Little question about OVPN

webed

Hello guys

I've been useing pfsense for some time now, but i use it basicali as a router and a firewall, nothing more, i liked it because it's very simple to install and configure.

My problem is this:
At my job i ahve an openvpnserver, i do not know which version which platform or anything about it i just have a payr of keys that i use to connect with ovpn-gui from windows. Last night after i had some problems to install ovpn on vista i found out that i can use pfsense to connect automaticaly to the server and create a tunnel.

I configured a client i put all the configs from the .ovpn file, but i do not know how to make pfsense to connect to that server or at least to tell me if it's able to connect or not.

Thx alot guys.

GruensFroeschli

The automatically generated config files can be found in /var/etc/
Try to compare the config with the config you got from your company.

To view the logs:
status –> system logs --> openVPN

pfSense just stats the connection as long as you dont disable to tunnel.

webed

thx alot for your answer
i managed to find the log files but i cannot ping, right now i will look on the config file and i will try to replace with the one i got from my company, also i see that ovpn already added the rutes, i will try some more things and i will reply

thx alot again

webed

i added some missing params and now as it looks in the log the system is ok but i still can't ping a host from my office :(

Apr 2 10:48:17 openvpn[1130]: Initialization Sequence Completed
Apr 2 10:48:17 openvpn[1130]: /sbin/route add -net 192.168.201.1 192.168.201.97 255.255.255.255
Apr 2 10:48:17 openvpn[1130]: /sbin/route add -net 192.168.200.0 192.168.201.97 255.255.255.0
Apr 2 10:48:16 openvpn[1130]: /etc/rc.filter_configure tun0 1500 1542 192.168.201.98 192.168.201.97 init
Apr 2 10:48:16 openvpn[1130]: /sbin/ifconfig tun0 192.168.201.98 192.168.201.97 mtu 1500 netmask 255.255.255.255 up
Apr 2 10:48:16 openvpn[1130]: TUN/TAP device /dev/tun0 opened
Apr 2 10:48:16 openvpn[1130]: gw 192.168.57.1
Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: route options modified
Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: –ifconfig/up options modified
Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 2 10:48:16 openvpn[1130]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.6)
Apr 2 10:48:16 openvpn[1130]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.200.0 255.255.255.0,dhcp-option DNS 192.168.200.3,route 192.168.201.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.201.98 192.168.201.97'
Apr 2 10:48:16 openvpn[1130]: SENT CONTROL [compaq]: 'PUSH_REQUEST' (status=1)
Apr 2 10:48:15 openvpn[1130]: [compaq] Peer Connection Initiated with 82.76.xxx.xxx:1194
Apr 2 10:48:15 openvpn[1130]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Apr 2 10:48:15 openvpn[1130]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 2 10:48:15 openvpn[1130]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 2 10:48:15 openvpn[1130]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 2 10:48:15 openvpn[1130]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 2 10:48:15 openvpn[1130]: VERIFY OK: depth=0, /C=RO/ST=BU/O=…...
Apr 2 10:48:15 openvpn[1130]: VERIFY OK: depth=1, /C=RO/ST=BU/L=…....
Apr 2 10:48:15 openvpn[1130]: TLS: Initial packet from 82.76.xxx.xxx:1194, sid=60efc74c d9fc2b4b
Apr 2 10:48:15 openvpn[1130]: UDPv4 link remote: 82.76.xxx.xxx:1194
Apr 2 10:48:15 openvpn[1130]: UDPv4 link local (bound): [undef]:1194
Apr 2 10:48:15 openvpn[1125]: Expected Remote Options hash (VER=V4): '530fdded'
Apr 2 10:48:15 openvpn[1125]: Local Options hash (VER=V4): '41690919'
Apr 2 10:48:15 openvpn[1125]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 2 10:48:15 openvpn[1125]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Apr 2 10:48:15 openvpn[1125]: LZO compression initialized
Apr 2 10:48:15 openvpn[1125]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
Apr 2 10:48:14 openvpn[1125]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 2 10:48:14 openvpn[1125]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
Apr 2 10:46:42 openvpn[358]: Use –help for more information.
Apr 2 10:46:42 openvpn[358]: Options error: –lport and --nobind don't make sense when used together

GruensFroeschli

Dont just copy the config from your windowsbox to the pfSense.
This WILL mess things up.
Rather add the equivalent of the content of your windows config file in the pfSense GUI.

webed

i didn't do that, i only added the missin configs in the custom options area.

those are: dev tun;resolv-retry infinite;persist-key;persist-tun;verb 3

Also after some tests i see that if i ping a computer from console i get replys but from my pc or from webgui i do not get reply.

webed

after speaking with some guys on irc, i did some tests and the tunnel it's active and the rutes are right, but i still can't access the lan behind the ovpn server :( any hints?