Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    having issues setting up Remote VPN to my network

    Scheduled Pinned Locked Moved OpenVPN
    29 Posts 3 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      comet424
      last edited by

      I had this working a few months ago but I cant remember how I did it... to access my home network like I was physically there..
      I had to reinstall pfsense as it bricked my usb when I had installed a extra hard drive and trying out squidproxy it cached it to the usb I guess and bricked it after a month..

      but I reinstalled to latest pfsense.. I have tried different setups..
      I tried the Wizard.. the 11 steps when it comes to export it there no options at the bottom... I even made a new user and create a certificate check box.. I then noticed under certicates the wizard doesn't create a client certificate just a server so I tried creating a client.. still nothing under the export client

      so getting frustrated,,, when I did earlier get the export to work and download client etc when I try to connect I get this error

      Tue Jul 17 13:14:42 2018 SIGUSR1[soft,tls-error] received, process restarting
      Tue Jul 17 13:19:42 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]174.94.30.126:1195
      Tue Jul 17 13:19:42 2018 UDP link local (bound): [AF_INET][undef]:1194
      Tue Jul 17 13:19:42 2018 UDP link remote: [AF_INET]174.94.30.126:1195
      Tue Jul 17 13:20:42 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Tue Jul 17 13:20:42 2018 TLS Error: TLS handshake failed

      so I not sure what else I supposed to do after you run the wizard as there is different people setting up it with different ways and I thought the wizard was to take all the guess work out...
      if you guys need screen shots etc let me know or what to check

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        It seems the client cannot reach the server.

        Is the server up and running?

        Can you find something in logs or do you see massages when you start the server?

        Is the server listening on WAN?

        Do you have a firewall rule in place which is allowing the access?

        1 Reply Last reply Reply Quote 0
        • C
          comet424
          last edited by

          first I followed the youtube videos from Crosstalk and that had worked before kinda least I could log on but now I noticed there has been an update of pfsense and I updated before

          I also did notice.. it would allow my cell phone to connect or my one laptop but when I downloaded the install from the client export it wouldn't allow my other laptop to connect.. but when I copied the config folder from my other laptop to the one having issues it worked.. so something went hay wire... but since the usb bricked I have started over
          as im also trying to get nordvpn to work with pfsense too as they have a trial

          but back to your questions.. yes the server is up and running under services I even stopped and started again to figure that fix it.. rebooted too.. I have uninstalled and re installed.. I have played with the firewall settings... when you run the wizard.. it only sets up CA certificate and the Server certificate.. but not the Client certiticate.. so I manually do that one...but ya I set it for WAN I just did the defaults of the Wizard
          so I frustrated ill take some pics after as I not near the machine right now..
          I still not 100% used to this pfsense I learning as I wanted more secure but I really like my Asus routers the guis are nice lol

          1 Reply Last reply Reply Quote 0
          • C
            comet424
            last edited by

            ugh getting frustrated.. I tried uninstalling export client
            I rebooted pfsense
            installed package export for vpn

            I goto open vpn. wizard
            it creates the CA file. then a server certicate under Certifcates
            i follow the steps and set to 1196 port
            after its done i goto client export and there is nothing at the bottom and says if you don't see your files its a issue between Client certs and Server... like shouldn't the wizard had done all this so there is no issues/

            whaat screen shots do you need to see.. i have deleted it several times and still not working
            ill post screen shots just what parts do i need

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              The cert used by the user would be a USER cert, not a server cert. The server cert would be SERVER.

              This should take you all of 30 seconds to setup. Run through the wizard.

              Create a user cert signed by the CA you created during the wizard, it will be listed for export. Do you want a step by step screenshot guide?

              Do you have some sort of block rule you put on your wan? When the wizard creates the vpn rule on your wan to allow access it will be on the bottom. If you had placed some rule on wan blocking stuff then you would have to move the rule above your block.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • C
                comet424
                last edited by

                yes i know under CA create a CA
                under Certificates you create a Server and a User certificate
                as i done that before..

                now when i did the Wizard... it creates the CA cert and the Server cert... i found a bug in pfsense
                so i noticed it doesn't create a user cert...
                and when you create a user and check the box off to crearte a Cert.. there is a bug in pfsense. if you leave the description box blank which i did as who cares really.. it screws up the certificate
                i found when i just "asdfasdf" as a description that enables the CA..
                as you think it would say you must enter a description...
                so far it works.. but its saving an old config file not sure how.. but i least found why i not getting a CA

                but ya if you could do a step by step...
                because each version of pfsense seems different settings.. now i have issue when it downloads the config under client export its using names i don't even use anymore.. very strange.. i may just have to format and start over

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  No there is no BUG... Why should the wizard ask you to create a user? Maybe you need 100 users, etc.. Its going to walk you through all of that?

                  Its a SERVER wizard, not a USER wizard..

                  My guess to where you are running into a problem is the wizard defaults to cert+user auth... So unless you create a local user with the cert assigned to it.. It will not be listed in the export.

                  If you change the server to just remote access SSL/TLS, then any user cert signed with your servers CA will be listed.

