OpenVPN + OS X Leopard + Shimo Problems
-
I've been reading the posts, and trying to figure out where my issue lies, but its time to turn to you guys :-)
I have a Pfsense running at home and decided to move from having port 22 open from my office, to just having a VPN I can use anywhere… I followed the tutorials listed here and progressed onto connectiong w/o any issues.
I am running OS X 10.5.7 on a MBP and using Shimo (http://www.shimoapp.com/) to connect. I've been using Shimo for years to connect to my Cisco Concentrator at the data center and noticed it supports a lot more VPNs, IPSec, OVPN, etc.
I can connect successfully, but cannot connect/ping/ssh/ftp/http to anything, zero connection :-(
Here is my configuration:
PFSense:
LAN = 192.168.10.1 (192.168.10.0/24)OpenVPN Server Config:
Protocol: UDP
Dynamic IP: Checked
Local Port: 1194
Address Pool: 192.168.200.0/24
Local Network: 192.168.10.0/24
Crypto: BF-CBC (128-bit) (DEFAULT)
Authentication Method: PKIAll the correct keys are pasted in.
Firewall Rules:
LAN:
PASS
Protocol *
Source 192.168.200.0/24
Source Port *
Destination: (Tried both LAN net & *)
Gateway *WAN:
PASS
Protocol UDP
Source *
Source Port *
Destination *
Destination Port 1194 (OpenVPN)
Gateway *Shimo is configured with OpenVPN, and TUN, Certs/Keys & IP. And reconnect of 30 seconds.
I receive no errors on the Mac and actually see myself connected on the PFSense:Jun 12 10:39:31 openvpn[35940]: 75.251.218.188:49207 [client-macbookpro-windows] Peer Connection Initiated with 75.251.218.188:49207
Jun 12 10:40:32 openvpn[35940]: 75.251.218.188:49208 Re-using SSL/TLS context
Jun 12 10:40:34 openvpn[35940]: 75.251.218.188:49208 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Jun 12 10:40:34 openvpn[35940]: 75.251.218.188:49208 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jun 12 10:40:35 openvpn[35940]: 75.251.218.188:49208 [client-macbookpro-windows] Peer Connection Initiated with 75.251.218.188:49208And here's the output of a netstat on my MBP:
Destination Gateway Flags Refs Use Netif Expire
default 66.174.XXX.XXX UGSc 94 11 ppp0
66.174.XXX.XXX 75.251.XXX.XXX UH 95 3 ppp0
75 ppp0 USc 5 0 ppp0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 6 1628 lo0
192.168.10 192.168.200.5 UGSc 1 785 tun0
192.168.200.1/32 192.168.200.5 UGSc 0 0 tun0
192.168.200.5 192.168.200.6 UH 3 0 tun0Internet6:
Destination Gateway Flags Netif Expire
::1 link#1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
ff01::/32 ::1 U lo0
ff02::/32 ::1 UC lo0I think I've provided about all the info I can, any help on this would be GREATLY appreciated.
Thanks,
Neil.
-
Check your LZO compression setting, your logs are complaining that LZO compression is enabled only on one side of your tunnel.
Same with MTU, mismatched settings. Not familiar with Shimo so check your settings there match your pfSense OVPN settings
-
You're the man! I had (in Shimo) Compression set to Disabled, and changed it to "Never" and somehow that fixed it…. go figure :-)
Thanks!