• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] OpenVPN Issues with SlickVPN

Scheduled Pinned Locked Moved OpenVPN
3 Posts 3 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MrLinux
    last edited by MrLinux Sep 17, 2019, 9:21 AM Sep 17, 2019, 9:18 AM

    Hi All,

    This is more of a PSA since I've been struggling to get OpenVPN working with SlickVPN (my VPN provider) for the last few days.

    The general tutorials out there are still valid, although they use an older version of pfSense (<2.4.4). For SlickVPN, the critical part is to make sure compression is setup right.

    Tunnel Settings > Compression: Omit Preference (Use OpenVPN Default).
    I was using "No LZO Compression" before, which was wrong.

    Other settings I have that differ from the PIA config settings:

    1. Custom Options
      keepalive 10 120;
      remote-cert-tls server;
      redirect-gateway;
      link-mtu 1557;

    2. Cryptographic Settings
      Encryption Algorithm: AES-256-CBC
      NCP Algorithms: AES-256-CBC

    3. CA Cert
      https://www.slickvpn.com/tutorials/using-openvpn-with-ubuntu-mint-network-manager/

    Once the connection is established, you shouldn't see anything after Sep 17 02:02:03 pfSense openvpn[63732]: Initialization Sequence Completed in the OpenVPN logs.

    During my troubleshooting, I was getting various errors like these after "Initialization Sequence Completed"

    • Bad LZO decompression header byte: 42
    • event_wait : Interrupted system call (code=4)
    • MANAGEMENT: Client disconnected
    • TCP/UDP: Closing socket
    • TLS Error: TLS handshake failed
    • Authenticate/Decrypt packet error: packet HMAC authentication failed
    1 Reply Last reply Reply Quote 0
    • J
      JonesTech
      last edited by Sep 19, 2020, 2:03 PM

      Sorry to resurrect this thread, but can you share the actual config page for this? I keep getting TLS handshake failed, no matter what I do. Any help is greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • A
        alvarow
        last edited by Mar 22, 2021, 2:01 PM

        I'm on 2.5 (upgraded from working 2.4.5p1) I imported both their CA the client certificate and set

        Data Encryption Algorithms to:
        Encryption Algorithm: AES-256-CBC
        NCP Algorithms: AES-256-CBC

        The Fallback Data Encryption Algorithm to:

        AES-256-CBC

        Auth digest algorithm to:

        SHA1 (160-bit)

        Allow compression:

        Decompress incoming, do not compress outgoing (Asymmetric)

        Compression:

        Disable Compression [Omit Preference]

        Topology:

        net30 - Isolated /30 network per client

        Ping settings set to:

        Inactive:
        0

        Ping method:
        keepalive

        Interval:
        15

        Timeout:
        120

        Custom options:
        remote-cert-tls server;

        I do have my default gateway set to my ISP, and I and set rules for the packets I want routed via the tunnel. I also tag the packets and added a floating rule looking for those tagged packets in case the tunnel is down,and drop them, since vpn traffic I want out the tunnel only and never routed via default gateway.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          [[user:consent.lead]]
          [[user:consent.not_received]]