                  0_1531944936502_usercertdownload.png

                  This is not a bug - but could prob be better documented in the wizard. Maybe allow for you to pick if you want the server to be just ssl/tls or ssl/tls+user auth

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • C
                    comet424
                    last edited by

                    so i kinda got it working cant tell if it really works as i on my local network cant tell when i goto another location

                    but how do you set it up to rename the config files for the connection
                    i want one to be my sisters house and 1 to be my house
                    all i seem to have is

                    pfSense-UDP4-1196-mike-config
                    pfSense-UDP4-1196-mikehouse-config
                    i rename the files in the config location to mikeshouse or sistershouse and then there is a error i not even sure where they get the mike or mikeshouse

                    1 Reply Last reply Reply Quote 0
                    • C
                      comet424
                      last edited by

                      ah ok ill re try that again..
                      and where i ment bug
                      if you click User Manager
                      click create a user

                      when you check off "certificate click to create a user certificate

                      it asks your Description
                      Certificate authority.

                      i found if you leave description blank as why would you care to write a description it messes up the export

                      so when i did descritiption "safasdfasdf"
                      then the client export worked

                      but i wanna rename it and now i come to have another issue lol

                      1 Reply Last reply Reply Quote 0
                      • C
                        comet424
                        last edited by

                        it seems it creates it from the username
                        which is annoying because
                        i have user name mike on sisters pfsense and mine
                        so its the same damn file in the config location
                        i had to rename the user name to mitchshouse and then i still gotta re login
                        here i figured just rename the config location filenames but not so simple

                        as i wanted it to say mikes house..... sisters house as the 2 options in OpenVPN client

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Are you just exporting the ovpn file? You can rename the file to whatever you want.ovpn

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • C
                            comet424
                            last edited by

                            i export all 3 files and rename all 3

                            1 Reply Last reply Reply Quote 0
                            • C
                              comet424
                              last edited by

                              personal information file
                              opnvpn file
                              resigration entry file
                              as they all the same name so i rename all 3 to mitchshouse or mikeshouse

                              1 Reply Last reply Reply Quote 0
                              • C
                                comet424
                                last edited by

                                when i just rename the OpenVPN file
                                and then try to connect with client

                                error i still get is
                                connecting to management interface faild
                                view log file c:users\mike\openvpn\mitchshouse.log
                                Wed Jul 18 16:35:38 2018 WARNING: cannot stat file 'pfSense-UDP4-1196-mike.p12': No such file or directory (errno=2)
                                Options error: --pkcs12 fails with 'pfSense-UDP4-1196-mike.p12'
                                Wed Jul 18 16:35:38 2018 WARNING: cannot stat file 'pfSense-UDP4-1196-mike-tls.key': No such file or directory (errno=2)
                                Options error: --tls-auth fails with 'pfSense-UDP4-1196-mike-tls.key': No such file or directory (errno=2)
                                Options error: Please correct these errors.
                                Use --help for more information.

                                or when i try again and rename all 3 files to mitchshouse and mitchshouse-tls

                                i get same error.. its like you cant rename the files so its better labeled
                                and that i have to make a user account saying sistershouse not mike on my sistershouse… to distinguish between 2 user accounts mike on my sisters pfsense and my pfsese…
                                guess i have no simple answers i fix one issue then seem to get myself into a 2nd issue lol

                                i appreciate the help so far

                                1 Reply Last reply Reply Quote 0
                                • C
                                  comet424
                                  last edited by

                                  gonna uninstall the client software and re try the pfsenses uninstall and re install both as i setting up both pfsenses at my house and then take the one for her to her house..
                                  maybe working on 2 at same time just glitching

                                  but fingers crossed uninstall delete the config location and what not fix's it.. least i getting experience setting this thing up (: lol

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    comet424
                                    last edited by

                                    so update
                                    both computers one called mitchsserver other called mikeserver
                                    with user name mike... but my sisters server has like mitchsCA and mitchsclient and for mine is mikesCA and mikesclient and server name
                                    using same port 1196

                                    i found they both create the same damn 3 files
                                    pfSense-UDP4-1196-mike config
                                    pfSense-UDP4-1196-mike
                                    pfSense-UDP4-1196-mike-tls

                                    the config file has the location of those 2 other files but the opnvpn file is write protected and i cant seem to bypass it

                                    so my only way i can seem to do it is
                                    i make a different user name on my sisters pfsens

                                    like mitchserver as the username

                                    this seems to solve the issue of over written files
                                    as what i had ended up with is this
                                    mikeshouse (opnvpn file)
                                    mitchshouse (opnvpn file)
                                    pfSense-UDP4-1196-mike
                                    pfSense-UDP4-1196-mike-tls

                                    due it it making same damn files it over writes the last 2 so id directs to a different comp not the renamed opnvpn one..
                                    would be nice to edit the opnvpn file so i could rename the other 2 files but what can ya do.. guess it wasn't really ment to have 1 computer connecting to multiple pfsense accounts

                                    least i figured out its not so simple lol

                                    1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator
                                      last edited by

                                      I have no idea what your trying to do mate...But I can tell you this - it is simple! ;)

                                      Why are you grabbing 3 files? Just grab the inline ovpn file.. Load it in your remote client.

