OpenVPN coming from DD-WRT
-
Ok, bear with me as I'm not the most savvy on ovpn. I just bought an Alix 2d13 setup with 4GB CF card running pfsense 2.0.1 embedded. It's running fantastic and smoother than I thought once I gave up on using the wireless on it and using a separate AP (I digress..)
I used to use ovpn on DD-WRT where I had the key put in I statically generated, used UDP transport, compression LZO, TAP. I would end up getting an IP on the DHCP range on my normal LAN subnet. I would like to recreate that same thing on PFsense but I keep getting TLS authentication error. I'm not sure I set it up right. I installed the TAP fix so I can do this, but it seems like I'm missing something else. Also, pf asks for encryption algorithm and I don't think I ever had to mess with that on ovpn/dd-wrt, or DH parameter length, or server certificate. In fact, I thought I was doing a no certificate method. It says weconfigurator default *in use for that now. Server mode is Remote Access SSL/TLS.
This is what I get on the client:
Wed Sep 12 11:15:37 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Wed Sep 12 11:15:37 2012 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Wed Sep 12 11:15:37 2012 LZO compression initialized
Wed Sep 12 11:15:38 2012 TAP-WIN32 device [Local Area Connection 3] opened: \.\Global{DCA6AEC7-8464-46E3-9334-E77FCE17FC13}.tap
Wed Sep 12 11:15:38 2012 Successful ARP Flush on interface [21] {DCA6AEC7-8464-46E3-9334-E77FCE17FC13}
Wed Sep 12 11:15:38 2012 UDPv4 link local (bound): [undef]:444
Wed Sep 12 11:15:38 2012 UDPv4 link remote: x.x.x.x:444where it just hangs forever until I disconnect. The logs on pf say this:
Sep 12 10:20:35 openvpn[45228]: event_wait : Interrupted system call (code=4)
Sep 12 10:20:35 openvpn[45228]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1590 init
Sep 12 10:20:35 openvpn[45228]: SIGTERM[hard,] received, process exiting
Sep 12 10:20:35 openvpn[21004]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011
Sep 12 10:20:35 openvpn[21004]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Sep 12 10:20:35 openvpn[21004]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Sep 12 10:20:35 openvpn[21004]: TUN/TAP device /dev/tap1 opened
Sep 12 10:20:35 openvpn[21004]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1590 init
Sep 12 10:20:35 openvpn[21643]: UDPv4 link local (bound): [AF_INET]x.x.x.x:444
Sep 12 10:20:35 openvpn[21643]: UDPv4 link remote: [undef]
Sep 12 10:20:35 openvpn[21643]: Initialization Sequence CompletedHere's my config on client:
remote x.x.x
port 444
dev tap
secret key.txt
proto udp
comp-lzo