Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN and Android $25-50

    Scheduled Pinned Locked Moved Bounties
    18 Posts 5 Posters 12.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      suicidegybe
      last edited by

      I am looking for some one to help me setup and configure my PF sense box as a Open VPN server and connect my Android 4.0 tablet as a client. I would like to learn how to do it also but if teaching me is a deal breaker then just the setup as long as it works. With in reason .

      I was also looking to setup squid, Clam AV and a few other security packages if the open VPN setup goes well I would be willing to arrange payment for those aswell.

      1 Reply Last reply Reply Quote 0
      • K
        kilthro
        last edited by

        This is a good video on youtube that I followed when I was setting mine up a while back and learning.
        http://www.youtube.com/watch?v=odjviG-KDq8&list=FLNNXWomBBF1ILy88yZKjRJQ&index=14&feature=plpp_video

        Then all you need to do is export the cert as he does in the video, email it to your android tablet, use featvpn to import it and off you go. Very easy and quick. If you are on ICS android get the free full version of featvpn from their site.

        Hope this helps.

        1 Reply Last reply Reply Quote 0
        • S
          suicidegybe
          last edited by

          Thanks that worked. It still does not have the functionality I would like it too. I want things like Twonky and other media and file sharing programs to function as if I am still on my home network is this possible or am I asking for something that is not going to happen.

          1 Reply Last reply Reply Quote 0
          • K
            kilthro
            last edited by

            Not that I have enabled it, but you can enable the option to route everything through the vpn.. this should be like its coming from your ip at home. However, you won;t be able able to access the local pcs/network items when this is enabled.. I haven't tried it but just a thought.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              You won't be able to be on the same subnet as your home network as OpenVPN on Android only supports tun mode, and not tap - this isn't a limitation of the client, it's a limitation in the API.

              We also have a full how-to on doing the VPN here:
              http://doc.pfsense.org/index.php/Android_VPN_Connectivity#OpenVPN_on_Android_.28Non-Root.29

              This OpenVPN client is free, the feat VPN client is limited in how it can be used for free.

              The VPN client I linked above has an FAQ inside the app that goes into more detail about the tap limtiation.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • S
                suicidegybe
                last edited by

                Thanks that works even better. My question is if I can't use TAP what does TUN get me how do I use it to access the things on my network?

                1 Reply Last reply Reply Quote 0
                • K
                  kilthro
                  last edited by

                  I can access my pcs on my network just fine. I just push the network to the client and have no issues. I remote to my computers via my phone all the time. Its just the vpn network has to be different than the local network.  I forgot about that client. I had issues getting it to work right on my phone..

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    It works great, if you push a DNS server to the VPN client and you also have your hostnames all setup on pfSense (either using DNS overrides or DHCP host registration) you can even hit things over the network by name, you just can't "browse" the network for windows file sharing. Though even that can work if you have a local WINS server.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • S
                      suicidegybe
                      last edited by

                      what happens if I set the tunnel subnet the same as the local

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        It will not work - you can't have the same subnet on both interfaces like that in a routed setup, at least not that I've seen work, and not that would be really feasible to do. (Presumably you could block out a "subnet" of /25 or so inside your LAN, use that for the tunnel network, and then setup  proxy ARP VIPs on LAN to cover that same block, and then make sure you don't use that block of the subnet locally… but that's ugly, may not work, and is sure to cause some routing issues somewhere... and you still don't get broadcast traffic!)

                        It can be done in tap mode with bridging but it can't be done in tun mode.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • T
                          timotl
                          last edited by

                          Not sure if this helps, but instead of worrying about bridging or TAP mode, I found this topic about IGMP proxy: http://forum.pfsense.org/index.php?topic=41497.0

                          This let me find the media server on my device. After that, it's just a matter of firewall rules letting the traffic pass.
                          I can play DLNA content from my Nexus7 now.

                          -timotl

                          1 Reply Last reply Reply Quote 0
                          • S
                            suicidegybe
                            last edited by

                            That is what I want as my end result. Could you fill me in on your configuration settings. I have been able to access my media server via IP through the VPN but I would like it to work more nativly

                            Also since I can't make my LAN and VPN on the same subnet can I have a few of my devices on the VPN subnet? I know but just trying tofigure out what I can use my shiny new PF sense box for.

                            1 Reply Last reply Reply Quote 0
                            • T
                              timotl
                              last edited by

                              I don't have a spare install right now, so part of this is from memory.
                              Also, I am using 2.1Beta0 but I think all of these are the same for 2.0.1

                              First you have to create a new interface and assign openvpn to it.
                              Go to Interfaces, Assign and  click + to create a new one.
                              Click on the new interface and enable it and name it and click Save.
                              l be listed in the port drop down after you create a new interface.
                              Back in the interfaces list, assign the OpenVPN port from the dropdown and save again.

                              Then go to Services, IGMP Proxy. Click + to add new interfaces to IGMP Proxy.
                              I set mine up as LAN is downstream with my LAN network address and the newly created OpenVPN interface as upstream with the OpenVPN network address. Save the config and check under Status, Serviced to see if it's running.

                              Because I am the only one that uses my VPN, my firewall rules are set for any-any for everything OpenVPN. I also am not sure if the rules need to be created for the OpenVPN tab or the new interface name. I currently have rules for both wide open and haven't cared to play with them further.

                              Hope it helps.

                              -timotl

                              1 Reply Last reply Reply Quote 0
                              • S
                                suicidegybe
                                last edited by

                                I had everything working but then I moved from an embedded to a hard drive install now after following the guide again when I go to up load the cert on the android app it says:
                                option tls- remote has 4 parameters, expected between 1 and 1

                                and it fails to set up the VPN

                                Any ideas using open VPN app

                                1 Reply Last reply Reply Quote 0
                                • jimpJ
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by

                                  Someone replied when you posted that same question in another thread - but for the record:

                                  Your server CN probably has a space in it. As such you probably need to make sure you check the box to quote the server CN before exporting.

                                  The Android client wants/needs the quotes, but the windows client chokes on the quotes.

                                  The best solution is to avoid using a server CN with spaces in it.

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    suicidegybe
                                    last edited by

                                    Is that the strict user/ CN matcher box that should be checked and f not what box and where can I find it?
                                    Thank you.

                                    1 Reply Last reply Reply Quote 0
                                    • jimpJ
                                      jimp Rebel Alliance Developer Netgate
                                      last edited by

                                      No it is not. It is not on the server config it's on the export tab.

                                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                      Need help fast? Netgate Global Support!

                                      Do not Chat/PM for help!

                                      1 Reply Last reply Reply Quote 0
                                      • ?
                                        Guest
                                        last edited by

                                        I found using IPSEC worked perfectly >_< I'm on ICS as well. There's a well written guide as well that I'll have to find and post.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.