Little question about OVPN



  • Hello guys

    I've been useing pfsense for some time now, but i use it basicali as a router and a firewall, nothing more, i liked it because it's very simple to install and configure.

    My problem is this:
    At my job i ahve an openvpnserver, i do not know which version which platform or anything about it i just have a payr of keys that i use to connect with ovpn-gui from windows. Last night after i had some problems to install ovpn on vista i found out that i can use pfsense to connect automaticaly to the server and create a tunnel.

    I configured a client i put all the configs from the .ovpn file, but i do not know how to make pfsense to connect to that server or at least to tell me if it's able to connect or not.

    Thx alot guys.



  • The automatically generated config files can be found in /var/etc/
    Try to compare the config with the config you got from your company.

    To view the logs:
    status –> system logs --> openVPN

    pfSense just stats the connection as long as you dont disable to tunnel.



  • thx alot for your answer
    i managed to find the log files but i cannot ping, right now i will look on the config file and i will try to replace with the one i got from my company, also i see that ovpn already added the rutes, i will try some more things and i will reply

    thx alot again



  • i added some missing params and now as it looks in the log the system is ok but i still can't ping a host from my office :(

    Apr 2 10:48:17 openvpn[1130]: Initialization Sequence Completed
    Apr 2 10:48:17 openvpn[1130]: /sbin/route add -net 192.168.201.1 192.168.201.97 255.255.255.255
    Apr 2 10:48:17 openvpn[1130]: /sbin/route add -net 192.168.200.0 192.168.201.97 255.255.255.0
    Apr 2 10:48:16 openvpn[1130]: /etc/rc.filter_configure tun0 1500 1542 192.168.201.98 192.168.201.97 init
    Apr 2 10:48:16 openvpn[1130]: /sbin/ifconfig tun0 192.168.201.98 192.168.201.97 mtu 1500 netmask 255.255.255.255 up
    Apr 2 10:48:16 openvpn[1130]: TUN/TAP device /dev/tun0 opened
    Apr 2 10:48:16 openvpn[1130]: gw 192.168.57.1
    Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
    Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: route options modified
    Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: –ifconfig/up options modified
    Apr 2 10:48:16 openvpn[1130]: OPTIONS IMPORT: timers and/or timeouts modified
    Apr 2 10:48:16 openvpn[1130]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.6)
    Apr 2 10:48:16 openvpn[1130]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.200.0 255.255.255.0,dhcp-option DNS 192.168.200.3,route 192.168.201.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.201.98 192.168.201.97'
    Apr 2 10:48:16 openvpn[1130]: SENT CONTROL [compaq]: 'PUSH_REQUEST' (status=1)
    Apr 2 10:48:15 openvpn[1130]: [compaq] Peer Connection Initiated with 82.76.xxx.xxx:1194
    Apr 2 10:48:15 openvpn[1130]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Apr 2 10:48:15 openvpn[1130]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Apr 2 10:48:15 openvpn[1130]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Apr 2 10:48:15 openvpn[1130]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Apr 2 10:48:15 openvpn[1130]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Apr 2 10:48:15 openvpn[1130]: VERIFY OK: depth=0, /C=RO/ST=BU/O=…...
    Apr 2 10:48:15 openvpn[1130]: VERIFY OK: depth=1, /C=RO/ST=BU/L=…....
    Apr 2 10:48:15 openvpn[1130]: TLS: Initial packet from 82.76.xxx.xxx:1194, sid=60efc74c d9fc2b4b
    Apr 2 10:48:15 openvpn[1130]: UDPv4 link remote: 82.76.xxx.xxx:1194
    Apr 2 10:48:15 openvpn[1130]: UDPv4 link local (bound): [undef]:1194
    Apr 2 10:48:15 openvpn[1125]: Expected Remote Options hash (VER=V4): '530fdded'
    Apr 2 10:48:15 openvpn[1125]: Local Options hash (VER=V4): '41690919'
    Apr 2 10:48:15 openvpn[1125]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Apr 2 10:48:15 openvpn[1125]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Apr 2 10:48:15 openvpn[1125]: LZO compression initialized
    Apr 2 10:48:15 openvpn[1125]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
    Apr 2 10:48:14 openvpn[1125]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Apr 2 10:48:14 openvpn[1125]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
    Apr 2 10:46:42 openvpn[358]: Use –help for more information.
    Apr 2 10:46:42 openvpn[358]: Options error: –lport and --nobind don't make sense when used together



  • Dont just copy the config from your windowsbox to the pfSense.
    This WILL mess things up.
    Rather add the equivalent of the content of your windows config file in the pfSense GUI.



  • i didn't do that, i only added the missin configs in the custom options area.

    those are: dev tun;resolv-retry infinite;persist-key;persist-tun;verb 3

    Also after some tests i see that if i ping a computer from console i get replys but from my pc or from webgui i do not get reply.



  • after speaking with some guys on irc, i did some tests and the tunnel it's active and the rutes are right, but i still can't access the lan behind the ovpn server :( any hints?


Log in to reply