Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn Site to site SSL\TLS issue Pfsense+ 23.01

    OpenVPN
    1
    2
    120
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tbaror last edited by tbaror

      Hello,

      I am trying to set site to site with SSL\TLS autentication with no luck, i have set many site to site before

      but this one giving me hard time , cant figure out what is wrong

      the Server side is Pfsense 2.6 version ,client side is Pfsense+ 23.01 Netgate 6100 , after setting all configuration , i keep getting error that i very generic and i cant figure out whats wrong, the error is as followed below

      Please below

      Please advice

      Thanks

      Mar 17 22:40:56 	openvpn 	35224 	TUN/TAP device ovpnc1 exists previously, keep at program end
      Mar 17 22:40:56 	openvpn 	35224 	TUN/TAP device /dev/tun1 opened
      Mar 17 22:40:56 	openvpn 	35224 	/sbin/ifconfig ovpnc1 10.0.21.2/-1 mtu 1500 up
      Mar 17 22:40:56 	openvpn 	35224 	FreeBSD ifconfig failed: external program exited with error status: 1
      Mar 17 22:40:56 	openvpn 	35224 	Exiting due to fatal error 
      

      client side config

      dev ovpnc1
      disable-dco
      verb 3
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp4
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 14.194.25.202
      tls-client
      lport 0
      management /var/etc/openvpn/client1/sock unix
      remote x.x.x.162 1211 udp4
      ifconfig 10.0.21.2 10.0.21.1
      remote-cert-tls server
      capath /var/etc/openvpn/client1/ca
      cert /var/etc/openvpn/client1/cert 
      key /var/etc/openvpn/client1/key 
      tls-auth /var/etc/openvpn/client1/tls-auth 1
      data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      data-ciphers-fallback AES-256-CBC
      allow-compression no
      resolv-retry infinite
      topology subnet
      explicit-exit-notify 1
      

      server side

      dev ovpns7
      verb 1
      dev-type tun
      dev-node /dev/tun7
      writepid /var/run/openvpn_server7.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp4
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local x.x.x.162
      tls-server
      server 10.0.21.0 255.255.255.0
      client-config-dir /var/etc/openvpn/server7/csc
      ifconfig 10.0.21.1 10.0.21.2
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'UkVpnServer' 1"
      lport 1211
      management /var/etc/openvpn/server7/sock unix
      push "route 172.22.0.0 255.255.248.0"
      push "route 10.20.0.0 255.255.0.0"
      push "route 10.40.0.0 255.255.0.0"
      push "route 10.62.0.0 255.255.0.0"
      push "route 10.109.0.0 255.255.0.0"
      duplicate-cn
      remote-cert-tls client
      route 172.28.91.0 255.255.255.0
      capath /var/etc/openvpn/server7/ca
      cert /var/etc/openvpn/server7/cert 
      key /var/etc/openvpn/server7/key 
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server7/tls-auth 0
      data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      data-ciphers-fallback AES-256-CBC
      allow-compression no
      persist-remote-ip
      float
      topology subnet
      explicit-exit-notify 1
      inactive 300
      sndbuf 524288
      rcvbuf 524288
      
      T 1 Reply Last reply Reply Quote 0
      • T
        tbaror @tbaror last edited by

        @tbaror Just to add to this post that i configured client from another system to connect to the same server used it on CE ver 2.6 and works flawlessly
        so i start to assume there is issue with current 23.01 or i missed extra step on this version
        Please advice
        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post