Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Configuration

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 654 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tiger 0
      last edited by

      Hi Netgate Community,

      A customer is having trouble making their OpenVPN work. Can you help us with this?

      Please see attached zip file for reference. It includes their current network setup and the steps they did to configure their OpenVPN.
      OpenVPN.zip

      Best Regards,

      1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600
        last edited by bingo600

        @Tiger-0
        I see two obvious issues , there might be more ... later.

        1: Your modem is prob not forwarding TCP 1194 to the pfsense Wan ip.
        If true the pfSense never sees any OpenVPN packets , from the clients.

        2: Your Client export uses the pfSense wan (192.168.245.135) , as connect ip address not your modems public ip.
        A remote client willl NEVER be able to connect to an RFC1918 address via the internet.

        Fix those issues , and it will prob work.

        Ps: You did notice your Server cert expires looong time before your Client cert

        PPs: Why did you choose TCP 1194 , and not UDP 1194 (as normally used) ?

        Someone else have to explain how to "convince pfSense OpenVPN Server" or maybe just OpenVPN Client export , how to specify the Modems Public IP as the connect IP adress , instead of the RFC1918 Wan IP.

        @kiokoman
        Any wise words ?

        /Bingo

        If you find my answer useful - Please give the post a 👍 - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 1
        • bingo600B
          bingo600
          last edited by bingo600

          Found a hint here (from RICO in 2019)
          https://forum.netgate.com/post/829478

          Seems like you manually have to edit your "Client export ovpn config file"
          And replace your RFC1918 WAN ip with the modem's public ip.

          See post further down.

          /Bingo

          If you find my answer useful - Please give the post a 👍 - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 1
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            why me? 😂
            based on what I see, your current.png draw is wrong you are doing double nat so you have a modem with 192.168.254.254 and your pfsense wan is 192.168.254.135 with a LAN set to 192.168.200.0/24? you must be sure you are port forwarding everything to pfsense from your modem. the best would be to put the modem in bridge and let pfsense handle the public IP, follow @bingo600 suggestions

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            bingo600B 1 Reply Last reply Reply Quote 1
            • bingo600B
              bingo600
              last edited by bingo600

              @Tiger-0
              Seems like you can convince the Client Export to use "Other IP"

              91c9096f-e2d1-4ccf-9b61-bb0df8566038-image.png

              Try to select "Other" , and enter the Modem public ip in the host Name field

              /Bingo

              If you find my answer useful - Please give the post a 👍 - "thumbs up"

              pfSense+ 23.05.1 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

              1 Reply Last reply Reply Quote 0
              • bingo600B
                bingo600 @kiokoman
                last edited by bingo600

                @kiokoman said in OpenVPN Configuration:

                why me? 😂

                You were awake ... (too active) 😁

                If you find my answer useful - Please give the post a 👍 - "thumbs up"

                pfSense+ 23.05.1 (ZFS)

                QOTOM-Q355G4 Quad Lan.
                CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

                1 Reply Last reply Reply Quote 0
                • T
                  Tiger 0
                  last edited by

                  They followed the tutorial given and it works (Locally when LAN Connected to Firewall) Lawrence Systems: https://www.youtube.com/watch?v=PgielyUFGeQ&t=1177s

                  What they trying to achieve is for User can access the local system(server) at home/anywhere using the OpenVPN.

                  Plus: They don't have a Public IP but their ISP provided a Static IP, does their router AP Mode from need to change from Route to Bridge Mode? if it is not needed can you give us other options.
                  They tried to change the WAN configuration aligned to our Static IP (120.28.x.x) but this process ain't working.

                  Pls see also their updated network diagram
                  plan-network.png

                  1 Reply Last reply Reply Quote 0
                  • RicoR
                    Rico LAYER 8 Rebel Alliance
                    last edited by

                    Packet capture the pfSense WAN Interface to check if the OpenVPN traffic even hit pfSense or not.
                    Your problem could be completely upstream (ISP related), you should check this first.

                    -Rico

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.