• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN Client configuration in Snapshot 06-09-21 and previous

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 3.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JeGr LAYER 8 Moderator
    last edited by Sep 26, 2006, 5:42 AM

    Hi guys,

    just made an update of our WRAP here at the company location to Scott's latest Snapshot. Was using 14-09-06 earlier but had the same problem: OpenVPN configured as "Client" wouldn't connect to our OpenVPN machine in the IP Center. After manually reconfiguring the client configuration it worked like charme but after the update it failed again. I now figured out why. pfSense translates the remote IP and port to a statement like:

    remote %ip.ad.re.ss% %port%

    That may be ok (although I don't know it exactly) but it doesn't work (for us). If I rewrite it to

    remote %ip.ad.re.ss%
port %port%

    both parts of the VPN tunnels happily find each other and start to communicate :) I don't know what causes this (as the port statement is an old one) but perhaps you've got some answer in your pockets ;)

    Greets
    Grey

    Don't forget to upvote đź‘Ť those who kindly offered their time and brainpower to help you!

    If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

    1 Reply Last reply Reply Quote 0
    • F
      fernandotcl
      last edited by Sep 26, 2006, 3:33 PM 

      remote

      and

      remote <host>port</host>

      are two different things. From the OpenVPN manual (emphasis added):

      @OpenVPN:

      –remote host [port]
          Remote host name or IP address. On the client, multiple –remote options may be specified for redundancy, each referring to a different OpenVPN server.

      [snip]

      –port port
          TCP/UDP port number for both local and remote. The current default of 1194 represents the official IANA port number assignment for OpenVPN and has been used since version 2.0-beta17. Previous versions used port 5000 as the default.

      In other words, when you specify "remote <host><port>", you're saying "connect to host <host>on port <port>", whereas when you say "remote <host>" and "port <port>", you're saying "connect to host <host>on port <port>from port <port>".

      In OpenVPN client mode, the client is assumed to connect from a random client port, and maybe your server is failing to realize that.</port></port></host></port></host></port></host></port></host>

      1 Reply Last reply Reply Quote 0
      • J
        JeGr LAYER 8 Moderator
        last edited by Sep 27, 2006, 5:36 AM

        Ah didn't figure that out - must be missing the "both" keyword in the "ports" keyword description. Thanks for pointing out. Yeah, right, the tunnel is supposed to be established between the two devices on the same port on both ends, as that makes maintaining the firewall ports easier and more transparent.

        Don't forget to upvote đź‘Ť those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received