Need Help with OpenVPN Pfsense Client to Tested Working Untangle OpenVPN Server

windswept321

Hi,

I've spent a few late nights (and late mornings!) scratching my head over this but I can't figure it out.

I have an openvpn connection set up through bridged untangle behind a m0n0wall box. This is working fine through Tunnelblick (osx openvpn client) but I'm having no joy getting a pfsense box to connect as client. Tunnelblick will connect through the pfsense box.

Untangle OpenVPN Server – M0n0wall -- PPPOE Draytek Modem - INTERNET - PPPOE Draytek Modem -- Pfsense Client -- Tunnelblick (when Testing)

Both internet connections are ADSL (uk) and are with the same ISP with static IPs.

The Server side network is 192.168.0.1 and the Client side is 192.168.1.1

Pfsense Client Settings:

Disable this tunnel uncheck
Protocol UDP
Server address the public IP of the remote network
Server port 1194
Interface IP 192.168.1.0/24 (have had blank also, seems to make no difference.)
Remote network - can't fill in
Proxy Host - blank
Proxy port 3128
Cryptography AES-128-CBC
Authentication method PKI (Public Key Infrastructure)
Shared key blank
CA certificate copied from untangle
Client certificate copied from untangle
Client key copied from untangle
LZO compression - enabled
Limit outgoing bandwidth blank
Dynamic sourceport uncheck
Custom options blank

Tunnelblick Settings:

#AUTOGENERATED BY UNTANGLE DO NOT MODIFY

OpenVPN(v2.0) configuration script

client
proto udp
resolv-retry 20
keepalive 10 120
nobind
mute-replay-warnings
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 2
persist-key
persist-tun
verb 1
tls-exit
dev tun0
cert untangle-vpn/.crt
key untangle-vpn/.key
ca  untangle-vpn/****.crt
remote remote-internet-ip 1194

Tunnelblick connection log:

Thu 01/01/70 01:00 AM: SUCCESS: pid=168
Thu 01/01/70 01:00 AM: SUCCESS: real-time state notification set to ON
Thu 01/01/70 01:00 AM: SUCCESS: real-time log notification set to ON
Wed 08/05/09 01:19 PM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008
Thu 01/01/70 01:00 AM: END
Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
Wed 08/05/09 01:19 PM: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Wed 08/05/09 01:19 PM: WARNING: file 'untangle-vpn/****.key' is group or others accessible
Wed 08/05/09 01:19 PM: LZO compression initialized
Wed 08/05/09 01:19 PM: UDPv4 link local: [undef]
Wed 08/05/09 01:19 PM: UDPv4 link remote: ****:1194
Wed 08/05/09 01:19 PM: [server.does.not.exists] Peer Connection Initiated with ****:1194
Wed 08/05/09 01:19 PM: TUN/TAP device /dev/tun0 opened
Wed 08/05/09 01:19 PM: /sbin/ifconfig tun0 delete
Wed 08/05/09 01:19 PM: NOTE: Tried to delete pre-existing tun/tap instance – No Problem if failure
Wed 08/05/09 01:19 PM: /sbin/ifconfig tun0 172.16.0.5 172.16.0.6 mtu 1500 netmask 255.255.255.255 up
Wed 08/05/09 01:19 PM: Initialization Sequence Completed

This is working and can access remote network.

Pfsense Client OpenVPN Log:

Aug 5 13:05:52 openvpn[3952]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
Aug 5 13:05:53 openvpn[3952]: WARNING: using –pull/--client and --ifconfig together is probably not what you want
Aug 5 13:05:53 openvpn[3952]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 5 13:05:53 openvpn[3952]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
Aug 5 13:05:53 openvpn[3952]: LZO compression initialized
Aug 5 13:05:54 openvpn[3959]: UDPv4 link local (bound): [undef]:1194
Aug 5 13:05:54 openvpn[3959]: UDPv4 link remote: ****:1194
Aug 5 13:06:04 openvpn[3959]: [server.does.not.exists] Peer Connection Initiated with ****:1194
Aug 5 13:06:06 openvpn[3959]: gw **** (google shows this to be a server at my isp)
Aug 5 13:06:06 openvpn[3959]: TUN/TAP device /dev/tun0 opened
Aug 5 13:06:06 openvpn[3959]: /sbin/ifconfig tun0 172.16.0.5 172.16.0.6 mtu 1500 netmask 255.255.255.255 up
Aug 5 13:06:06 openvpn[3959]: /etc/rc.filter_configure tun0 1500 1558 172.16.0.5 172.16.0.6 init
Aug 5 13:06:08 openvpn[338]: SIGTERM[hard,] received, process exiting
Aug 5 13:06:27 openvpn[3959]: Initialization Sequence Completed
Aug 5 13:21:03 openvpn[3959]: [server.does.not.exists] Inactivity timeout (–ping-restart), restarting
Aug 5 13:21:03 openvpn[3959]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 5 13:21:05 openvpn[3959]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 5 13:21:05 openvpn[3959]: Re-using SSL/TLS context
Aug 5 13:21:05 openvpn[3959]: LZO compression initialized
Aug 5 13:21:05 openvpn[3959]: UDPv4 link local (bound): [undef]:1194
Aug 5 13:21:05 openvpn[3959]: UDPv4 link remote: ****:1194
Aug 5 13:21:09 openvpn[3959]: [server.does.not.exists] Peer Connection Initiated with ****:1194
Aug 5 13:21:10 openvpn[3959]: Preserving previous TUN/TAP instance: tun0
Aug 5 13:21:10 openvpn[3959]: Initialization Sequence Completed

This won't allow me to ping or connect to the remote network.

Are there any rules, static routes etc I should add to the Client?

Thanks very much for reading!

fastcon68

Are the server certificates the same on both openvpn servers?  if different that might becausing you issue.
RC