Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem Switching from shared key to SSL/TLS behind NAT

    OpenVPN
    2
    4
    232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dweimer last edited by

      I am working on switching off of Shared key to SSL/TLS I have a few tunnels switched over already. But when trying to switch a NetGate 3100 that is in a home office behind an ISP provided router I can't get a tunnel to establish with SSL/TLS configured. Peer to Peer shared key works just fine. The only error I can find on the 3100 is

      Exiting due to fatal error
      FreeBSD ifconfig failed: external program exited with error status: 1
      /sbin/ifconfig ovpnc4 10.12.254.42/-1 mtu 1500 up
      TUN/TAP device /dev/tun4 opened
      TUN/TAP device ovpnc4 exists previously, keep at program end
      OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.9.5.0 
      OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
      

      The server side shows the connection as successful and keeps the opvns interface up.
      Changing back to shared key with no other changes and the link comes up. Has anyone else tried a peer to peer SSL/TLS OpenVPN connection with pfsense on client side behind NAT?

      Gertjan 1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan @dweimer last edited by

        @dweimer said in Problem Switching from shared key to SSL/TLS behind NAT:

        Has anyone else tried a peer to peer SSL/TLS OpenVPN connection with pfsense on client side behind NAT?

        Like :

        6b7b2ce4-1f02-4e78-97df-7df1f7aeb1e4-image.png

        and my pfSense is behind another (ISP) router.

        No "help me" PM's please. Use the forum.

        D 1 Reply Last reply Reply Quote 0
        • D
          dweimer @Gertjan last edited by

          @gertjan Yes that would be the one, I have tried every combination of settings I can think of. It just doesn't come up and I can't find an error besides what I already listed. I change it back to Shared Key and it comes right up. Perhaps this is specific to the SG-3100 appliance (on Client). I am trying this after the 23.01 update which I had to do a work around (kldxref /boot/kernel) to fix OpenVPN after the update.

          Gertjan 1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan @dweimer last edited by

            @dweimer

            When you change OpenVPN server settings, you have to re export the OpenVPN client file.
            You've done that, right ?

            No "help me" PM's please. Use the forum.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post