Trying to get LAN access, can only ping myself



  • I am trying to setup an OpenVPN connection so I can have LAN access from a remote location.  I am trying to get away from the easy but insecure PPTP VPN.
    I am using release 2.0.1 (i386)

    I have attempted to follow steps I have found online and YouTube and while I was successful in getting it to connect back to home and it gets an IP of 192.168.2.6, I can not access my internal LAN.  On the client I can ping myself at the DHCP IP that the OpenVPN server gives me (192.168.2.6.) but I can not ping the pfsense box and OpenVPN server itself at 10.0.0.1. Nor can I seem to ping any other IP in the 192 range like 192.168.2.1 or 192.168.2.5. I have turned off the client windows firewall just in case.  I have attempted to put in push "route 10.0.0.0 255.255.255.0"; but this does not work.

    The client has OpenVPN v1.0.3 installed and exported settings from the OpenVPN gui on the PFsense box.

    What more information would you like me to provide in order to be of better help?

    Thanks.



  • Obfuscating private IP addressees and particularly netmasks is pointless and makes helping difficult.



  • Sorry, fixed.


  • LAYER 8 Global Moderator

    So your using 192.168.2.0/24 as your tunnel network?  Thats prob not very good idea since thats a very common network.  What if your remove is on a 192.168.2.0/24 ?

    what boxes would you ping pinging at 192.168.2.5? or 2.1?

    So 10.0.0.0/24 is your pfsense lan network?  What OS are you running the client on?  If windows 7 for example you need to run the client as admin to get the pushed route.



  • Yes I am using 192.168.2.0/24 as my tunnel network, we use the 172 network here at work and I use the 10 network at home.  Should I change my tunnel network to 10.0.1.0/24?

    I thought I would try to ping 192.168.2.5 or 2.1 as a DGW since I received an IP of 192.168.2.6 but I knew it probably wouldn't work, just thought I would put that information out as well even if I didn't need to, more a quick here lets try this thought that went through my head.

    Yes I use 10.0.0.0/24 as my pfsense lan network.

    Client OS is Windows 8, Yes I have run the client as admin.



  • anyone?



  • Post client config, server settings, firewall rules from openvpn tab, routing table from PFsense and routing table from client when connected.



  • Hi,
    I've got the same issue , i just can ping my pfsense box but i cannot ping my Wifi Box.

    I use remote access 1.0.3 SSL/TLS + User Auth

    in my firewall's rules nothing is blocked.

    my config is :
    dev tun
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    tls-client
    client
    resolv-retry infinite
    remote myipaddress 1194
    tls-remote Proxiel Server Cert
    auth-user-pass
    pkcs12 doberman-udp-1194.p12
    tls-auth doberman-udp-1194-tls.key 1
    comp-lzo

    My lan on my pfsense box is 172.16 and openvpn give me 10.0.8.0

    to the openvpn server i route the network 172.16.0.0

    so i don't know where do i search…..

    if you have any idea  ;)

    Thanks.
    Myke.



  • @marvosa:

    Post client config, server settings, firewall rules from openvpn tab, routing table from PFsense and routing table from client when connected.

    Client Config:
    dev tun
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    tls-client
    client
    resolv-retry infinite
    remote 173.16.39.88 1194
    tls-remote vpnuser
    auth-user-pass
    pkcs12 pfsense-udp-1194.p12
    tls-auth pfsense-udp-1194-tls.key 1
    comp-lzo

    Server Settings:
    servermode: remote access (ssl/tls + user auth)
    proto: udp
    device mode: tun
    interface: wan
    localport: 1194

    Peer CA: VPN Server CA
    Peer Cert Rev: None Created
    Server Cert: my user cert (CA:VPN Server CA) * In Use
    DH Parameters Length 2048
    Shared: Auto generate
    Encryption Alg: AES-256-CBC
    No hardware crypto
    cert depth: one (client+server)

    tunnel network: 192.168.2.0/24
    bridge dhcp: checked
    bridge interface: lan

    local network: 10.0.0.0/24

    conncurrent connections: 10
    compression: checked

    dynamic ip: checked
    address pool: checked

    advanced config:
    push "route 10.0.0.0 255.255.255.0";

    firewall rules openvpn tab:
    Proto:* Source:* Port:* Destination:* Port:* GW:* Queue: none
    action:pass
    interface: openvpn

    See attached for routing table from pfsense

    Local Client Routes:

    Interface List
    19…00 ff d4 bb e6 c8 ......TAP-Win32 Adapter V9
    12...00 0c 29 37 bc ee ......Intel(R) 82574L Gigabit Network Connection
      1...........................Software Loopback Interface 1
    14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

    IPv4 Route Table

    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0    192.168.186.2  192.168.186.129    10
            127.0.0.0        255.0.0.0        On-link        127.0.0.1    306
            127.0.0.1  255.255.255.255        On-link        127.0.0.1    306
      127.255.255.255  255.255.255.255        On-link        127.0.0.1    306
          192.168.2.4  255.255.255.252        On-link      192.168.2.6    286
          192.168.2.6  255.255.255.255        On-link      192.168.2.6    286
          192.168.2.7  255.255.255.255        On-link      192.168.2.6    286
        192.168.186.0    255.255.255.0        On-link  192.168.186.129    266
      192.168.186.129  255.255.255.255        On-link  192.168.186.129    266
      192.168.186.255  255.255.255.255        On-link  192.168.186.129    266
            224.0.0.0        240.0.0.0        On-link        127.0.0.1    306
            224.0.0.0        240.0.0.0        On-link      192.168.2.6    286
            224.0.0.0        240.0.0.0        On-link  192.168.186.129    266
      255.255.255.255  255.255.255.255        On-link        127.0.0.1    306
      255.255.255.255  255.255.255.255        On-link      192.168.2.6    286
      255.255.255.255  255.255.255.255        On-link  192.168.186.129    266

    Persistent Routes:
      None

    IPv6 Route Table

    Active Routes:
    If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
    19    286 fe80::/64                On-link
    12    266 fe80::/64                On-link
    12    266 fe80::81b1:8393:5628:5a3c/128
                                        On-link
    19    286 fe80::a472:6f0a:696a:46ff/128
                                        On-link
      1    306 ff00::/8                On-link
    19    286 ff00::/8                On-link
    12    266 ff00::/8                On-link

    Persistent Routes:
      None

    Hope this helps, let me know if I forgot something or if you need anything else.

    Thanks!

    ![routing table.PNG](/public/imported_attachments/1/routing table.PNG)
    ![routing table.PNG_thumb](/public/imported_attachments/1/routing table.PNG_thumb)


  • LAYER 8 Global Moderator

    Your running version 1.03 of pfsense? Or is that the version of the openvpn gui your running?

    What client are you on?  Windows 7 unless you run openvpn as admin it won't create the route.

    So I have been running pfsense since the 1.x version and development snapshots on 2 and 2.1 and have never had any issues with openvpn.

    What remote network are you on?  So you run 172.16 /??  /16?? on your pfsense lan?  That could easy be in conflict with what your remote network is.

    Please post your full server config, can be found in /var/etc/openvpn server.conf – there should be a .conf file there for your server settings.

    Also post your route table from your client once you connect and what if any firewall rules do you have in place on pfsense?  What is in your openvpn tab?  Where does your wifi box sit? how is it connected to pfsense - you sure your ping is just blocked on host firewall your trying to ping?



  • pfsense 2.0.1-release
    client is windows 8 VM  I have run it as admin.  Here is its connection log:

    I just realized you were replying to the other guy.

    Wed Oct 03 12:31:46 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
    Wed Oct 03 12:31:52 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Oct 03 12:31:52 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
    Wed Oct 03 12:31:52 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed Oct 03 12:31:52 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
    Wed Oct 03 12:31:52 2012 LZO compression initialized
    Wed Oct 03 12:31:52 2012 UDPv4 link local (bound): [undef]:1194
    Wed Oct 03 12:31:52 2012 UDPv4 link remote: 173.16.39.88:1194
    Wed Oct 03 12:31:52 2012 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Wed Oct 03 12:31:54 2012 [userid] Peer Connection Initiated with 173.16.39.88:1194
    Wed Oct 03 12:31:56 2012 TAP-WIN32 device [Local Area Connection] opened: \.\Global{D4BBE6C8-8A49-435E-8EE8-75C7E2F4618D}.tap
    Wed Oct 03 12:31:56 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.2.6/255.255.255.252 on interface {D4BBE6C8-8A49-435E-8EE8-75C7E2F4618D} [DHCP-serv: 192.168.2.5, lease-time: 31536000]
    Wed Oct 03 12:31:56 2012 Successful ARP Flush on interface [19] {D4BBE6C8-8A49-435E-8EE8-75C7E2F4618D}
    Wed Oct 03 12:32:02 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.  [status=5010 if_index=19]
    The route addition failed: The object already exists.
    Wed Oct 03 12:32:02 2012 Initialization Sequence Completed



  • @johnpoz:

    Your running version 1.03 of pfsense? Or is that the version of the openvpn gui your running?

