Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN coming from DD-WRT

    OpenVPN
    1
    1
    1685
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gazoo last edited by

      Ok, bear with me as I'm not the most savvy on ovpn. I just bought an Alix 2d13 setup with 4GB CF card running pfsense 2.0.1 embedded. It's running fantastic and smoother than I thought once I gave up on using the wireless on it and using a separate AP (I digress..)

      I used to use ovpn on DD-WRT where I had the key put in I statically generated, used UDP transport, compression LZO, TAP. I would end up getting an IP on the DHCP range on my normal LAN subnet. I would like to recreate that same thing on PFsense but I keep getting TLS authentication error. I'm not sure I set it up right. I installed the TAP fix so I can do this, but it seems like I'm missing something else. Also, pf asks for encryption algorithm and I don't think I ever had to mess with that on ovpn/dd-wrt, or DH parameter length, or server certificate. In fact, I thought I was doing a no certificate method. It says weconfigurator default *in use for that now. Server mode is Remote Access SSL/TLS.

      This is what I get on the client:
      Wed Sep 12 11:15:37 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
      Wed Sep 12 11:15:37 2012 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
      Wed Sep 12 11:15:37 2012 LZO compression initialized
      Wed Sep 12 11:15:38 2012 TAP-WIN32 device [Local Area Connection 3] opened: \.\Global{DCA6AEC7-8464-46E3-9334-E77FCE17FC13}.tap
      Wed Sep 12 11:15:38 2012 Successful ARP Flush on interface [21] {DCA6AEC7-8464-46E3-9334-E77FCE17FC13}
      Wed Sep 12 11:15:38 2012 UDPv4 link local (bound): [undef]:444
      Wed Sep 12 11:15:38 2012 UDPv4 link remote: x.x.x.x:444

      where it just hangs forever until I disconnect. The logs on pf say this:

      Sep 12 10:20:35 openvpn[45228]: event_wait : Interrupted system call (code=4)
      Sep 12 10:20:35 openvpn[45228]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1590 init
      Sep 12 10:20:35 openvpn[45228]: SIGTERM[hard,] received, process exiting
      Sep 12 10:20:35 openvpn[21004]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011
      Sep 12 10:20:35 openvpn[21004]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Sep 12 10:20:35 openvpn[21004]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
      Sep 12 10:20:35 openvpn[21004]: TUN/TAP device /dev/tap1 opened
      Sep 12 10:20:35 openvpn[21004]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1590 init
      Sep 12 10:20:35 openvpn[21643]: UDPv4 link local (bound): [AF_INET]x.x.x.x:444
      Sep 12 10:20:35 openvpn[21643]: UDPv4 link remote: [undef]
      Sep 12 10:20:35 openvpn[21643]: Initialization Sequence Completed

      Here's my config on client:
      remote x.x.x
        port 444
        dev tap
        secret key.txt
        proto udp
        comp-lzo

      1 Reply Last reply Reply Quote 0
      • First post
        Last post