[pfsense 1.0.1] openvpn ubuntu dapper

Reply to [pfsense 1.0.1] openvpn ubuntu dapper on Thu, 29 Mar 2007 15:24:40 GMT

sullrich — Thu, 29 Mar 2007 15:24:40 GMT

@battistis:

why it works well with windows and not whit linux (u.dapper) :'(

Might want to ask that on a Ubuntu forum. If it works with windows, well…

Reply to [pfsense 1.0.1] openvpn ubuntu dapper on Thu, 29 Mar 2007 06:52:01 GMT

battistis — Thu, 29 Mar 2007 06:52:01 GMT

why it works well with windows and not whit linux (u.dapper) :'(

Reply to [pfsense 1.0.1] openvpn ubuntu dapper on Wed, 28 Mar 2007 17:37:37 GMT

battistis — Wed, 28 Mar 2007 17:37:37 GMT

@hoba:

Not sure how dapper fits into this scheme

to make a situation like this

internet -> pfsenseGw (pubblic IP) <- … openvpn tunnel ...-> natted ubuntu dapper

p-to-p openvpn tunnel with simple shared secret key
forward specific traffic (http 80, passive ftp 21) from internet to the natted ubuntu dapper

it's possibile to make it work witch pfsense 1.0.1 ?
this parameters in the web interface are correct?


Proto UDP
l.port 1194 
A.pool 10.0.8.1/30
crypto BF-CBC 128bit
Auth.metod shared key

#
	# 2048 bit OpenVPN static key
	#
	-----BEGIN OpenVPN Static key V1-----
cut
        -----END OpenVPN Static key V1-----
#

Custom options

The udp 1194 open on the wan interface
and the client config like something this


remote 31.1.2.133 1194
port 1194 
dev tun
ifconfig 10.0.8.2 10.0.8.1
#dev-node ovpn
proto udp
ping 10
secret /etc/openvpn/udugw/static.key
persist-tun
persist-key
#tls-client 
#ca ca.crt
#cert client1.crt
#key client1.key
#ns-cert-type server
#comp-lzo
#pull
log /var/log/openvpn.log
verb 3

not work :(

the connection was active
client:
-```
$ /etc/init.d/openvpn restart
Stopping virtual private network daemon: client.
Starting virtual private network daemon: client(OK)


and the tun interface up

$ ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.8.2 P-t-P:10.0.8.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


-pftop (really great! :)) server:

udp      In  31.X.X.X:1194          193.X.X.X:1194            MULTIPLE:MULTIPLE 

but the client can't ping the server by the tunnel

$ ping 10.0.8.1
PING 10.0.8.1 (10.0.8.1) 56(84) bytes of data.
From 10.0.8.2 icmp_seq=1 Destination Host Unreachable


and similar the server can't ping the client by the tunnel

ping 10.0.8.2

PING 10.0.8.2 (10.0.8.2): 56 data bytes
92 bytes from 10.0.8.2: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 5f56 0 0000 40 01 f750 10.0.8.1 10.0.8.2

Reply to [pfsense 1.0.1] openvpn ubuntu dapper on Wed, 28 Mar 2007 16:49:53 GMT

battistis — Wed, 28 Mar 2007 16:49:53 GMT

tnx for the reply
in effect I can use this conf for /etc/openvpn/client.conf
founded in your posted link


port 1194 
dev tun 
dev-node ovpn 
proto udp 
remote your.pfsense.box 1194 
ping 10 
persist-tun 
persist-key 
tls-client 
ca ca.crt 
cert client1.crt 
key client1.key 
ns-cert-type server 
comp-lzo 
pull 
#verb 5

Reply to [pfsense 1.0.1] openvpn ubuntu dapper on Tue, 27 Mar 2007 14:30:16 GMT

hoba — Tue, 27 Mar 2007 14:30:16 GMT

Not sure how dapper fits into this scheme but maybe with some abstraction you can make it work:
http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

Reply to [pfsense 1.0.1] openvpn ubuntu dapper on Tue, 27 Mar 2007 13:07:16 GMT

battistis — Tue, 27 Mar 2007 13:07:16 GMT

or something similar that can i use to make it works
up