                                      What exactly are you trying to accomplish. You have a road warrior connecting to pfsense?? Or you wanting to do a site to site between mitchshouse and yours? Does mitch have pfsense as well?

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        comet424
                                        last edited by

                                        ok so I have 1 laptop

                                        I have 2 pfsense houses.... my house and my sisters house
                                        I set up exact copies of pfsense… except
                                        the certs..
                                        my pfsense MikeshouseCA.. mikesServer(certificate)… mikes client(certificate)
                                        sis pfsense MitchshouseCA, mitchsServer(Certificate).. mikes client(certificate)

                                        like I mentioned toe get the option to export when I create a New user "mike" as the login you have to write something in "description" to work

                                        now when you click the Vista install button
                                        and installs... it creates 3 Files
                                        pfSense-UDP4-1196-mike.opnvpn config file
                                        pfSense-UDP4-1196-mike. personal info file
                                        pfSense-UDP4-1196-mike-tls resitration file

                                        now even though I created different certs on the 2 computers because I use "mike" as a login for both pfsense boxes.. these still create the same files above.. and the opn config file points to the personal info and registration file names and windows wont let me edit the opnvpn file to edit the names
                                        so If I rename
                                        pfSense-UDP4-1196-mike.opnvpn config file to mike.opnvpn config file now I have
                                        mike.opnvpn
                                        pfSense-UDP4-1196-mike personal info
                                        pfSense-UDP4-1196-mike-tls

                                        now when I run the Vista Install button on my laptop of my sisters pfsense button and it installs the 3 files I now have this

                                        mikes.opnvpn config
                                        pfSense-UDP4-1196-mike opnvpn config
                                        pfSense-UDP4-1196-mike personal info
                                        pfSense-UDP4-1196-mike-tls registration

                                        and you can not just have the opnvpn config file.. I deleted the other 2 files

                                        as I tried renaming the files so id have 6 files

                                        so it be

                                        mikeshouse opnvpn config
                                        mikeshouse personal info file
                                        mikeshouse-tls registration file
                                        mitchshouse opnvpn config
                                        mitchshouse personal info file
                                        mitchshouse-tls registration file

                                        or does it even matter or does it.. since I could have a different setting for "mike" on mitchsserver then "mike" on mikes server

                                        as both config files point to the same file names that I trying to rename as there is a conflict
                                        I have diselexia so comes out fine for me maybe not for you I tried to explain it better

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          comet424
                                          last edited by

                                          here you see image 1.. my sisters pfsense
                                          0_1531998644765_pfsense issue.JPG
                                          now I renamed config file to mitchshouse and ran my pfsense install
                                          0_1531998683538_pfsense issue 1.JPG

                                          now I renamed my config to mikeshouse
                                          0_1531998717418_pfsense issue 2.JPG

                                          and here is the conflict.
                                          mitchshouse and mikeshouse both point to mikes house registration file and personal information file
                                          so that means when I connect to mitchshouse its actually connecting to Mikeshouse pfsense.. I do not want this

                                          as mitchshouse config is
                                          dev tun
                                          persist-tun
                                          persist-key
                                          cipher AES-256-CBC
                                          auth SHA1
                                          tls-client
                                          client
                                          resolv-retry infinite
                                          remote sistersdyns 1196 udp
                                          verify-x509-name "mitchshouseserver" name
                                          auth-user-pass
                                          pkcs12 pfSense-UDP4-1196-mike.p12
                                          tls-auth pfSense-UDP4-1196-mike-tls.key 1
                                          remote-cert-tls server

                                          mikeshouse pfsense
                                          dev tun
                                          persist-tun
                                          persist-key
                                          cipher AES-256-CBC
                                          auth SHA1
                                          tls-client
                                          client
                                          resolv-retry infinite
                                          remote myhousesdyns 1196 udp
                                          verify-x509-name "mikeshouseserver" name
                                          auth-user-pass

                                          so that's why I get confused I should have 6 files those 2 files are specific to each server isn't it the TLS key and u they both don't have the same key
                                          pkcs12 pfSense-UDP4-1196-mike.p12
                                          tls-auth pfSense-UDP4-1196-mike-tls.key 1
                                          remote-cert-tls server

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by johnpoz

                                            So you want to be able to access either your sisters house or your house from your laptop? That is running windows I take it?

                                            Or do you want your sisters house and your hose to be always connected via site to site vpn? You could setup site to site between your houses and then setup so you could access either house from either vpn server.

                                            The only thing you need to download if your running windows client on your laptop is the inline ovpn file. It will have everything you need.

                                            I would setup sistershouse and your house vpn server. From your laptop gui client you just need to pick the one you want..

                                            Just rename the ovpn files to whatever you want before you place them in your config dir of your openvpn client.

                                            Here I grabbed the opvn files from 2 of my servers. Placed them in the config directly after I renamed them to sisters and mikes.

                                            0_1532004675912_2vpnconnections.png

                                            It is that simple..

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.