Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Little question about OVPN

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      webed
      last edited by

      Hello guys

      I've been useing pfsense for some time now, but i use it basicali as a router and a firewall, nothing more, i liked it because it's very simple to install and configure.

      My problem is this:
      At my job i ahve an openvpnserver, i do not know which version which platform or anything about it i just have a payr of keys that i use to connect with ovpn-gui from windows. Last night after i had some problems to install ovpn on vista i found out that i can use pfsense to connect automaticaly to the server and create a tunnel.

      I configured a client i put all the configs from the .ovpn file, but i do not know how to make pfsense to connect to that server or at least to tell me if it's able to connect or not.

      Thx alot guys.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        The automatically generated config files can be found in /var/etc/
        Try to compare the config with the config you got from your company.

        To view the logs:
        status –> system logs --> openVPN

        pfSense just stats the connection as long as you dont disable to tunnel.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • W
          webed
          last edited by

          thx alot for your answer
          i managed to find the log files but i cannot ping, right now i will look on the config file and i will try to replace with the one i got from my company, also i see that ovpn already added the rutes, i will try some more things and i will reply

          thx alot again

          1 Reply Last reply Reply Quote 0
          • W
            webed
            last edited by

            i added some missing params and now as it looks in the log the system is ok but i still can't ping a host from my office :(

            Apr 2 10:48:17 openvpn[1130]: Initialization Sequence Completed
            Apr 2 10:48:17 openvpn[1130]: /sbin/route add -net 192.168.201.1 192.168.201.97 255.255.255.255
            Apr 2 10:48:17 openvpn[1130]: /sbin/route add -net 192.168.200.0 192.168.201.97 255.255.255.0
            Apr 2 10:48:16 openvpn[1130]: /etc/rc.filter_configure tun0 1500 1542 192.168.201.98 192.168.201.97 init
            Apr 2 10:48:16 openvpn[1130]: /sbin/ifconfig tun0 192.168.201.98 192.168.201.97 mtu 1500 netmask 255.255.255.255 up
            Apr 2 10:48:16 openvpn[1130]: TUN/TAP device /dev/tun0 opened
            Apr 2 10:48:16 openvpn[1130]: gw 192.168.57.1
            Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
            Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: route options modified
            Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: –ifconfig/up options modified
            Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: timers and/or timeouts modified
            Apr 2 10:48:16 openvpn[1130]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.6)
            Apr 2 10:48:16 openvpn[1130]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.200.0 255.255.255.0,dhcp-option DNS 192.168.200.3,route 192.168.201.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.201.98 192.168.201.97'
            Apr 2 10:48:16 openvpn[1130]: SENT CONTROL [compaq]: 'PUSH_REQUEST' (status=1)
            Apr 2 10:48:15 openvpn[1130]: [compaq] Peer Connection Initiated with 82.76.xxx.xxx:1194
            Apr 2 10:48:15 openvpn[1130]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
            Apr 2 10:48:15 openvpn[1130]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
            Apr 2 10:48:15 openvpn[1130]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
            Apr 2 10:48:15 openvpn[1130]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
            Apr 2 10:48:15 openvpn[1130]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
            Apr 2 10:48:15 openvpn[1130]: VERIFY OK: depth=0, /C=RO/ST=BU/O=…...
            Apr 2 10:48:15 openvpn[1130]: VERIFY OK: depth=1, /C=RO/ST=BU/L=…....
            Apr 2 10:48:15 openvpn[1130]: TLS: Initial packet from 82.76.xxx.xxx:1194, sid=60efc74c d9fc2b4b
            Apr 2 10:48:15 openvpn[1130]: UDPv4 link remote: 82.76.xxx.xxx:1194
            Apr 2 10:48:15 openvpn[1130]: UDPv4 link local (bound): [undef]:1194
            Apr 2 10:48:15 openvpn[1125]: Expected Remote Options hash (VER=V4): '530fdded'
            Apr 2 10:48:15 openvpn[1125]: Local Options hash (VER=V4): '41690919'
            Apr 2 10:48:15 openvpn[1125]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
            Apr 2 10:48:15 openvpn[1125]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
            Apr 2 10:48:15 openvpn[1125]: LZO compression initialized
            Apr 2 10:48:15 openvpn[1125]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
            Apr 2 10:48:14 openvpn[1125]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
            Apr 2 10:48:14 openvpn[1125]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
            Apr 2 10:46:42 openvpn[358]: Use –help for more information.
            Apr 2 10:46:42 openvpn[358]: Options error: –lport and --nobind don't make sense when used together

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              Dont just copy the config from your windowsbox to the pfSense.
              This WILL mess things up.
              Rather add the equivalent of the content of your windows config file in the pfSense GUI.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • W
                webed
                last edited by

                i didn't do that, i only added the missin configs in the custom options area.

                those are: dev tun;resolv-retry infinite;persist-key;persist-tun;verb 3

                Also after some tests i see that if i ping a computer from console i get replys but from my pc or from webgui i do not get reply.

                1 Reply Last reply Reply Quote 0
                • W
                  webed
                  last edited by

                  after speaking with some guys on irc, i did some tests and the tunnel it's active and the rutes are right, but i still can't access the lan behind the ovpn server :( any hints?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.