Can't get UDP to work. TCP works fine

Cry Havok

The error is```
Sat Feb 21 15:19:23 2009 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=BG/ST=NA/O=central/CN=server/emailAddress=e.enchev@hotelcentral.bg

This suggests that you've not correctly configured one end, probably the client.  Unfortunately without config files it's hard to say.  Your client config file should look something like this:

client
dev tun
proto udp
remote myserver.name 11194
nobind
ca my-ca.crt
cert my.crt
key my.key
ns-cert-type server

bravo83

i use the config suggested in the tutorial

client
dev tun
proto tcp
remote x.x.x.x 1194
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1_ovpn.crt
key client1_ovpn.key
ns-cert-type server
comp-lzo
pull
verb 3

or did u mean that there might be a mistake when i generated the key files for the client? i did the whole procedure a second time but the errors are the same. ofcourse copy/pasted the new ca.crt and so on to the pfsense server …

Cry Havok

Did the same CA certificate generate both the server and client certificates?  Did you follow the documentation on the OpenVPN site for doing that?

bravo83

yes , i did it according to the howto and also checked the tutorial from this forum

first build-ca
then build-key-server.bat server
and build-key.bat ovpn_client1

also i wanted to ask: on the OpenVPN panel in pfsense in the server section there is always an empty rule above mine which i cannot delete. is this normal?

Cry Havok

I've never seen that extra "rule" (VPN -> OpenVPN).  It may be what's causing your problems.  Make sure it's disabled.

bravo83

the problem was in this 'empty rule' but since it could not be deleted i had to reset to factory defaults… anyways now it works  ;)

bravo83

one last thing…

my settings are
WAN 192.168.1.x
LAN  192.168.2.0/24
OpenVPN clients 192.168.10.0/24

i have ping from the client (windows xp, firewall disabled)and access to the LAN network behind pfsense (i mean i can access from windows \192.168.2.x) but when i try to connect from a LAN computer with windows to the shared files of the Ovpn client (example ip 192.168.10.6) I get access denied although there is ping. I know maybe it is a silly mistake but i have all the windows firewalls turned off... maybe i'm missing something in pfsense firewall.

can you help again, pls?  :)

Cry Havok

First step - is "File and Printer Sharing" active on the OpenVPN adapter of the client?

Next step - can you connect to the shares on the OpenVPN client locally (ie on the same network)?

Usually an access denied message relates to username/password problems.  Windows will automatically offer up your current username and password, so be sure to perform your tests from an account that's not Administrator and not on the remote system.

bravo83

1. yes the file and printer sharing is enabled on the virtual TAP adapter

2. and yes even locally i cannot access the shared folders with the Openvpn IP :    \192.168.10.x

i can access the folder though with the local ip of the physical ethernet adapter

the problem should be something between the TAP and the physical ethernet adapters… doesn't the virtual adapter automatically redirect access to the physical .  i hope i explained it somewhat clear.

any suggestions? thanx :)

bravo83

I forgot to mention that when I make a PPTP VPN between the two networks it works both ways no problem to access the shared files!  ??? but ofcourse that's different

for thr OpenVPN
I'm pretty sure I have to add some route in the config file or in pfsense gui but I can't figure what exactly. i tried in windows: "route add 192.168.50.0 mask 255.255.255.252 192.168.10.5"        but still no access to \192.168.10.6

my openvpn ip is 192.168.10.6 (and my physical ethernet adapter uses 192.168.50.0) but i saw in the ovpn gui that it pushes the routes to 192.168.10.5 so i guess that is my gateway … or am i wrong? probably...

Cry Havoc , please i'm sure you know the solution. you're the man :)

cheers