How to create an OpenVPN client to StrongVPN
-
The firewall seems to be blocking all inbound connections per the firewall log. When I shut off the OpenVPN client, internet access is restored.
just so i understand fully, you actually checked the log and noticed this or is this an assumption ?
if so, can you copy/paste the logs for the openvpn client and related firewall logs ? remember to remove personal IP information.thanks
I have internet access if I disable the OpenVPN client. At that point the Opt1 gateway goes online and I can connect to the internet. The pfSense install is fresh with no additions save for time and LAN configuration.
firewall log.png)
-
I am trying to set up an OpenVPN connection to my StrongVPN account using pfSense 2.0 release. While I had success with earlier 2.0-RC3 builds, I have been unable to get the system to work with the release build.
I can connect to StrongVPN using a Mac and a Windows machine, so I am pretty sure that the problem is with my pfSense configuration.
I can establish a connection to StrongVPN but as soon as the connection is made, I lose the ability to connect to the internet with a browser. I seem to have issues similar to those of Bergling.
When I am connected to the StrongVPN server (the dashboard shows the VPN gateway as being up), the gateway status window shows the VPN gateway offline. Traffic logs show outbound traffic but nothing inbound. The firewall seems to be blocking all inbound connections per the firewall log. When I shut off the OpenVPN client, internet access is restored.
I have been experiencing the same issues.
I have this morning been playing around with it, but not made any real headway either.
To re-iterate, i have created the Strong VPN OpenVPN connection as per the initial post in this thread.
I can see it connect watching the openVPN logs.
If I dont modify the Interface to DHCP, i can ping the address that I can ping the IP address i get assigned, and the console shows the IP address.
I cant ping the next hop though.
(I dont however have any internet access at all, even though no routing has been configured)
As soon as i change it to DHCP, i start seeing disconnected messages in the logs for the VPN.I will capture some log screen shots and post later today when I get back to it.
-
Add another one to the list. I've gone over my config 100 times and it is correct. There is something up here.. I have the exact same symptoms as described.
Also using the 2.0 Official release.
-
sorry folks i'm just not sure what the issue is. it works just fine for me :/
lets hope one of the devs chimes in with some hints.untill then, lets try to narrow down the last working build that was working for you. please post the build dates.
-
I didnt find this solution or look into it until the 2.0 full release came out.
It actually coincided with my need to do this :)I havent ever had it working :(
ericab Does your configuration differ in any way from the steps shown on page one?
-
ericab Does your configuration differ in any way from the steps shown on page one?
mlimo; no it doesnt, im the author of that how-to
-
ericab what version are you running? I'm considering downgrading. Something is clearly broken/changed in 2.0 Final.
-
im running 2.0 RELEASE, but ive been updating weekly for about 6 months now. i wonder if it makes the difference that some of you did a fresh install of 2.0 RELEASE, vs updating…
-
Nothing has changed in OpenVPN for quite some time, well before release. Upgrading is no different from clean install except possibly in cases of running early alpha versions years ago where they may have done something bad to your config.
Some of the symptoms described sound like letting the client get a default route from StrongVPN, which you do not want. Others who are configuring the interface as DHCP, don't do that, that's going to break things nicely, you don't get DHCP over a VPN. It has to be set to "none" which lets OpenVPN handle the addressing.
-
I see where people were getting DHCP, as it was stated in the original post. I updated it to fix that. The rest of it looks ok at a glance, but I don't have a StrongVPN connection.
-
You mention to set your NAT outbound rules to manual, but you don't actually create any rules. Is that correct?
-
Also, with your config exactly, I see my VPN gateway come online (Status -> Gateways) then always go offline after a few seconds. With the VPN interface assigned to DHCP the Gateway stays online and I can even ping out that interface from pfSense, but nothing behind pfSense will go out.
EDIT: Scratch that. It makes no difference. When you change from DHCP/None on the interface it refreshes something in the background. That is all that is changing. If I reboot the machine with the interface on DHCP the Gateway does the same thing.. Online for a few seconds then offline.
-
Add another one to the list. I've gone over my config 100 times and it is correct. There is something up here.. I have the exact same symptoms as described.
Also using the 2.0 Official release.
