• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problem Switching from shared key to SSL/TLS behind NAT

Scheduled Pinned Locked Moved OpenVPN
4 Posts 2 Posters 663 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dweimer
    last edited by Mar 8, 2023, 5:33 PM

    I am working on switching off of Shared key to SSL/TLS I have a few tunnels switched over already. But when trying to switch a NetGate 3100 that is in a home office behind an ISP provided router I can't get a tunnel to establish with SSL/TLS configured. Peer to Peer shared key works just fine. The only error I can find on the 3100 is

    Exiting due to fatal error
    FreeBSD ifconfig failed: external program exited with error status: 1
    /sbin/ifconfig ovpnc4 10.12.254.42/-1 mtu 1500 up
    TUN/TAP device /dev/tun4 opened
    TUN/TAP device ovpnc4 exists previously, keep at program end
    OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.9.5.0 
    OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
    

    The server side shows the connection as successful and keeps the opvns interface up.
    Changing back to shared key with no other changes and the link comes up. Has anyone else tried a peer to peer SSL/TLS OpenVPN connection with pfsense on client side behind NAT?

    G 1 Reply Last reply Mar 10, 2023, 7:46 AM Reply Quote 0
    • G
      Gertjan @dweimer
      last edited by Mar 10, 2023, 7:46 AM

      @dweimer said in Problem Switching from shared key to SSL/TLS behind NAT:

      Has anyone else tried a peer to peer SSL/TLS OpenVPN connection with pfsense on client side behind NAT?

      Like :

      6b7b2ce4-1f02-4e78-97df-7df1f7aeb1e4-image.png

      and my pfSense is behind another (ISP) router.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      D 1 Reply Last reply Mar 10, 2023, 7:12 PM Reply Quote 0
      • D
        dweimer @Gertjan
        last edited by Mar 10, 2023, 7:12 PM

        @gertjan Yes that would be the one, I have tried every combination of settings I can think of. It just doesn't come up and I can't find an error besides what I already listed. I change it back to Shared Key and it comes right up. Perhaps this is specific to the SG-3100 appliance (on Client). I am trying this after the 23.01 update which I had to do a work around (kldxref /boot/kernel) to fix OpenVPN after the update.

        G 1 Reply Last reply Mar 13, 2023, 8:00 AM Reply Quote 0
        • G
          Gertjan @dweimer
          last edited by Mar 13, 2023, 8:00 AM

          @dweimer

          When you change OpenVPN server settings, you have to re export the OpenVPN client file.
          You've done that, right ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received