4. Vpn gets Up on server, but Donw on Client

Vpn gets Up on server, but Donw on Client

  • J

    Good Morning.
    Scenario:
    Headquarters of the company where I have pfsense 2.2.6. I configured, in Vpn \ OpenVpn \ Server, the vpn server.
    I configured a Peer to Peer (Shared Key) vpn, on port 1196 (1194 is busy),protocol: UDP, Encryption algorithm: aes-256-cbc (256 bit), tunnel network: 10.12.0.0/24, remote network: 192.168.0.0/ 24 (lan from where the client is).

    An Alias ​​has been created pointing to the client WAN ip.
     Rule was created, allowing data traffic coming from Alias ​​on port 1196.

    Client
    Pfsense Version 2.4.4.

    I configured, in Vpn \ OpenVpn \ Client, the Client. I don't have all the data here right now, but I think I did everything the right way. Peer to Peer (Shared Key), protocol: UDP, interface: WAN, Server Port: 1196, Encryption algorithm: aes-256-cbc (256 bit), tunnel network: 10.12.0.0/24, IPv4 Remote Network / s: I put the server WAN ip.

    Shared Key: Key generated on the server.

    Error :
    On the server, vpn status is UP, but on Client VPN status is Donw.
    I don't understand what may be happening.

    0
  • LAYER 8 Rebel Alliance

    2.2.6 is very old and unsupported.
    Upgrade to the latest version first.

    -Rico

    0
  • LAYER 8 Global Moderator

    2015-12-21

    That is when 2.2.6 came out - JFC people... How can anyone think that is ok to not update their firewall? I can see being a bit behind, corp change control etc. etc. But 4 years??

    Prob good opportunity to also change out the hardware, since have to assume its 4+ years old as well?

    What version of openvpn could that be? 2.3.7, maybe .8?

    0
  • J

    Ok. I'll update. I took over the IT department recently and didn't upgrade.

    0
  • J

    Good afternoon.
    Checking the log, I noticed that there was the error "Bad Compression Stub Unpacking Header Byte (69)".

    In the vpn settings, in the Comopression field, I selected the "Omit Preference (use Open Vpn Default)" option.

    The error is no longer happening, it is already possible to access some servers at corporate headquarters, but I cannot communicate with the AD server. I also can't communicate with clients (users' computers) at headquarters.

    0
  • J

    Alias:

    Alias_rede_cliente.png

    0
  • J

    Rule:

    regra criada para permitir o acesso a lan da embaixada.png

    0
  • LAYER 8 Global Moderator

    Doesn't look updated to me...

    0
  • J

    Not really updated yet.
    At the moment I can not upgrade, as it would impact the work of users. I can do it only on the weekend.

    0
  • LAYER 8 Rebel Alliance

    I'd suggest you to grab a spare box and perform the update there / restore your config to make sure everything is going smooth.
    Risky to upgrade from a very old version with just one box if you run critical stuff there.

    -Rico

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy