Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn status on server

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    16 Posts 3 Posters 6.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cubsfan
      last edited by

      What needs to be configured on the server side to view the openvpn clients on the status page?  It just shows "No Management Daemon" under remote host on the client table.

      thanks

      -andy

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You need to enter a value into the local port field on the client configuration. There is a note on that page which says that, I thought.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          cubsfan
          last edited by

          Just says to set it if you want to bind to a specific port.  So if I have 100 clients each one needs to be a unique port?  It works on the client side if I have a port in the config there, but on the server side nothing listens on the port I specify there and it gives the same error.  Do they have to match in order for it to work?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If you are on 2.0, servers should be getting a management daemon automatically with no extra configuration. From your initial post, it sounded like you wanted to view the status of an openvpn client instance, not a server instance.

            For servers you shouldn't have to do anything special for it to work.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              cubsfan
              last edited by

              I'm trying to view clients from the server.  The server daemon doesn't show anything under client connections from the server openvpn status page.  That table is blank on the top of the page

              Client connections for Server UDP:1194
              Common Name Real Address Virtual Address Connected Since Bytes Sent Bytes Received

              Under that I have

              OpenVPN client instances statistics
              Name Status Connected Since Virtual Addr Remote Host Bytes Sent Bytes Received
              aethome UDP:51100 down 0 See Note Below No Management Daemon 0 0

              My test client is connected but I can't see anything from the server.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                That second line is for your OpenVPN client instance, not for clients connected to your local OpenVPN server.

                Those should be showing up under that first section. They always show up for me, I've never seen a client connected that didn't show up there.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • C
                  cubsfan
                  last edited by

                  Bother.  I had the server mode set to peer/peer instead of remote access.  That didn't click until I tried to connect a second client.  New to OpenVPN, it's not bad once you get it sorted thru.

                  Thanks for all the feedback!

                  1 Reply Last reply Reply Quote 0
                  • S
                    spiritbreaker
                    last edited by

                    Hi,

                    i have to agree cubsfan. I set up a testenvironment with Openvpn PKI and 2 Sites. I followed tutorial.

                    Testet preshared Key and Certs…all seems to work fine  :)

                    On client, mode "peer to peer (ssl/tls)" everythink is ok. statuspage has entry when lokal port is set.

                    On Server, if servermode is "peer to peer (ssl/tls)" there is no client shown in OpenVPN status!

                    If i switch mode to remote access (ssl/tls) client is visible there.

                    Is that a normal behaviour Jimp?

                    Cya

                    Pfsense running at 11 Locations
                    -mobile OPENVPN and IPSEC
                    -multiwan failover
                    -filtering proxy(squidguard) in bridgemode with ntop monitoring

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      That is normal, OpenVPN's status function doesn't report peer-to-peer connections in the same way. It's a limitation of OpenVPN, I believe.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • S
                        spiritbreaker
                        last edited by

                        Ah thank u.

                        Nice to know. Is there a difference between these modes? Are there some problems if i use remote access in my case?

                        I ask because OpenVPN status on dashboard is a nice feature :)

                        Cya

                        Pfsense running at 11 Locations
                        -mobile OPENVPN and IPSEC
                        -multiwan failover
                        -filtering proxy(squidguard) in bridgemode with ntop monitoring

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          It's really a difference between PKI and Shared Key, I thought. you can do site-to-site setups either way, really. Just takes a bit more work to do them with PKI.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • S
                            spiritbreaker
                            last edited by

                            With Pfsense 2.0 its about one minute more work (generate Ca + Certs -> copy to openvpn Client).

                            thats really not much more^^

                            there are 2 questions left:

                            1. to use auth for TLS pakets is recommeded right? I found nothing about in pfsense book.

                            2. engine cryptodev is automaticaly applied if option glxsb is set right?

                            ty

                            Pfsense running at 11 Locations
                            -mobile OPENVPN and IPSEC
                            -multiwan failover
                            -filtering proxy(squidguard) in bridgemode with ntop monitoring

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              For PKI site-to-site you also have to setup client-specific-config entries with iroutes, and custom route statements. It's not all automatic.

                              cryptodev isn't active unless you put it in the custom options, I think that is still the case. I should probably add an option for that. If it were automatic, it wouldn't just be keyed on glxsb, there are plenty of other accelerators (Padlock, Hifn, etc).

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • S
                                spiritbreaker
                                last edited by

                                y, ur right i forgot.

                                but im not sure about servermode because u dont answer my question. :)

                                It's really a difference between PKI and Shared Key, I thought. you can do site-to-site setups either way, really. Just takes a bit more work to do them with PKI.

                                plz only consider Serverside :

                                "peer to peer (ssl/tls)"  (Openvpn status empty)

                                "remote access (ssl/tls)" (Openvpn status works)

                                both are with PKI. Its the same configuration with ca and certs, no preshared keys at all. So where is the difference?

                                ty

                                Pfsense running at 11 Locations
                                -mobile OPENVPN and IPSEC
                                -multiwan failover
                                -filtering proxy(squidguard) in bridgemode with ntop monitoring

                                1 Reply Last reply Reply Quote 0
                                • jimpJ
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by

                                  I'm not sure then, I'd have to track down what might be going on behind the scenes then. If you look at the openvpn config (under /var/etc/openvpn/) you might be able to see the difference in the config.

                                  I don't think the gui in the status even checks peer-to-peer vs remote access.

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    spiritbreaker
                                    last edited by

                                    ur right i ll check config.

                                    "peer to peer (ssl/tls)"  is 1:1 connection

                                    "remote access (ssl/tls)"  is 1:n connection, so u need to use remote access for 3 sites and more i think, i ll test it.

                                    good night.

                                    thx for replies

                                    Pfsense running at 11 Locations
                                    -mobile OPENVPN and IPSEC
                                    -multiwan failover
                                    -filtering proxy(squidguard) in bridgemode with ntop monitoring

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.