i can't connect to my lan from internet and openvpn

trazom · Dec 17, 2018, 5:31 PM

hi,
i am new so be quiet please!

i have installed openvpn server on my pfSense connected to internet via box 82.xxx.xxx.xxx
my pfsense server has a wan interface 192.168.1.30 and a lan interface 192.168.0.1/24
i have 3 computers connected via a switch to this pfsense
i have a kali linux distribution installed on 1 of these computers
i try to connect to a computer of this lan from internet via my kali linux et the software KVpnc
i have imported the configuration file from the server and i use it on my client

i cant connect! here are my errors:

*debug: Preserving network environment

debug: openvpn: /usr/sbin/openvpn

debug: Loading of module "tun" was successful.

debug: No default interface found, using "lo".

debug: No IP for default interface found, using "127.0.0.1".

info: Trying to connect to server "192.168.1.30" with ...

debug: Setting DNS_UPDATE "Yes".

debug: Starting Openvpn management handler...

debug: [openvpn] Mon Dec 17 18:22:07 2018 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration

debug: [openvpn] Mon Dec 17 18:22:07 2018 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

debug: [openvpn] Mon Dec 17 18:22:07 2018 WARNING: file '/root/.kde/share/apps/kvpnc/openvpn_privatekey__home_Informatique_pfSense_pfSense-UDP4-1194-CAcertificat-config.pem' is group or others accessible

debug: [openvpn] Mon Dec 17 18:22:08 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.30:1194

debug: [openvpn]

debug: [openvpn] Mon Dec 17 18:22:07 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 30 2018

debug: [openvpn] Mon Dec 17 18:22:08 2018 Attempting to establish TCP connection with [AF_INET]192.168.1.30:1194 [nonblock]

debug: [openvpn]

debug: [openvpn] Mon Dec 17 18:22:07 2018 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10

debug: [openvpn] Mon Dec 17 18:22:07 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

debug: [openvpn] Mon Dec 17 18:22:07 2018 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables

debug: [openvpn]*

i don't find --script-security 2'
i have correctly installed certificate but you can se : No server certificate verification method has been enabled

can you help me please?
thanks

Rico · Dec 18, 2018, 12:00 PM

From the Internet you need to connect to your public IP 82.xxx.xxx.xxx.
192.168.1.30 is your pfSense WAN but still private address space, you do double NAT.
Your edge router has to forward Port 1194 UDP to pfSense WAN 192.168.1.30 1194 UDP.

-Rico

Gertjan · Dec 18, 2018, 4:41 PM

@trazom said in i can't connect to my lan from internet and openvpn:

debug: [openvpn] Mon Dec 17 18:22:07 2018 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
debug: [openvpn]*
i don't find --script-security 2'

OpenVPN 2.1 is quiet old.
"2.1" isn't OpenVPN present on pfSense (or, at least, not for the last year or two).
Isn't this a classic éNAT-doesn't work (because not setup correctly) question ?

trazom · Dec 23, 2018, 10:31 AM

i use KVpnc to configure my client; i'm going to try to use basic client.
where can i find client's configuration doc on a kali linux distribution?
thanks