[pfsense 1.0.1] openvpn ubuntu dapper

battistis

there's some howto's to make a vpn with openvpn between an pfsense 1.0.1 and an ubuntu dapper server?
thanks
bat
from italy

battistis

or something similar that can i use to make it works
up

hoba

Not sure how dapper fits into this scheme but maybe with some abstraction you can make it work:
http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

battistis

tnx for the reply
in effect I can use this conf for /etc/openvpn/client.conf
founded in your posted link

port 1194 
dev tun 
dev-node ovpn 
proto udp 
remote your.pfsense.box 1194 
ping 10 
persist-tun 
persist-key 
tls-client 
ca ca.crt 
cert client1.crt 
key client1.key 
ns-cert-type server 
comp-lzo 
pull 
#verb 5

battistis

@hoba:

Not sure how dapper fits into this scheme

to make a situation like this

internet -> pfsenseGw (pubblic IP) <-  … openvpn tunnel ...-> natted ubuntu dapper

p-to-p openvpn tunnel with simple shared secret key
forward specific traffic (http 80, passive ftp 21) from internet to the natted ubuntu dapper

it's possibile to make it work witch pfsense 1.0.1 ?
this parameters in the web interface are correct?

Proto UDP
l.port 1194 
A.pool 10.0.8.1/30
crypto BF-CBC 128bit
Auth.metod shared key

#
	# 2048 bit OpenVPN static key
	#
	-----BEGIN OpenVPN Static key V1-----
cut
        -----END OpenVPN Static key V1-----
#

Custom options

The udp 1194 open on the wan interface
and the client config like something this

remote 31.1.2.133 1194
port 1194 
dev tun
ifconfig 10.0.8.2 10.0.8.1
#dev-node ovpn
proto udp
ping 10
secret /etc/openvpn/udugw/static.key
persist-tun
persist-key
#tls-client 
#ca ca.crt
#cert client1.crt
#key client1.key
#ns-cert-type server
#comp-lzo
#pull
log /var/log/openvpn.log
verb 3

not work :(

the connection was active
client:
-```
$ /etc/init.d/openvpn restart
Stopping virtual private network daemon: client.
Starting virtual private network daemon: client(OK)

and the tun interface up

$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.0.8.2  P-t-P:10.0.8.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

-pftop (really great! :)) server:

udp      In  31.X.X.X:1194          193.X.X.X:1194            MULTIPLE:MULTIPLE 

but the client can't ping the server by the tunnel

$ ping 10.0.8.1
PING 10.0.8.1 (10.0.8.1) 56(84) bytes of data.
From 10.0.8.2 icmp_seq=1 Destination Host Unreachable

and similar the server can't ping the client by the tunnel

ping 10.0.8.2

PING 10.0.8.2 (10.0.8.2): 56 data bytes
92 bytes from 10.0.8.2: Destination Host Unreachable
Vr HL TOS  Len  ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 5400 5f56  0 0000  40  01 f750 10.0.8.1  10.0.8.2

battistis

why it works well with windows and not whit linux (u.dapper)  :'(

sullrich

@battistis:

why it works well with windows and not whit linux (u.dapper)  :'(

Might want to ask that on a Ubuntu forum.  If it works with windows, well…