Difference between OpenVPN Server and Client in P2P mode

orgel · Jul 10, 2011, 1:47 PM

Hello everyone!

I'm bit new to pfsense, so I hope I don't ask a FAQ.

What is the difference between OpenVPN Client and Server while working in P2P-mode with preshared keys? I'm quite experienced with OpenVPN and normaly you just configure a server for both sites.

What is the difference with pfsense?

Regards,

Thomas

jimp · Jul 13, 2011, 4:00 PM

OpenVPN in static key mode is always one client, one server, at least in any place I've ever touched it.

You just pick one side to be the server, one side to be the client. Server listens for connections, client is the one that tries to initiate. Make sure the key matches on both, and set the routes you want on both ends, and it should just work.

orgel · Jul 14, 2011, 6:14 PM

No, this isn't correct (I found it out myself).

OpenVPN behaves exactly as described in the manual. There is NO client or server in static-key mode. Even "clients" will connect to each other. The difference with pfsense is, that it omits the "remote <adress>" option when it's configured as server (if you add it under "Advanced configuration", you'll get the "client"; "rport" option is also important).

This can be important if you connect to systems with dyndns adresses (for example), because you get a conection even if the "servers"-adress won't resolve at the moment (because the "server" connects the "client").

Anyway, it works as expected…</adress>