Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need Help with OpenVPN Pfsense Client to Tested Working Untangle OpenVPN Server

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      windswept321
      last edited by

      Hi,

      I've spent a few late nights (and late mornings!) scratching my head over this but I can't figure it out.

      I have an openvpn connection set up through bridged untangle behind a m0n0wall box. This is working fine through Tunnelblick (osx openvpn client) but I'm having no joy getting a pfsense box to connect as client. Tunnelblick will connect through the pfsense box.

      Untangle OpenVPN Server – M0n0wall -- PPPOE Draytek Modem - INTERNET - PPPOE Draytek Modem -- Pfsense Client -- Tunnelblick (when Testing)

      Both internet connections are ADSL (uk) and are with the same ISP with static IPs.

      The Server side network is 192.168.0.1 and the Client side is 192.168.1.1

      Pfsense Client Settings:

      Disable this tunnel uncheck
      Protocol UDP
      Server address the public IP of the remote network
      Server port 1194
      Interface IP 192.168.1.0/24 (have had blank also, seems to make no difference.)
      Remote network - can't fill in
      Proxy Host - blank
      Proxy port 3128
      Cryptography AES-128-CBC
      Authentication method PKI (Public Key Infrastructure)
      Shared key blank
      CA certificate copied from untangle
      Client certificate copied from untangle
      Client key copied from untangle
      LZO compression - enabled
      Limit outgoing bandwidth blank
      Dynamic sourceport uncheck
      Custom options blank

      Tunnelblick Settings:

      #AUTOGENERATED BY UNTANGLE DO NOT MODIFY

      OpenVPN(v2.0) configuration script

      client
      proto udp
      resolv-retry 20
      keepalive 10 120
      nobind
      mute-replay-warnings
      ns-cert-type server
      cipher AES-128-CBC
      comp-lzo
      verb 2
      persist-key
      persist-tun
      verb 1
      tls-exit
      dev tun0
      cert untangle-vpn/.crt
      key untangle-vpn/
      .key
      ca  untangle-vpn/****.crt
      remote remote-internet-ip 1194

      Tunnelblick connection log:

      Thu 01/01/70 01:00 AM: SUCCESS: pid=168
      Thu 01/01/70 01:00 AM: SUCCESS: real-time state notification set to ON
      Thu 01/01/70 01:00 AM: SUCCESS: real-time log notification set to ON
      Wed 08/05/09 01:19 PM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008
      Thu 01/01/70 01:00 AM: END
      Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
      Wed 08/05/09 01:19 PM: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Wed 08/05/09 01:19 PM: WARNING: file 'untangle-vpn/****.key' is group or others accessible
      Wed 08/05/09 01:19 PM: LZO compression initialized
      Wed 08/05/09 01:19 PM: UDPv4 link local: [undef]
      Wed 08/05/09 01:19 PM: UDPv4 link remote: ****:1194
      Wed 08/05/09 01:19 PM: [server.does.not.exists] Peer Connection Initiated with ****:1194
      Wed 08/05/09 01:19 PM: TUN/TAP device /dev/tun0 opened
      Wed 08/05/09 01:19 PM: /sbin/ifconfig tun0 delete
      Wed 08/05/09 01:19 PM: NOTE: Tried to delete pre-existing tun/tap instance – No Problem if failure
      Wed 08/05/09 01:19 PM: /sbin/ifconfig tun0 172.16.0.5 172.16.0.6 mtu 1500 netmask 255.255.255.255 up
      Wed 08/05/09 01:19 PM: Initialization Sequence Completed

      This is working and can access remote network.

      Pfsense Client OpenVPN Log:

      Aug 5 13:05:52 openvpn[3952]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
      Aug 5 13:05:53 openvpn[3952]: WARNING: using –pull/--client and --ifconfig together is probably not what you want
      Aug 5 13:05:53 openvpn[3952]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Aug 5 13:05:53 openvpn[3952]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
      Aug 5 13:05:53 openvpn[3952]: LZO compression initialized
      Aug 5 13:05:54 openvpn[3959]: UDPv4 link local (bound): [undef]:1194
      Aug 5 13:05:54 openvpn[3959]: UDPv4 link remote: ****:1194
      Aug 5 13:06:04 openvpn[3959]: [server.does.not.exists] Peer Connection Initiated with ****:1194
      Aug 5 13:06:06 openvpn[3959]: gw **** (google shows this to be a server at my isp)
      Aug 5 13:06:06 openvpn[3959]: TUN/TAP device /dev/tun0 opened
      Aug 5 13:06:06 openvpn[3959]: /sbin/ifconfig tun0 172.16.0.5 172.16.0.6 mtu 1500 netmask 255.255.255.255 up
      Aug 5 13:06:06 openvpn[3959]: /etc/rc.filter_configure tun0 1500 1558 172.16.0.5 172.16.0.6 init
      Aug 5 13:06:08 openvpn[338]: SIGTERM[hard,] received, process exiting
      Aug 5 13:06:27 openvpn[3959]: Initialization Sequence Completed
      Aug 5 13:21:03 openvpn[3959]: [server.does.not.exists] Inactivity timeout (–ping-restart), restarting
      Aug 5 13:21:03 openvpn[3959]: SIGUSR1[soft,ping-restart] received, process restarting
      Aug 5 13:21:05 openvpn[3959]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Aug 5 13:21:05 openvpn[3959]: Re-using SSL/TLS context
      Aug 5 13:21:05 openvpn[3959]: LZO compression initialized
      Aug 5 13:21:05 openvpn[3959]: UDPv4 link local (bound): [undef]:1194
      Aug 5 13:21:05 openvpn[3959]: UDPv4 link remote: ****:1194
      Aug 5 13:21:09 openvpn[3959]: [server.does.not.exists] Peer Connection Initiated with ****:1194
      Aug 5 13:21:10 openvpn[3959]: Preserving previous TUN/TAP instance: tun0
      Aug 5 13:21:10 openvpn[3959]: Initialization Sequence Completed

      This won't allow me to ping or connect to the remote network.

      Are there any rules, static routes etc I should add to the Client?

      Thanks very much for reading!

      1 Reply Last reply Reply Quote 0
      • F
        fastcon68
        last edited by

        Are the server certificates the same on both openvpn servers?  if different that might becausing you issue.
        RC

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.