Validating certificate key usage
      Oct 21 09:31:42 openvpn 53208 ++ Certificate has key usage 00a0, expects 00a0
      Oct 21 09:31:42 openvpn 53208 VERIFY KU OK
      Oct 21 09:31:42 openvpn 53208 Validating certificate extended key usage
      Oct 21 09:31:42 openvpn 53208 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
      Oct 21 09:31:42 openvpn 53208 VERIFY EKU OK
      Oct 21 09:31:42 openvpn 53208 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
      Oct 21 09:31:42 openvpn 53208 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
      Oct 21 09:31:42 openvpn 53208 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
      Oct 21 09:31:42 openvpn 53208 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Oct 21 09:31:42 openvpn 53208 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 21 09:31:42 openvpn 53208 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Oct 21 09:31:42 openvpn 53208 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 21 09:31:42 openvpn 53208 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
      Oct 21 09:31:42 openvpn 53208 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]195.154.209.57:1912
      Oct 21 09:31:44 openvpn 53208 SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
      Oct 21 09:31:44 openvpn 53208 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 10.8.0.1,route 10.34.0.1,topology net30,ping 5,ping-restart 30,socket-flags TCP_NODELAY,ifconfig 10.34.0.10 10.34.0.9,peer-id 0'
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: timers and/or timeouts modified
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: –socket-flags option modified
      Oct 21 09:31:44 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: --ifconfig/up options modified
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: route options modified
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: peer-id set
      Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: adjusting link_mtu to 1574
      Oct 21 09:31:44 openvpn 53208 Preserving previous TUN/TAP instance: ovpnc1
      Oct 21 09:31:44 openvpn 53208 Initialization Sequence Completed
      Oct 21 09:32:40 openvpn 53208 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Oct 21 09:32:40 openvpn 53208 MANAGEMENT: CMD 'state 1'
      Oct 21 09:32:40 openvpn 53208 MANAGEMENT: CMD 'status 2'
      Oct 21 09:32:40 openvpn 53208 MANAGEMENT: Client disconnected
      Oct 21 09:32:43 openvpn 53208 Connection reset, restarting [0]
      Oct 21 09:32:43 openvpn 53208 SIGUSR1[soft,connection-reset] received, process restarting
      Oct 21 09:32:43 openvpn 53208 Restart pause, 5 second(s)
      Oct 21 09:32:48 openvpn 53208 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Oct 21 09:32:48 openvpn 53208 Socket Buffers: R=[65228->65228] S=[65228->65228]
      Oct 21 09:32:48 openvpn 53208 Attempting to establish TCP connection with [AF_INET]195.154.209.57:1912 [nonblock]
      Oct 21 09:32:49 openvpn 53208 TCP connection established with [AF_INET]195.154.209.57:1912
      Oct 21 09:32:49 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
      Oct 21 09:32:49 openvpn 53208 TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.66
      Oct 21 09:32:49 openvpn 53208 TCPv4_CLIENT link remote: [AF_INET]195.154.209.57:1912
      Oct 21 09:32:49 openvpn 53208 TLS: Initial packet from [AF_INET]195.154.209.57:1912, sid=e7b2957d a044c05b
      Oct 21 09:32:50 openvpn 53208 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
      Oct 21 09:32:50 openvpn 53208 Validating certificate key usage
      Oct 21 09:32:50 openvpn 53208 ++ Certificate has key usage 00a0, expects 00a0
      Oct 21 09:32:50 openvpn 53208 VERIFY KU OK
      Oct 21 09:32:50 openvpn 53208 Validating certificate extended key usage
      Oct 21 09:32:50 openvpn 53208 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
      Oct 21 09:32:50 openvpn 53208 VERIFY EKU OK
      Oct 21 09:32:50 openvpn 53208 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
      Oct 21 09:32:50 openvpn 53208 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
      Oct 21 09:32:50 openvpn 53208 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
      Oct 21 09:32:50 openvpn 53208 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Oct 21 09:32:50 openvpn 53208 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 21 09:32:50 openvpn 53208 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Oct 21 09:32:50 openvpn 53208 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 21 09:32:50 openvpn 53208 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
      Oct 21 09:32:50 openvpn 53208 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]195.154.209.57:1912
      Oct 21 09:32:52 openvpn 53208 SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
      Oct 21 09:32:52 openvpn 53208 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 10.8.0.1,route 10.34.0.1,topology net30,ping 5,ping-restart 30,socket-flags TCP_NODELAY,ifconfig 10.34.0.10 10.34.0.9,peer-id 0'
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: timers and/or timeouts modified
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: –socket-flags option modified
      Oct 21 09:32:52 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: --ifconfig/up options modified
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: route options modified
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: peer-id set
      Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: adjusting link_mtu to 1574
      Oct 21 09:32:52 openvpn 53208 Preserving previous TUN/TAP instance: ovpnc1
      Oct 21 09:32:52 openvpn 53208 Initialization Sequence Completed

      Route table after connection:
      [2.3.4-RELEASE][admin@pfSense.localdomain]/root: netstat -r
      Routing tables

      Internet:
      Destination        Gateway            Flags      Netif Expire
      0.0.0.0/1          10.34.0.5          UGS      ovpnc1
      default            mynetwork          UGS        le1
      10.34.0.1/32      10.34.0.5          UGS      ovpnc1
      10.34.0.5          link#7            UH      ovpnc1
      10.34.0.6          link#7            UHS        lo0
      dns.usa1.torguard. 10.34.0.5          UGHS    ovpnc1
      dns.usa2.torguard. 10.34.0.5          UGHS    ovpnc1
      localhost          link#6            UH          lo0
      128.0.0.0/1        10.34.0.5          UGS      ovpnc1
      185.25.21.161/32  mynetwork          UGS        le1
      192.168.1.0        link#1            U          le0
      pfSense            link#1            UHS        lo0
      192.168.2.0        link#2            U          le1
      mynetwork          00:0c:29:1f:f5:78  UHS        le1
      192.168.2.66      link#2            UHS        lo0
      195.154.204.10/32  mynetwork          UGS        le1

      1 Reply Last reply Reply Quote 0
      • First post
        Last post