Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Specific Overrides Not Working after Device Swap

    OpenVPN
    2
    2
    76
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      James92
      last edited by

      Hello,

      I have been tasked with swapping an ailing firewall at a client's site but have had a problem with the OpenVPN server.

      The existing firewall is running PFSense 2.4.4 and simply downloading the config and uploading it to the new firewall, which is PFSense+ (I don't have the version number but can get it tomorrow) copied most data but unfortunately the VPN service would not run no matter what I did.

      To combat this, deleted the VPN Server and created a new one using the existing certificate(s) and TLS key.

      The VPN uses Client Specific Overrides to allow remote servers to communicate with a local server to transmit critical data into a SCADA system. These work on the old firewall with no issue.

      When I created this new VPN server it would show correct connction in the logs:
      "Apr 25 12:53:14 openvpn 27301 openvpn server 'ovpns1' user 'xxxxx' address 'xx.xx.xx.xx:6912' - connecting
      Apr 25 12:53:14 openvpn 74576 openvpn server 'ovpns1' user 'xxxxxx' address 'xx.xx.xx.xx:6912' - connected"

      Unfortunately, the IPs that the server seemed to be assigning the clients were incorrect. Some of them were using each other's IPs and some were using non-assigned IPs. They are set to increase the IP by .2 each time: client 1 being 10.0.0.2 client 2 being 10.0.0.4 etc. However, two of the IPs were 10.0.0.3 and 10.0.0.5 which should not be assigned at all. Of the four active clients they were assigned the four consecutive IPs from 10.0.0.2 - 10.0.0.5.

      I have double and triple checked CNs and they are all definitely correct.

      I'm sure there's something I'm missing, as the VPN Server settings are slightly different between PFSense and PFSense+ but any help would be greatly appreciated (either in getting the Client Specific Overrides working or just getting the service working with the existing VPN).

      TIA

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @James92
        last edited by

        @James92
        It's pretty hard to tell you, what's wrong there, when only seeing two rows extracted from the log.

        Clear the OpenVPN log. Go into the server settings and set the log verbosity level to 4. Then try to connect from a client.

        Post the whole OpenVPN log after. You can obscure public IPs of course.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.