I too have followed the guide to a T. And my problem is exactly the same. It connects in the logs. I get a strong vpn private ip. I can ping it from my pc. But I cannot surf or ping out beyond. I turn it off and everything works. I am only routing one ip logitech revue box rather than whole subnet. And I've made all the nat changes and aon etc.
PS first post. First time user of pfsense or any other linux router distribution. Loving this (pfsense)EDIT***
well i added the option comp-lzo to the end of the long string of options in (vpn/openvpn/client/advanced configuration)
verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;comp-lzoand now it all works great, hope that helps
-
Add another one to the list. I've gone over my config 100 times and it is correct. There is something up here.. I have the exact same symptoms as described.
Also using the 2.0 Official release.
I too have followed the guide to a T. And my problem is exactly the same. It connects in the logs. I get a strong vpn private ip. I can ping it from my pc. But I cannot surf or ping out beyond. I turn it off and everything works. I am only routing one ip logitech revue box rather than whole subnet. And I've made all the nat changes and aon etc.
PS first post. First time user of pfsense or any other linux router distribution. Loving this (pfsense)EDIT***
well i added the option comp-lzo to the end of the long string of options in (vpn/openvpn/client/advanced configuration)
verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;comp-lzoand now it all works great, hope that helps
Thanks for posting mate. I'll give it a shot.. Can you clarify your other settings.
Are you using Manual NAT?
Is your VPN interface on DHCP or None? -
Ok I'm to the point where I can reliably connect the OpenVPN client, pfSense Gateway shows online and pfSense itself can ping out the VPN interface. I still lose internet connectivity from any node behind pfSense though. I've attached all the relevant screenshots. Hopefully someone spots something I'm missing cause this is driving me wild.
Here you can see the config….
Here you can see the OpenVPN client connected and the pfSense box able to send out the VPN interface
-
Add another one to the list. I've gone over my config 100 times and it is correct. There is something up here.. I have the exact same symptoms as described.
Also using the 2.0 Official release.
I too have followed the guide to a T. And my problem is exactly the same. It connects in the logs. I get a strong vpn private ip. I can ping it from my pc. But I cannot surf or ping out beyond. I turn it off and everything works. I am only routing one ip logitech revue box rather than whole subnet. And I've made all the nat changes and aon etc.
PS first post. First time user of pfsense or any other linux router distribution. Loving this (pfsense)EDIT***
well i added the option comp-lzo to the end of the long string of options in (vpn/openvpn/client/advanced configuration)
verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;comp-lzoand now it all works great, hope that helps
Thanks for posting mate. I'll give it a shot.. Can you clarify your other settings.
Are you using Manual NAT?
Is your VPN interface on DHCP or None?Manual (aon)
And VPN is on none now (i tried dhcp before also and even though it showed as up it actually wasn't) but it works on none for me.I'm too much of a newbie to really give you advice but your screen shots look like mine, i got the comp-lzo thing from looking at the system logs it showed up as warning, so i did a search on it and found another user on this forum with a different issue who put that option in and it worked for them. so maybe the logs hold the answer….
-
Still no success. I'm starting to wonder if something is different in the NanoBSD version that I'm using. It makes no sense that others have it working with the exact same config.
-
So I restored to factory defaults.. Did everything the exact same and what do you know, it's working.. ???
Except now, despite the VPN route not being set as default and the ACL rules being in the correct order it routes EVERYTHING over the tunnel while it is connected. It completely ignores any of the PBR rules.
Losing faith in pfSense.
-
VICTORY!!!
I don't know what is happening on the backend but this is what I determined. I had everything correct from the get go. The problem is I also have some IPSEC tunnels.
I blew away my config back to factory defaults and tried it again. Still couldn't get it to work. So I reset to factory defaults again, this time I created the OpenVPN client tunnel BEFORE my IPSEC tunnels. All of a sudden everything works nicely.
For whatever reason if I have my IPSEC tunnels created first I have issues. Makes no sense to me but I'm glad I've finally got it working.
-
i too turned rules/settings/interfaces on and off multiple times, and the lzo compression was the last setting for me, glad us newbies got it to work, now if i can get the right firewall rule to route all netflix/hulu traffic through the vpn…