Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client configuration in Snapshot 06-09-21 and previous

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      Hi guys,

      just made an update of our WRAP here at the company location to Scott's latest Snapshot. Was using 14-09-06 earlier but had the same problem: OpenVPN configured as "Client" wouldn't connect to our OpenVPN machine in the IP Center. After manually reconfiguring the client configuration it worked like charme but after the update it failed again. I now figured out why. pfSense translates the remote IP and port to a statement like:

      remote %ip.ad.re.ss% %port%

      That may be ok (although I don't know it exactly) but it doesn't work (for us). If I rewrite it to

      remote %ip.ad.re.ss%
port %port%

      both parts of the VPN tunnels happily find each other and start to communicate :) I don't know what causes this (as the port statement is an old one) but perhaps you've got some answer in your pockets ;)

      Greets
      Grey

      Don't forget to upvote đź‘Ť those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • F
        fernandotcl
        last edited by 

        remote

        and

        remote <host>port</host>

        are two different things. From the OpenVPN manual (emphasis added):

        @OpenVPN:

        –remote host [port]
            Remote host name or IP address. On the client, multiple –remote options may be specified for redundancy, each referring to a different OpenVPN server.

        [snip]

        –port port
            TCP/UDP port number for both local and remote. The current default of 1194 represents the official IANA port number assignment for OpenVPN and has been used since version 2.0-beta17. Previous versions used port 5000 as the default.

        In other words, when you specify "remote <host><port>", you're saying "connect to host <host>on port <port>", whereas when you say "remote <host>" and "port <port>", you're saying "connect to host <host>on port <port>from port <port>".

        In OpenVPN client mode, the client is assumed to connect from a random client port, and maybe your server is failing to realize that.</port></port></host></port></host></port></host></port></host>

        1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          Ah didn't figure that out - must be missing the "both" keyword in the "ports" keyword description. Thanks for pointing out. Yeah, right, the tunnel is supposed to be established between the two devices on the same port on both ends, as that makes maintaining the firewall ports easier and more transparent.

          Don't forget to upvote đź‘Ť those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.