Latest OpenVPN Clients
-
Hi,
Bit confused on this one. I have OpenVPN setup for client access on PFSense 2.6.0. All works ok as long as older clients are used. If the newer clients are downloaded from OpenVPN it connects ok but no traffic passing.
I cant see it being firewall rules etc as older clients connect and pass traffic.
Any ideas what has changed or needs to be changed somewhere?
thanks
matt
-
@mattym said in Latest OpenVPN Clients:
Any ideas what has changed or needs to be changed somewhere?
"OpenVPN" (the source) changes all the time.
2.6.0 is already "old", so it uses an older OpenVPN server version.
More recent OpenVPN clients might work with this older server version, but you probably need to adapt settings on both sides.
This means : reading that openvpn manual.
IMHO : don't - keep live simple, and keep server and client versions as close a possible to each other.
( not saying that reading the manual is bad, it isn't )If you want to upgrade (== 'change') to the latest version of a server-client pair or setup, you need to upgrade both sides. That's why 2.6.0 is now 'done', and 2.7.0 exists, as pfSense 2.7.0 uses a more recent OpenVPN server version.
[23.05.1-RELEASE][root@pfSense.bhf.net]/root: openvpn --version OpenVPN 2.6.2 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] library versions: OpenSSL 1.1.1t-freebsd 7 Feb 2023, LZO 2.10 DCO version: FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-4 ......pfSense 23.05.1 is comparable to 2.7.0
Btw : Read the first 3 pinned messages here : Home pfSense
Software OpenVPN -
@mattym said in Latest OpenVPN Clients:
Hi,
Bit confused on this one. I have OpenVPN setup for client access on PFSense 2.6.0. All works ok as long as older clients are used. If the newer clients are downloaded from OpenVPN it connects ok but no traffic passing.
I cant see it being firewall rules etc as older clients connect and pass traffic.
Any ideas what has changed or needs to be changed somewhere?
thanks
matt
Hi,
I'm having the same problem, everything worked, but after updating the server to version 2.7.0 both connect but there is no data traffic and I've seen everything, still no solution to this problem, I'll update the other end to see if it will work normally !
-
@EduardoDegan I played around with the compression settings but then the new latest client refused to connect. I will have to upgrade from 2.6.0 to 2.7.0 offline somewhere and test as thats a bit dangerous for me to just upgrade on a whim then find nothing works at all :/
-
@mattym said in Latest OpenVPN Clients:
I played around with the compression settings
Check HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection mentioned above again.
This was written in the beginning of 2022.Compression is disabled by default
What I make of it : "Compression is gone" : the best setting, for the current pfSense version, on the server side, now is :
Compression is still possible, I guess, but then you (really) need to read : https://openvpn.net/community-downloads/, look up the release info for that version.
Btw : by nature : the OpenVPN tunnel is a close to pure random bit stream, which means that is is hard to compress.
-
@Gertjan Yeah I took a guess it might be compression but that might not be the reason. I think it's odd that it happy connects with the latest client no problem at all it just doesn't pass traffic. Older clients connect and pass traffic. Will have to do offline testing to see what needs to be modified on the live box. Will be a pain if its a case of having to change something on PFSense then roll out clients at the same time :/
-
@mattym said in Latest OpenVPN Clients:
Will have to do offline testing to see what needs to be modified on the live box.
Live box ? Like these ?
and done for the Livebox side of things.
-
@Gertjan nope the live PFSense box :)