    What client are you on?  Windows 7 unless you run openvpn as admin it won't create the route.

    So I have been running pfsense since the 1.x version and development snapshots on 2 and 2.1 and have never had any issues with openvpn.

    What remote network are you on?  So you run 172.16 /??  /16?? on your pfsense lan?  That could easy be in conflict with what your remote network is.

    Please post your full server config, can be found in /var/etc/openvpn server.conf – there should be a .conf file there for your server settings.

    Also post your route table from your client once you connect and what if any firewall rules do you have in place on pfsense?  What is in your openvpn tab?  Where does your wifi box sit? how is it connected to pfsense - you sure your ping is just blocked on host firewall your trying to ping?

    Thanks Johnpoz for your answer.

    My version of pfsense is 2.0.1 and my remote network openvpn is 2.2.2. i'am administrator of my computer ( window 7 ).

    My pfsense lan is 172.16.0.0/21 and my network in the office is 192.168.0.0/24.

    In my firewalls logs i see my ping is ok but no responding.

    I can just access to my pfsense and i don't have internet.

    I will post full server config tomorow.

    Thanks for the help  :)


  • LAYER 8 Global Moderator

    ace where is your route table - this shows that addition failed

    Wed Oct 03 12:32:02 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=19]

    edit:  ok you posted it before, notice there is no route to your 10.0.0.0/24 on there - see mine.

    My pfsense lan is 192.168.1.0/24 and in my route table and my connection info

    
    Wed Oct 03 12:26:23 2012 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.0.200.5
    Wed Oct 03 12:26:23 2012 Route addition via IPAPI succeeded [adaptive]
    
    
    
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0       10.56.41.1    10.56.41.136       10
           10.0.200.1  255.255.255.255       10.0.200.5      10.0.200.6       1
           10.0.200.4  255.255.255.252       10.0.200.6      10.0.200.6       30
           10.0.200.6  255.255.255.255        127.0.0.1       127.0.0.1       30
           10.56.41.0    255.255.255.0     10.56.41.136    10.56.41.136       10
         10.56.41.136  255.255.255.255        127.0.0.1       127.0.0.1       10
       10.255.255.255  255.255.255.255       10.0.200.6      10.0.200.6       30
       10.255.255.255  255.255.255.255     10.56.41.136    10.56.41.136       10
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
          192.168.1.0    255.255.255.0       10.0.200.5      10.0.200.6       1
            224.0.0.0        240.0.0.0       10.0.200.6      10.0.200.6       30
            224.0.0.0        240.0.0.0     10.56.41.136    10.56.41.136       10
      255.255.255.255  255.255.255.255       10.0.200.6               3       1
      255.255.255.255  255.255.255.255       10.0.200.6               9       1
      255.255.255.255  255.255.255.255       10.0.200.6               6       1
      255.255.255.255  255.255.255.255       10.0.200.6               7       1
      255.255.255.255  255.255.255.255       10.0.200.6               5       1
      255.255.255.255  255.255.255.255       10.0.200.6      10.0.200.6       1
      255.255.255.255  255.255.255.255       10.0.200.6               2       1
      255.255.255.255  255.255.255.255     10.56.41.136    10.56.41.136       1
    Default Gateway:        10.56.41.1
    ===========================================================================
    
    

    192.168.1.0    255.255.255.0      10.0.200.5      10.0.200.6      1



  • Is that not the output of "route print" that i pasted above?

    I will paste again in case its different this time.

