Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN software (server) TO pfSense OpenVPN (client)

    OpenVPN
    4
    7
    5.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SoulBlade
      last edited by

      Hi!
      For the past 3 weeks i've been trying to connect pfSense 2.0.1 OpenVPN's client to a Windows Server 2008 machine with OpenVPN software as a server, downloaded from http://openvpn.net/index.php/open-source/downloads.html.

      Right now all machines behind pfSense can connect to the Windows OpenVPN server using the software from the above site.
      However i need to install the program in all machines (10 pc's = 10 openvpn client installs) and create the same number of certificates.
      Everything works fine but i still want to enable pfSense's OpenVPN client so that all machines connect to Windows Server without any modifications.

      In my attempts to create a usable VPN in pfSense using peer to peer (SSL/TLS), i've made config files for the server and clients using the site's software.
      The files below work very well, using only OpenVPN software in both server and clients.

      OpenVPN Windows 2008 Server config

      dev tun
ifconfig 10.1.0.1 10.1.0.2
tls-server
dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
port 1194
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
push route 10.0.0.0 255.255.255.0
push route 192.168.202.0 255.255.255.0

      OpenVPN client config

      dev tun
remote xxx.xxx.xxx.xxx
ifconfig 10.1.0.2 10.1.0.1
tls-client
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"
port 1194
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
verb 3
route 192.168.202.0 255.255.255.0

      Enabling the same configuration in pfSense is driving me nuts!!! ???
      Clients connect but i cant ping or open server's shares.

      Additional information:
      Windows 2008 Server is connected to a router to receive internet.
      Windows Server 2008 ip: 192.168.202.2
      Windows Server 2008 gateway: 192.168.202.1

      pfSense is connected to a router to receive internet.
      pfSense ip: 192.168.1.65
      pfSense gateway: 192.168.1.254

      Certificates are working fine in both clients and server.

      pfSense OpenVPN Client config page
      Server mode: Peer to Peer (SSL/TLS)
      Protocol: UDP
      Device mode: tun
      Interface: WAN
      Server host or address: xxx.xxx.xxx.xxx
      Server port: 1194
      Server host name resolution: enabled
      TLS Authentication: disabled
      Tunnel Network: 10.1.0.1/24
      Remote Network: 192.168.202.1/24
      Compression: enabled
      Type-of-Service: enabled
      Advanced Configuration: blank

      Firewall configuration
      http://imageshack.us/f/545/97288780.jpg/
      http://imageshack.us/f/404/15458517.jpg/

      I have tried several modifications in pfSense without any success.
      What i'm i missing? Help is very appreciated!

      1 Reply Last reply Reply Quote 0
      • D
        djonny
        last edited by

        Hi,

        I have the same problme now.
        Did you solved it?

        tia
        Jonny

        1 Reply Last reply Reply Quote 0
        • S
          SoulBlade
          last edited by

          Unfortunately no.
          :'(

          1 Reply Last reply Reply Quote 0
          • I
            itanis
            last edited by

            Hi,

            Did you check the openvpn and firewall logs for both server and client?

            1 Reply Last reply Reply Quote 0
            • S
              SoulBlade
              last edited by

              After 3 entire weeks banging my head to the wall, painfully trying all options and seeing this post being ignored by the community i finally gave up.

              1 Reply Last reply Reply Quote 0
              • I
                itanis
                last edited by

                sorry to hear that. i tried quite a number of times using pfsense and windows openvpn as well. but i ended up installing pfsense in VMs and linked it up, just to make up some loss of time

                though openvpn connects to one another in different platform but i think there's too many factors including firewall, NAT,routing etc in order to make the connection useful. pfsense just make things easier for people to view all the blocking issues

                1 Reply Last reply Reply Quote 0
                • M
                  marvosa
                  last edited by

                  From the pfSense OpenVPN Client config page, this should've given you a clue:

                  Tunnel Network: 10.1.0.1/24
                  Remote Network: 192.168.202.1/24

                  You entered host addresses instead of network addresses.  They need to be:

                  Tunnel Network: 10.1.0.0 (match the subnet mask to the tunnel network on your server. you have /24, but you typically see a /30 here)
                  Remote Network: 192.168.202.0/24

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.