Need help to setup openvpn Server on port 1195

fosiul · Aug 13, 2010, 3:23 PM

HI
I am following this article to setup openvpn on port 1195

http://forum.pfsense.org/index.php?topic=7840.0
but i have few confusion

Address pool: 192.168.200.0/24 (it should be a network that you DONT currently use)
Local Network: 192.168.1.0/24 or whatever the network is that you want the VPN client to connect to !!UPDATE: Note to add this value you need to first add the

so i did :

Address pool: 192.168.200.0/24
Local Network:/24

NOw on 32, its saying to setup rules for LAN

so i chose

Actions :pass
Interface : LAN
protocol : ANY
Source : Type : NETwork , ADdress:192.168.200.0/24
Desti : ANY

what i put in LAN rules, is that Ok ??

but i cant connect , its looks like , client cant even enter to port 1195, in firewall, i chose to LOG packets, but its looks like, nothing coming in via port 1195

Thanks for your help

GruensFroeschli · Aug 13, 2010, 5:14 PM

Rules on the LAN interface are for traffic on the LAN interface.

What you want is to create a rule on the WAN interface.
Allow on WAN
Source: any,
Sourceport: any
Destination: WAN-address
Destinationport: 1195

fosiul · Aug 13, 2010, 5:23 PM

HI thanks
So that means , i dont need to create setup rules for LAN, only WAN rules will be enough, is not it ??

NOw when i am connecting from my computer to openvpn , its stuck here, it does not go any more further

Fri Aug 13 18:22:55 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Aug 13 18:22:55 2010 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Fri Aug 13 18:22:55 2010 LZO compression initialized
Fri Aug 13 18:22:55 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Aug 13 18:22:55 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Aug 13 18:22:55 2010 Local Options hash (VER=V4): '41690919'
Fri Aug 13 18:22:55 2010 Expected Remote Options hash (VER=V4): '530fdded'
Fri Aug 13 18:22:55 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Aug 13 18:22:55 2010 UDPv4 link local: [undef]
Fri Aug 13 18:22:55 2010 UDPv4 link remote: xx.xx.xx.xx:1195

does not it mean, firewall still blocking ??

Thanks for your help

GruensFroeschli · Aug 13, 2010, 10:33 PM

Please show the config from your server and from your client.

fosiul · Aug 13, 2010, 10:47 PM

hi thanks
i configures openvpn via gui as said into that article.
From where will get config file from server. Which location

Thanks

fosiul · Aug 14, 2010, 2:15 PM

Hi please help me out…

this is the config

openvpn_client0.ca openvpn_client0.cert
openvpn_client0.conf openvpn_client0.key

openvpn_csc
openvpn_server0.ca
openvpn_server0.cert
openvpn_server0.conf
openvpn_server0.dh
openvpn_server0.key

Server config file :

cat openvpn_server0.conf

writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 192.168.200.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route
lport 1195
push "dhcp-option DISABLE-NBT"
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float

And the Client config file :

client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1195
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mycrt.crt
key mycrt.key
ns-cert-type server
comp-lzo
pull
verb 3

what i am doing wrong ??
thanks

fosiul · Aug 14, 2010, 2:19 PM

its working.