    ===========================================================================
    Interface List
    19…00 ff d4 bb e6 c8 ......TAP-Win32 Adapter V9
    12...00 0c 29 37 bc ee ......Intel(R) 82574L Gigabit Network Connection
      1...........................Software Loopback Interface 1
    14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

    IPv4 Route Table

    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0    192.168.186.2  192.168.186.129    10
            10.0.0.0    255.255.255.0      192.168.2.5      192.168.2.6    30
            127.0.0.0        255.0.0.0        On-link        127.0.0.1    306
            127.0.0.1  255.255.255.255        On-link        127.0.0.1    306
      127.255.255.255  255.255.255.255        On-link        127.0.0.1    306
          192.168.2.1  255.255.255.255      192.168.2.5      192.168.2.6    30
          192.168.2.4  255.255.255.252        On-link      192.168.2.6    286
          192.168.2.6  255.255.255.255        On-link      192.168.2.6    286
          192.168.2.7  255.255.255.255        On-link      192.168.2.6    286
        192.168.186.0    255.255.255.0        On-link  192.168.186.129    266
      192.168.186.129  255.255.255.255        On-link  192.168.186.129    266
      192.168.186.255  255.255.255.255        On-link  192.168.186.129    266
            224.0.0.0        240.0.0.0        On-link        127.0.0.1    306
            224.0.0.0        240.0.0.0        On-link      192.168.2.6    286
            224.0.0.0        240.0.0.0        On-link  192.168.186.129    266
      255.255.255.255  255.255.255.255        On-link        127.0.0.1    306
      255.255.255.255  255.255.255.255        On-link      192.168.2.6    286
      255.255.255.255  255.255.255.255        On-link  192.168.186.129    266

    Persistent Routes:
      None

    IPv6 Route Table

    Active Routes:
    If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
    19    286 fe80::/64                On-link
    12    266 fe80::/64                On-link
    12    266 fe80::81b1:8393:5628:5a3c/128
                                        On-link
    19    286 fe80::a472:6f0a:696a:46ff/128
                                        On-link
      1    306 ff00::/8                On-link
    19    286 ff00::/8                On-link
    12    266 ff00::/8                On-link

    Persistent Routes:
      None


  • LAYER 8 Global Moderator

    now it shows

    10.0.0.0    255.255.255.0      192.168.2.5      192.168.2.6    30

    so should be working - you sure your host is just not answering?  Do a traceroute

    D:>tracert -d 192.168.1.100

    Tracing route to 192.168.1.100 over a maximum of 30 hops

    1  189 ms  218 ms  249 ms  10.0.200.1
      2  168 ms  130 ms  266 ms  192.168.1.100



  • seems to be working now, i'm not sure what changed. before I couldn't ping anything.

    C:\Users\Mitch>tracert -d 192.168.1.100

    Tracing route to 192.168.1.100 over a maximum of 30 hops

    1    <1 ms    <1 ms    <1 ms  192.168.186.2
      2    *        *        *    Request timed out.
      3    *        *        *    Request timed out.
      4    *        *        *    Request timed out.
      5    *        *        *    Request timed out.
      6    *        *        *    Request timed out.
      7    *        *        *    Request timed out.
      8    *        *        *    Request timed out.
      9    *        *        *    Request timed out.
    10    *        *        *    Request timed out.
    11    *        *        *    Request timed out.
    12    *        *        *    Request timed out.
    13    *        *        *    Request timed out.
    14    *        *        *    Request timed out.
    15    *        *        *    Request timed out.
    16


  • LAYER 8 Global Moderator

    well in your first post you had no route - so no your not going to be able to get to anything on the other side of the tunnel.

    In your second post you did, so that makes sense why its working now, and was not before.

    Why would you trace to my 192.168.1.100 address??? Did I really have to spell out to use an IP on your pfsense lan vs my example ;)



  • haha because i was on call at the time and not really paying attention to what i was doing, lol i'm sorry I feel like an idiot.

    I'm guessing its because the client wasn't run as administrator, which is odd since I explicitly told it to the first time.

    just for giggles ill prove myself now LOL

    C:\Users\Mitch>tracert -d 10.0.0.11

    Tracing route to 10.0.0.11 over a maximum of 30 hops

    1    14 ms    10 ms    10 ms  192.168.2.1
      2    11 ms    10 ms    10 ms  10.0.0.11

    Trace complete.



  • Thanks for your help though, much appreciated.


