• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN software (server) TO pfSense OpenVPN (client)

Scheduled Pinned Locked Moved OpenVPN
7 Posts 4 Posters 5.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    SoulBlade
    last edited by Jan 25, 2012, 12:44 PM

    Hi!
    For the past 3 weeks i've been trying to connect pfSense 2.0.1 OpenVPN's client to a Windows Server 2008 machine with OpenVPN software as a server, downloaded from http://openvpn.net/index.php/open-source/downloads.html.

    Right now all machines behind pfSense can connect to the Windows OpenVPN server using the software from the above site.
    However i need to install the program in all machines (10 pc's = 10 openvpn client installs) and create the same number of certificates.
    Everything works fine but i still want to enable pfSense's OpenVPN client so that all machines connect to Windows Server without any modifications.

    In my attempts to create a usable VPN in pfSense using peer to peer (SSL/TLS), i've made config files for the server and clients using the site's software.
    The files below work very well, using only OpenVPN software in both server and clients.

    OpenVPN Windows 2008 Server config

    dev tun
ifconfig 10.1.0.1 10.1.0.2
tls-server
dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
port 1194
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
push route 10.0.0.0 255.255.255.0
push route 192.168.202.0 255.255.255.0

    OpenVPN client config

    dev tun
remote xxx.xxx.xxx.xxx
ifconfig 10.1.0.2 10.1.0.1
tls-client
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"
port 1194
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
verb 3
route 192.168.202.0 255.255.255.0

    Enabling the same configuration in pfSense is driving me nuts!!! ???
    Clients connect but i cant ping or open server's shares.

    Additional information:
    Windows 2008 Server is connected to a router to receive internet.
    Windows Server 2008 ip: 192.168.202.2
    Windows Server 2008 gateway: 192.168.202.1

    pfSense is connected to a router to receive internet.
    pfSense ip: 192.168.1.65
    pfSense gateway: 192.168.1.254

    Certificates are working fine in both clients and server.

    pfSense OpenVPN Client config page
    Server mode: Peer to Peer (SSL/TLS)
    Protocol: UDP
    Device mode: tun
    Interface: WAN
    Server host or address: xxx.xxx.xxx.xxx
    Server port: 1194
    Server host name resolution: enabled
    TLS Authentication: disabled
    Tunnel Network: 10.1.0.1/24
    Remote Network: 192.168.202.1/24
    Compression: enabled
    Type-of-Service: enabled
    Advanced Configuration: blank

    Firewall configuration
    http://imageshack.us/f/545/97288780.jpg/
    http://imageshack.us/f/404/15458517.jpg/

    I have tried several modifications in pfSense without any success.
    What i'm i missing? Help is very appreciated!

    1 Reply Last reply Reply Quote 0
    • D Offline
      djonny
      last edited by Apr 10, 2012, 8:28 PM

      Hi,

      I have the same problme now.
      Did you solved it?

      tia
      Jonny

      1 Reply Last reply Reply Quote 0
      • S Offline
        SoulBlade
        last edited by Apr 11, 2012, 8:36 AM

        Unfortunately no.
        :'(

        1 Reply Last reply Reply Quote 0
        • I Offline
          itanis
          last edited by Apr 11, 2012, 11:37 AM

          Hi,

          Did you check the openvpn and firewall logs for both server and client?

          1 Reply Last reply Reply Quote 0
          • S Offline
            SoulBlade
            last edited by Apr 11, 2012, 11:57 AM

            After 3 entire weeks banging my head to the wall, painfully trying all options and seeing this post being ignored by the community i finally gave up.

            1 Reply Last reply Reply Quote 0
            • I Offline
              itanis
              last edited by Apr 12, 2012, 3:50 AM

              sorry to hear that. i tried quite a number of times using pfsense and windows openvpn as well. but i ended up installing pfsense in VMs and linked it up, just to make up some loss of time

              though openvpn connects to one another in different platform but i think there's too many factors including firewall, NAT,routing etc in order to make the connection useful. pfsense just make things easier for people to view all the blocking issues

              1 Reply Last reply Reply Quote 0
              • M Offline
                marvosa
                last edited by Apr 14, 2012, 2:06 PM

                From the pfSense OpenVPN Client config page, this should've given you a clue:

                Tunnel Network: 10.1.0.1/24
                Remote Network: 192.168.202.1/24

                You entered host addresses instead of network addresses.  They need to be:

                Tunnel Network: 10.1.0.0 (match the subnet mask to the tunnel network on your server. you have /24, but you typically see a /30 here)
                Remote Network: 192.168.202.0/24

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received