Vpn gets Up on server, but Donw on Client



  • Good Morning.
    Scenario:
    Headquarters of the company where I have pfsense 2.2.6. I configured, in Vpn \ OpenVpn \ Server, the vpn server.
    I configured a Peer to Peer (Shared Key) vpn, on port 1196 (1194 is busy),protocol: UDP, Encryption algorithm: aes-256-cbc (256 bit), tunnel network: 10.12.0.0/24, remote network: 192.168.0.0/ 24 (lan from where the client is).

    An Alias ​​has been created pointing to the client WAN ip.
     Rule was created, allowing data traffic coming from Alias ​​on port 1196.

    Client
    Pfsense Version 2.4.4.

    I configured, in Vpn \ OpenVpn \ Client, the Client. I don't have all the data here right now, but I think I did everything the right way. Peer to Peer (Shared Key), protocol: UDP, interface: WAN, Server Port: 1196, Encryption algorithm: aes-256-cbc (256 bit), tunnel network: 10.12.0.0/24, IPv4 Remote Network / s: I put the server WAN ip.

    Shared Key: Key generated on the server.

    Error :
    On the server, vpn status is UP, but on Client VPN status is Donw.
    I don't understand what may be happening.


  • LAYER 8 Rebel Alliance

    2.2.6 is very old and unsupported.
    Upgrade to the latest version first.

    -Rico


  • LAYER 8 Global Moderator

    2015-12-21

    That is when 2.2.6 came out - JFC people... How can anyone think that is ok to not update their firewall? I can see being a bit behind, corp change control etc. etc. But 4 years??

    Prob good opportunity to also change out the hardware, since have to assume its 4+ years old as well?

    What version of openvpn could that be? 2.3.7, maybe .8?



  • Ok. I'll update. I took over the IT department recently and didn't upgrade.



  • Good afternoon.
    Checking the log, I noticed that there was the error "Bad Compression Stub Unpacking Header Byte (69)".

    In the vpn settings, in the Comopression field, I selected the "Omit Preference (use Open Vpn Default)" option.

    The error is no longer happening, it is already possible to access some servers at corporate headquarters, but I cannot communicate with the AD server. I also can't communicate with clients (users' computers) at headquarters.



  • Alias:

    Alias_rede_cliente.png



  • Rule:

    regra criada para permitir o acesso a lan da embaixada.png


  • LAYER 8 Global Moderator

    Doesn't look updated to me...



  • Not really updated yet.
    At the moment I can not upgrade, as it would impact the work of users. I can do it only on the weekend.


  • LAYER 8 Rebel Alliance

    I'd suggest you to grab a spare box and perform the update there / restore your config to make sure everything is going smooth.
    Risky to upgrade from a very old version with just one box if you run critical stuff there.

    -Rico


Log in to reply