Vpn gets Up on server, but Donw on Client

  • Good Morning.
    Headquarters of the company where I have pfsense 2.2.6. I configured, in Vpn \ OpenVpn \ Server, the vpn server.
    I configured a Peer to Peer (Shared Key) vpn, on port 1196 (1194 is busy),protocol: UDP, Encryption algorithm: aes-256-cbc (256 bit), tunnel network:, remote network: 24 (lan from where the client is).

    An Alias ​​has been created pointing to the client WAN ip.
     Rule was created, allowing data traffic coming from Alias ​​on port 1196.

    Pfsense Version 2.4.4.

    I configured, in Vpn \ OpenVpn \ Client, the Client. I don't have all the data here right now, but I think I did everything the right way. Peer to Peer (Shared Key), protocol: UDP, interface: WAN, Server Port: 1196, Encryption algorithm: aes-256-cbc (256 bit), tunnel network:, IPv4 Remote Network / s: I put the server WAN ip.

    Shared Key: Key generated on the server.

    Error :
    On the server, vpn status is UP, but on Client VPN status is Donw.
    I don't understand what may be happening.

  • LAYER 8 Rebel Alliance

    2.2.6 is very old and unsupported.
    Upgrade to the latest version first.


  • LAYER 8 Global Moderator


    That is when 2.2.6 came out - JFC people... How can anyone think that is ok to not update their firewall? I can see being a bit behind, corp change control etc. etc. But 4 years??

    Prob good opportunity to also change out the hardware, since have to assume its 4+ years old as well?

    What version of openvpn could that be? 2.3.7, maybe .8?

  • Ok. I'll update. I took over the IT department recently and didn't upgrade.

  • Good afternoon.
    Checking the log, I noticed that there was the error "Bad Compression Stub Unpacking Header Byte (69)".

    In the vpn settings, in the Comopression field, I selected the "Omit Preference (use Open Vpn Default)" option.

    The error is no longer happening, it is already possible to access some servers at corporate headquarters, but I cannot communicate with the AD server. I also can't communicate with clients (users' computers) at headquarters.

  • Alias:


  • Rule:

    regra criada para permitir o acesso a lan da embaixada.png

  • LAYER 8 Global Moderator

    Doesn't look updated to me...

  • Not really updated yet.
    At the moment I can not upgrade, as it would impact the work of users. I can do it only on the weekend.

  • LAYER 8 Rebel Alliance

    I'd suggest you to grab a spare box and perform the update there / restore your config to make sure everything is going smooth.
    Risky to upgrade from a very old version with just one box if you run critical stuff there.


Log in to reply