Pulling my hair out pfSense OpenVPN to hosted OpenVPN Access Server
-
Hi All,
Hoping someone might be able to help :-)
I've got a hosted OpenVPN access server which has a public IP address - my home connection doesn't have a static IP and I'm fed up of dynamic DNS. What I'd like to do is configure pfSense to use the OpenVPN Access server so I can NAT any port forwards or in open VPN terms put some services on the LAN of my pfSense in the DMZ.
The OpenVPN Access Server works brilliantly for my mobile phone/laptop but for the life of me I can't get pfSense to work with it. Previously I've used pfSense with PIA really successfully. I can even do the DMZ through to my laptop for a web server for example.
I'm using pfSense 2.4.5-RELEASE-p1 and have imported the relevant CA, client cert, auto-login on the user.
I've set the verb level to 7. I've blanked out the public IP below. Any help would be much appreciated as this would really help me pull off what I'm trying to achieve.
Thanks in advance
Feb 3 14:41:44 openvpn 61547 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 3 14:41:44 openvpn 61547 Re-using SSL/TLS context Feb 3 14:41:44 openvpn 61547 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes Feb 3 14:41:44 openvpn 61547 PID packet_id_init seq_backtrack=64 time_backtrack=15 Feb 3 14:41:44 openvpn 61547 PID packet_id_init seq_backtrack=64 time_backtrack=15 Feb 3 14:41:44 openvpn 61547 PID packet_id_init seq_backtrack=64 time_backtrack=15 Feb 3 14:41:44 openvpn 61547 PID packet_id_init seq_backtrack=64 time_backtrack=15 Feb 3 14:41:44 openvpn 61547 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] Feb 3 14:41:44 openvpn 61547 MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450 Feb 3 14:41:44 openvpn 61547 RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0 Feb 3 14:41:44 openvpn 61547 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Feb 3 14:41:44 openvpn 61547 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 52 bytes Feb 3 14:41:44 openvpn 61547 calc_options_string_link_mtu: link-mtu 1622 -> 1554 Feb 3 14:41:44 openvpn 61547 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 52 bytes Feb 3 14:41:44 openvpn 61547 calc_options_string_link_mtu: link-mtu 1622 -> 1554 Feb 3 14:41:44 openvpn 61547 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' Feb 3 14:41:44 openvpn 61547 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' Feb 3 14:41:44 openvpn 61547 TCP/UDP: Preserving recently used remote address: [AF_INET]publicipwashere:4443 Feb 3 14:41:44 openvpn 61547 Socket Buffers: R=[42080->42080] S=[57344->57344] Feb 3 14:41:44 openvpn 61547 UDPv4 link local (bound): [AF_INET]10.180.0.6:0 Feb 3 14:41:44 openvpn 61547 UDPv4 link remote: [AF_INET]public ip was here:4443 Feb 3 14:41:44 openvpn 61547 TLS Warning: no data channel send key available: [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] Feb 3 14:41:44 openvpn 61547 SENT PING Feb 3 14:41:44 openvpn 61547 UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Feb 3 14:41:46 openvpn 61547 UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Feb 3 14:41:50 openvpn 61547 UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Feb 3 14:41:58 openvpn 61547 UDPv4 WRITE [54] to [AF_INETpublic ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Feb 3 14:42:08 openvpn 61547 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] Feb 3 14:42:08 openvpn 61547 SENT PING Feb 3 14:42:15 openvpn 61547 UDPv4 WRITE [54] to [AF_INET]public ip was here:4443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Feb 3 14:42:25 openvpn 61547 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] Feb 3 14:42:25 openvpn 61547 SENT PING Feb 3 14:42:36 openvpn 61547 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] Feb 3 14:42:36 openvpn 61547 SENT PING Feb 3 14:42:44 openvpn 61547 [UNDEF] Inactivity timeout (--ping-restart), restarting Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 TCP/UDP: Closing socket Feb 3 14:42:44 openvpn 61547 PID packet_id_free Feb 3 14:42:44 openvpn 61547 SIGUSR1[soft,ping-restart] received, process restarting Feb 3 14:42:44 openvpn 61547 Restart pause, 300 second(s) Feb 3 14:43:40 openvpn 61547 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Feb 3 14:43:40 openvpn 61547 MANAGEMENT: CMD 'state 1' Feb 3 14:43:40 openvpn 61547 MANAGEMENT: Client disconnected -
Have you reviewed this doc?:
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-connect-to-oas.html