OpenVPN software (server) TO pfSense OpenVPN (client)



  • Hi!
    For the past 3 weeks i've been trying to connect pfSense 2.0.1 OpenVPN's client to a Windows Server 2008 machine with OpenVPN software as a server, downloaded from http://openvpn.net/index.php/open-source/downloads.html.

    Right now all machines behind pfSense can connect to the Windows OpenVPN server using the software from the above site.
    However i need to install the program in all machines (10 pc's = 10 openvpn client installs) and create the same number of certificates.
    Everything works fine but i still want to enable pfSense's OpenVPN client so that all machines connect to Windows Server without any modifications.

    In my attempts to create a usable VPN in pfSense using peer to peer (SSL/TLS), i've made config files for the server and clients using the site's software.
    The files below work very well, using only OpenVPN software in both server and clients.

    OpenVPN Windows 2008 Server config

    dev tun
    ifconfig 10.1.0.1 10.1.0.2
    tls-server
    dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
    ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
    key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
    port 1194
    comp-lzo
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-tun
    persist-key
    push route 10.0.0.0 255.255.255.0
    push route 192.168.202.0 255.255.255.0
    

    OpenVPN client config

    dev tun
    remote xxx.xxx.xxx.xxx
    ifconfig 10.1.0.2 10.1.0.1
    tls-client
    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
    key "C:\\Program Files\\OpenVPN\\config\\client.key"
    port 1194
    comp-lzo
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-tun
    persist-key
    verb 3
    route 192.168.202.0 255.255.255.0
    

    Enabling the same configuration in pfSense is driving me nuts!!! ???
    Clients connect but i cant ping or open server's shares.

    Additional information:
    Windows 2008 Server is connected to a router to receive internet.
    Windows Server 2008 ip: 192.168.202.2
    Windows Server 2008 gateway: 192.168.202.1

    pfSense is connected to a router to receive internet.
    pfSense ip: 192.168.1.65
    pfSense gateway: 192.168.1.254

    Certificates are working fine in both clients and server.

    pfSense OpenVPN Client config page
    Server mode: Peer to Peer (SSL/TLS)
    Protocol: UDP
    Device mode: tun
    Interface: WAN
    Server host or address: xxx.xxx.xxx.xxx
    Server port: 1194
    Server host name resolution: enabled
    TLS Authentication: disabled
    Tunnel Network: 10.1.0.1/24
    Remote Network: 192.168.202.1/24
    Compression: enabled
    Type-of-Service: enabled
    Advanced Configuration: blank

    Firewall configuration
    http://imageshack.us/f/545/97288780.jpg/
    http://imageshack.us/f/404/15458517.jpg/

    I have tried several modifications in pfSense without any success.
    What i'm i missing? Help is very appreciated!



  • Hi,

    I have the same problme now.
    Did you solved it?

    tia
    Jonny



  • Unfortunately no.
    :'(



  • Hi,

    Did you check the openvpn and firewall logs for both server and client?



  • After 3 entire weeks banging my head to the wall, painfully trying all options and seeing this post being ignored by the community i finally gave up.



  • sorry to hear that. i tried quite a number of times using pfsense and windows openvpn as well. but i ended up installing pfsense in VMs and linked it up, just to make up some loss of time

    though openvpn connects to one another in different platform but i think there's too many factors including firewall, NAT,routing etc in order to make the connection useful. pfsense just make things easier for people to view all the blocking issues



  • From the pfSense OpenVPN Client config page, this should've given you a clue:

    Tunnel Network: 10.1.0.1/24
    Remote Network: 192.168.202.1/24

    You entered host addresses instead of network addresses.  They need to be:

    Tunnel Network: 10.1.0.0 (match the subnet mask to the tunnel network on your server. you have /24, but you typically see a /30 here)
    Remote Network: 192.168.202.0/24


Log in to reply