Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pulling my hair out pfSense OpenVPN to hosted OpenVPN Access Server

    OpenVPN
    2
    2
    367
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rgr88 last edited by

      Hi All,

      Hoping someone might be able to help :-)

      I've got a hosted OpenVPN access server which has a public IP address - my home connection doesn't have a static IP and I'm fed up of dynamic DNS. What I'd like to do is configure pfSense to use the OpenVPN Access server so I can NAT any port forwards or in open VPN terms put some services on the LAN of my pfSense in the DMZ.

      The OpenVPN Access Server works brilliantly for my mobile phone/laptop but for the life of me I can't get pfSense to work with it. Previously I've used pfSense with PIA really successfully. I can even do the DMZ through to my laptop for a web server for example.

      I'm using pfSense 2.4.5-RELEASE-p1 and have imported the relevant CA, client cert, auto-login on the user.

      I've set the verb level to 7. I've blanked out the public IP below. Any help would be much appreciated as this would really help me pull off what I'm trying to achieve.

      Thanks in advance

      Feb 3 14:41:44	openvpn	61547	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Feb 3 14:41:44	openvpn	61547	Re-using SSL/TLS context
      Feb 3 14:41:44	openvpn	61547	crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes
      Feb 3 14:41:44	openvpn	61547	PID packet_id_init seq_backtrack=64 time_backtrack=15
      Feb 3 14:41:44	openvpn	61547	PID packet_id_init seq_backtrack=64 time_backtrack=15
      Feb 3 14:41:44	openvpn	61547	PID packet_id_init seq_backtrack=64 time_backtrack=15
      Feb 3 14:41:44	openvpn	61547	PID packet_id_init seq_backtrack=64 time_backtrack=15
      Feb 3 14:41:44	openvpn	61547	Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
      Feb 3 14:41:44	openvpn	61547	MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450
      Feb 3 14:41:44	openvpn	61547	RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0
      Feb 3 14:41:44	openvpn	61547	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
      Feb 3 14:41:44	openvpn	61547	crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 52 bytes
      Feb 3 14:41:44	openvpn	61547	calc_options_string_link_mtu: link-mtu 1622 -> 1554
      Feb 3 14:41:44	openvpn	61547	crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 52 bytes
      Feb 3 14:41:44	openvpn	61547	calc_options_string_link_mtu: link-mtu 1622 -> 1554
      Feb 3 14:41:44	openvpn	61547	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
      Feb 3 14:41:44	openvpn	61547	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
      Feb 3 14:41:44	openvpn	61547	TCP/UDP: Preserving recently used remote address: [AF_INET]publicipwashere:4443
      Feb 3 14:41:44	openvpn	61547	Socket Buffers: R=[42080->42080] S=[57344->57344]
      Feb 3 14:41:44	openvpn	61547	UDPv4 link local (bound): [AF_INET]10.180.0.6:0
      Feb 3 14:41:44	openvpn	61547	UDPv4 link remote: [AF_INET]public ip was here:4443
      Feb 3 14:41:44	openvpn	61547	TLS Warning: no data channel send key available: [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
      Feb 3 14:41:44	openvpn	61547	SENT PING
      Feb 3 14:41:44	openvpn	61547	UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
      Feb 3 14:41:46	openvpn	61547	UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
      Feb 3 14:41:50	openvpn	61547	UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
      Feb 3 14:41:58	openvpn	61547	UDPv4 WRITE [54] to [AF_INETpublic ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
      Feb 3 14:42:08	openvpn	61547	TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
      Feb 3 14:42:08	openvpn	61547	SENT PING
      Feb 3 14:42:15	openvpn	61547	UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
      Feb 3 14:42:25	openvpn	61547	TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
      Feb 3 14:42:25	openvpn	61547	SENT PING
      Feb 3 14:42:36	openvpn	61547	TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
      Feb 3 14:42:36	openvpn	61547	SENT PING
      Feb 3 14:42:44	openvpn	61547	[UNDEF] Inactivity timeout (--ping-restart), restarting
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	TCP/UDP: Closing socket
      Feb 3 14:42:44	openvpn	61547	PID packet_id_free
      Feb 3 14:42:44	openvpn	61547	SIGUSR1[soft,ping-restart] received, process restarting
      Feb 3 14:42:44	openvpn	61547	Restart pause, 300 second(s)
      Feb 3 14:43:40	openvpn	61547	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Feb 3 14:43:40	openvpn	61547	MANAGEMENT: CMD 'state 1'
      Feb 3 14:43:40	openvpn	61547	MANAGEMENT: Client disconnected
      
      M 1 Reply Last reply Reply Quote 0
      • M
        marvosa @rgr88 last edited by

        Have you reviewed this doc?:

        https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-connect-to-oas.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post