OpenVPN + OS X Leopard + Shimo Problems

NeeleSteele

I've been reading the posts, and trying to figure out where my issue lies, but its time to turn to you guys :-)

I have a Pfsense running at home and decided to move from having port 22 open from my office, to just having a VPN I can use anywhere…  I followed the tutorials listed here and progressed onto connectiong w/o any issues.

I am running OS X 10.5.7 on a MBP and using Shimo (http://www.shimoapp.com/) to connect.  I've been using Shimo for years to connect to my Cisco Concentrator at the data center and noticed it supports a lot more VPNs, IPSec, OVPN, etc.

I can connect successfully, but cannot connect/ping/ssh/ftp/http to anything, zero connection :-(

Here is my configuration:

PFSense:
LAN = 192.168.10.1 (192.168.10.0/24)

OpenVPN Server Config:

Protocol: UDP
Dynamic IP: Checked
Local Port: 1194
Address Pool: 192.168.200.0/24
Local Network: 192.168.10.0/24
Crypto: BF-CBC (128-bit) (DEFAULT)
Authentication Method: PKI

All the correct keys are pasted in.

Firewall Rules:

LAN:

PASS
Protocol *
Source 192.168.200.0/24
Source Port *
Destination: (Tried both LAN net & *)
Gateway *

WAN:

PASS
Protocol UDP
Source *
Source Port *
Destination *
Destination Port 1194 (OpenVPN)
Gateway *

Shimo is configured with OpenVPN, and TUN, Certs/Keys & IP. And reconnect of 30 seconds.
I receive no errors on the Mac and actually see myself connected on the PFSense:

Jun 12 10:39:31 openvpn[35940]: 75.251.218.188:49207 [client-macbookpro-windows] Peer Connection Initiated with 75.251.218.188:49207
Jun 12 10:40:32 openvpn[35940]: 75.251.218.188:49208 Re-using SSL/TLS context
Jun 12 10:40:34 openvpn[35940]: 75.251.218.188:49208 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Jun 12 10:40:34 openvpn[35940]: 75.251.218.188:49208 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jun 12 10:40:35 openvpn[35940]: 75.251.218.188:49208 [client-macbookpro-windows] Peer Connection Initiated with 75.251.218.188:49208

And here's the output of a netstat on my MBP:

Destination        Gateway            Flags    Refs      Use  Netif Expire
default            66.174.XXX.XXX      UGSc      94      11  ppp0
66.174.XXX.XXX      75.251.XXX.XXX    UH        95        3  ppp0
75                ppp0              USc        5        0  ppp0
127                127.0.0.1          UCS        0        0    lo0
127.0.0.1          127.0.0.1          UH          6    1628    lo0
192.168.10        192.168.200.5      UGSc        1      785  tun0
192.168.200.1/32  192.168.200.5      UGSc        0        0  tun0
192.168.200.5      192.168.200.6      UH          3        0  tun0

Internet6:
Destination                            Gateway                        Flags      Netif Expire
::1                                    link#1                          UHL        lo0
fe80::%lo0/64                          fe80::1%lo0                    Uc          lo0
fe80::1%lo0                            link#1                          UHL        lo0
ff01::/32                              ::1                            U          lo0
ff02::/32                              ::1                            UC          lo0

I think I've provided about all the info I can, any help on this would be GREATLY appreciated.

Thanks,

Neil.

onhel

Check your LZO compression setting, your logs are complaining that LZO compression is enabled only on one side of your tunnel.

Same with MTU, mismatched settings.  Not familiar with Shimo so check your settings there match your pfSense OVPN settings

NeeleSteele

You're the man! I had (in Shimo) Compression set to Disabled, and changed it to "Never" and somehow that fixed it…. go figure :-)

Thanks!