Need pointers on how to debug this - pfSense to hidemyass VPN



  • I've been trying to get pfSense OpenVPN client working with HideMyAss VPN.  I'm using pfSense 2.0-BETA5.

    I would appreciate any pointers on how to troubleshoot this.  Thanks.

    One error below:

    Feb 11 17:56:23 openvpn[26281]: TCP: connect to [AF_INET]204.45.156.146:443 failed, will try again in 5 seconds: Address already in use
    Feb 11 17:56:28 openvpn[26281]: TCP: connect to [AF_INET]204.45.156.146:443 failed, will try again in 5 seconds: Address already in use
    Feb 11 17:56:34 openvpn[26281]: TCP connection established with [AF_INET]204.45.156.146:443
    Feb 11 17:56:34 openvpn[26281]: TCPv4_CLIENT link local (bound): [AF_INET]98.117.107.207:50211
    Feb 11 17:56:34 openvpn[26281]: TCPv4_CLIENT link remote: [AF_INET]204.45.156.146:443
    Feb 11 17:56:34 openvpn[26281]: TLS: Initial packet from [AF_INET]204.45.156.146:443, sid=2ef593de 6aade313
    Feb 11 17:56:34 openvpn[26281]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Feb 11 17:56:36 openvpn[26281]: VERIFY OK: depth=1, /C=UK/ST=NR/L=Attleborough/O=Hide_My_Ass__Pro/OU=VPN/CN=vpn.hidemyass.com/emailAddress=ca@hidemyass.com
    Feb 11 17:56:36 openvpn[26281]: VERIFY OK: nsCertType=SERVER
    Feb 11 17:56:36 openvpn[26281]: VERIFY OK: depth=0, /C=UK/ST=NR/L=Attleborough/O=Hide_My_Ass__Pro/OU=VPN/CN=server/emailAddress=vpn@hidemyass.com
    Feb 11 17:56:39 openvpn[26281]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Feb 11 17:56:39 openvpn[26281]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 11 17:56:39 openvpn[26281]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Feb 11 17:56:39 openvpn[26281]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 11 17:56:39 openvpn[26281]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Feb 11 17:56:39 openvpn[26281]: [server] Peer Connection Initiated with [AF_INET]204.45.156.146:443
    Feb 11 17:56:41 openvpn[26281]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Feb 11 17:56:41 openvpn[26281]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 204.45.98.5,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1,ifconfig 204.45.98.52 255.255.255.192'
    Feb 11 17:56:41 openvpn[26281]: OPTIONS IMPORT: –ifconfig/up options modified
    Feb 11 17:56:41 openvpn[26281]: OPTIONS IMPORT: route options modified
    Feb 11 17:56:41 openvpn[26281]: OPTIONS IMPORT: route-related options modified
    Feb 11 17:56:41 openvpn[26281]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
    Feb 11 17:56:41 openvpn[26281]: ROUTE default_gateway=98.117.107.1
    Feb 11 17:56:41 openvpn[26281]: TUN/TAP device /dev/tun1 opened
    Feb 11 17:56:41 openvpn[26281]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Feb 11 17:56:41 openvpn[26281]: /sbin/ifconfig ovpnc1 204.45.98.52 netmask 255.255.255.192 mtu 1500 up
    Feb 11 17:56:41 openvpn[26281]: /sbin/route add -net 204.45.98.0 204.45.98.52 255.255.255.192
    Feb 11 17:56:41 openvpn[26281]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Feb 11 17:56:41 openvpn[26281]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1543 204.45.98.52 255.255.255.192 init
    Feb 11 17:56:41 openvpn[26281]: /sbin/route add -net 204.45.156.146 98.117.107.1 255.255.255.255
    Feb 11 17:56:41 openvpn[26281]: /sbin/route add -net 0.0.0.0 204.45.98.5 128.0.0.0
    Feb 11 17:56:41 openvpn[26281]: /sbin/route add -net 128.0.0.0 204.45.98.5 128.0.0.0
    Feb 11 17:56:41 openvpn[26281]: Initialization Sequence Completed
    Feb 11 18:56:39 openvpn[26281]: TLS: soft reset sec=0 bytes=741445/0 pkts=7395/0
    Feb 11 18:56:40 openvpn[26281]: VERIFY OK: depth=1, /C=UK/ST=NR/L=Attleborough/O=Hide_My_Ass__Pro/OU=VPN/CN=vpn.hidemyass.com/emailAddress=ca@hidemyass.com
    Feb 11 18:56:40 openvpn[26281]: VERIFY OK: nsCertType=SERVER
    Feb 11 18:56:40 openvpn[26281]: VERIFY OK: depth=0, /C=UK/ST=NR/L=Attleborough/O=Hide_My_Ass__Pro/OU=VPN/CN=server/emailAddress=vpn@hidemyass.com
    Feb 11 18:56:43 openvpn[26281]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Feb 11 18:56:43 openvpn[26281]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 11 18:56:43 openvpn[26281]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Feb 11 18:56:43 openvpn[26281]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 11 18:56:43 openvpn[26281]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

    ===========================================



  • Nevermind. I think this was just logging an error because the route was already in the route table.

    I'm still having a route issue, but I'll post that seperately


Log in to reply