Need Help with OpenVPN Pfsense Client to Tested Working Untangle OpenVPN Server



  • Hi,

    I've spent a few late nights (and late mornings!) scratching my head over this but I can't figure it out.

    I have an openvpn connection set up through bridged untangle behind a m0n0wall box. This is working fine through Tunnelblick (osx openvpn client) but I'm having no joy getting a pfsense box to connect as client. Tunnelblick will connect through the pfsense box.

    Untangle OpenVPN Server – M0n0wall -- PPPOE Draytek Modem - INTERNET - PPPOE Draytek Modem -- Pfsense Client -- Tunnelblick (when Testing)

    Both internet connections are ADSL (uk) and are with the same ISP with static IPs.

    The Server side network is 192.168.0.1 and the Client side is 192.168.1.1

    Pfsense Client Settings:

    Disable this tunnel uncheck
    Protocol UDP
    Server address the public IP of the remote network
    Server port 1194
    Interface IP 192.168.1.0/24 (have had blank also, seems to make no difference.)
    Remote network - can't fill in
    Proxy Host - blank
    Proxy port 3128
    Cryptography AES-128-CBC
    Authentication method PKI (Public Key Infrastructure)
    Shared key blank
    CA certificate copied from untangle
    Client certificate copied from untangle
    Client key copied from untangle
    LZO compression - enabled
    Limit outgoing bandwidth blank
    Dynamic sourceport uncheck
    Custom options blank

    Tunnelblick Settings:

    #AUTOGENERATED BY UNTANGLE DO NOT MODIFY

    OpenVPN(v2.0) configuration script

    client
    proto udp
    resolv-retry 20
    keepalive 10 120
    nobind
    mute-replay-warnings
    ns-cert-type server
    cipher AES-128-CBC
    comp-lzo
    verb 2
    persist-key
    persist-tun
    verb 1
    tls-exit
    dev tun0
    cert untangle-vpn/.crt
    key untangle-vpn/
    .key
    ca  untangle-vpn/****.crt
    remote remote-internet-ip 1194

    Tunnelblick connection log:

    Thu 01/01/70 01:00 AM: SUCCESS: pid=168
    Thu 01/01/70 01:00 AM: SUCCESS: real-time state notification set to ON
    Thu 01/01/70 01:00 AM: SUCCESS: real-time log notification set to ON
    Wed 08/05/09 01:19 PM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008
    Thu 01/01/70 01:00 AM: END
    Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
    Wed 08/05/09 01:19 PM: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Wed 08/05/09 01:19 PM: WARNING: file 'untangle-vpn/****.key' is group or others accessible
    Wed 08/05/09 01:19 PM: LZO compression initialized
    Wed 08/05/09 01:19 PM: UDPv4 link local: [undef]
    Wed 08/05/09 01:19 PM: UDPv4 link remote: ****:1194
    Wed 08/05/09 01:19 PM: [server.does.not.exists] Peer Connection Initiated with ****:1194
    Wed 08/05/09 01:19 PM: TUN/TAP device /dev/tun0 opened
    Wed 08/05/09 01:19 PM: /sbin/ifconfig tun0 delete
    Wed 08/05/09 01:19 PM: NOTE: Tried to delete pre-existing tun/tap instance – No Problem if failure
    Wed 08/05/09 01:19 PM: /sbin/ifconfig tun0 172.16.0.5 172.16.0.6 mtu 1500 netmask 255.255.255.255 up
    Wed 08/05/09 01:19 PM: Initialization Sequence Completed

    This is working and can access remote network.

    Pfsense Client OpenVPN Log:

    Aug 5 13:05:52 openvpn[3952]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
    Aug 5 13:05:53 openvpn[3952]: WARNING: using –pull/--client and --ifconfig together is probably not what you want
    Aug 5 13:05:53 openvpn[3952]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Aug 5 13:05:53 openvpn[3952]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
    Aug 5 13:05:53 openvpn[3952]: LZO compression initialized
    Aug 5 13:05:54 openvpn[3959]: UDPv4 link local (bound): [undef]:1194
    Aug 5 13:05:54 openvpn[3959]: UDPv4 link remote: ****:1194
    Aug 5 13:06:04 openvpn[3959]: [server.does.not.exists] Peer Connection Initiated with ****:1194
    Aug 5 13:06:06 openvpn[3959]: gw **** (google shows this to be a server at my isp)
    Aug 5 13:06:06 openvpn[3959]: TUN/TAP device /dev/tun0 opened
    Aug 5 13:06:06 openvpn[3959]: /sbin/ifconfig tun0 172.16.0.5 172.16.0.6 mtu 1500 netmask 255.255.255.255 up
    Aug 5 13:06:06 openvpn[3959]: /etc/rc.filter_configure tun0 1500 1558 172.16.0.5 172.16.0.6 init
    Aug 5 13:06:08 openvpn[338]: SIGTERM[hard,] received, process exiting
    Aug 5 13:06:27 openvpn[3959]: Initialization Sequence Completed
    Aug 5 13:21:03 openvpn[3959]: [server.does.not.exists] Inactivity timeout (–ping-restart), restarting
    Aug 5 13:21:03 openvpn[3959]: SIGUSR1[soft,ping-restart] received, process restarting
    Aug 5 13:21:05 openvpn[3959]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Aug 5 13:21:05 openvpn[3959]: Re-using SSL/TLS context
    Aug 5 13:21:05 openvpn[3959]: LZO compression initialized
    Aug 5 13:21:05 openvpn[3959]: UDPv4 link local (bound): [undef]:1194
    Aug 5 13:21:05 openvpn[3959]: UDPv4 link remote: ****:1194
    Aug 5 13:21:09 openvpn[3959]: [server.does.not.exists] Peer Connection Initiated with ****:1194
    Aug 5 13:21:10 openvpn[3959]: Preserving previous TUN/TAP instance: tun0
    Aug 5 13:21:10 openvpn[3959]: Initialization Sequence Completed

    This won't allow me to ping or connect to the remote network.

    Are there any rules, static routes etc I should add to the Client?

    Thanks very much for reading!



  • Are the server certificates the same on both openvpn servers?  if different that might becausing you issue.
    RC


Log in to reply