  • LAYER 8 Global Moderator

    yeah windows 7 needs to run as admin to add the route, but it seems the new beta version of openvpn client has gotten around that?  You could try the new beta 2.3_beta1



  • Hi,
    Here my conf :

    Client Config

    dev tun
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    tls-client
    client
    resolv-retry infinite
    remote 109.6.229.83 1194
    tls-remote Proxiel Server Cert
    auth-user-pass
    pkcs12 doberman-udp-1194.p12
    tls-auth doberman-udp-1194-tls.key 1
    comp-lzo

    Server Settings :
    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.1.1
    tls-server
    server 10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 10
    push "route 172.16.0.0 255.255.248.0"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float
    route 172.16.0.0 255.255.248.0

    firewall rules openvpn tab:
    Proto:* Source:* Port:* Destination:* Port:* GW:* Queue: none
    action:pass
    interface: openvpn

    IPv4 Table de routage

    Itinéraires actifs :
    Destination réseau    Masque réseau  Adr. passerelle  Adr. interface Métrique
              0.0.0.0          0.0.0.0    192.168.0.254    192.168.0.75    20
              0.0.0.0        128.0.0.0        10.0.8.1        10.0.8.2    30
            10.0.8.0  255.255.255.252        On-link          10.0.8.2    286
            10.0.8.2  255.255.255.255        On-link          10.0.8.2    286
            10.0.8.3  255.255.255.255        On-link          10.0.8.2    286
            127.0.0.0        255.0.0.0        On-link        127.0.0.1    306
            127.0.0.1  255.255.255.255        On-link        127.0.0.1    306
      127.255.255.255  255.255.255.255        On-link        127.0.0.1    306
            128.0.0.0        128.0.0.0        10.0.8.1        10.0.8.2    30
          172.16.0.0    255.255.248.0        10.0.8.1        10.0.8.2    30
          192.168.0.0    255.255.255.0        On-link      192.168.0.75    276
        192.168.0.75  255.255.255.255        On-link      192.168.0.75    276
        192.168.0.255  255.255.255.255        On-link      192.168.0.75    276
        192.168.56.0    255.255.255.0        On-link      192.168.56.1    276
        192.168.56.1  255.255.255.255        On-link      192.168.56.1    276
      192.168.56.255  255.255.255.255        On-link      192.168.56.1    276
            224.0.0.0        240.0.0.0        On-link        127.0.0.1    306
            224.0.0.0        240.0.0.0        On-link      192.168.56.1    276
            224.0.0.0        240.0.0.0        On-link          10.0.8.2    286
            224.0.0.0        240.0.0.0        On-link      192.168.0.75    276
      255.255.255.255  255.255.255.255        On-link        127.0.0.1    306
      255.255.255.255  255.255.255.255        On-link      192.168.56.1    276
      255.255.255.255  255.255.255.255        On-link          10.0.8.2    286
      255.255.255.255  255.255.255.255        On-link      192.168.0.75    276

    My Lan Office network is 192.168.0.0 , My pfsense Lan is 172.16.0.0/21 and The tunnel network 10.0.8.0/24

    So what can i do now ?
    Thanks.



  • push "route 172.16.0.0 255.255.248.0"
    route 172.16.0.0 255.255.248.0

    Your server config has both route and push route with the same address. As I understand it, the server is on the pfSense that has LAN 172.16.0.0/21 - so the server should have only:

    push "route 172.16.0.0 255.255.248.0"

    Then it will tell ("push a route to") clients that connect saying that it is the way to reach 172.16.0.0/21

    The extra:

    route 172.16.0.0 255.255.248.0

    will confuse the routing - this tells pfSense that 172.16.0.0/21 can be reached by sending packets out this OpenVPN server - which is not correct.



  • I remove the extra route and i'm still serching my issue.



  • hello,
    i try with server mode Peer to Peer in a other pfsense box.

    With the same parameter i have internet but i can't ping the computer and AP on the Lan pfsense.

    there's a problem when we use OpenVpn with multi wan,failover , and Captive Portal ?

    i don't know where is blocking cause no rules blocked the traffic….



  • I'm back.
    I try with Ipsec but i've got the same issue…  :'(



  • local 192.168.1.1
    

    This looks wrong in your server config. It should be the WAN IP that the server is on. I am guessing that the server is not on a private address like 192.168.1.1
    I just noticed this issue on Redmine http://redmine.pfsense.org/issues/2582 and confirmed the problem. If you change your static IP on WAN, then pfSense does not update the OpenVPN conf files. If you go to each OpenVPN server and client and edit+save again, the conf files are generated again and have the new WAN IP in the "local n.n.n.n" line.



  • Hi,

    Thanks Davis but i have the same result, i can reach my pfsense Lan.

    I try with an SDSL router with the Wan IP but exactly the same issues…..

    Here my server1.conf :

    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-server
    cipher BF-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 81.252.136.49
    tls-server
    server 10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    ifconfig 10.0.8.1 10.0.8.2
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 8
    push "route 172.16.0.0 255.255.248.0"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    crl-verify /var/etc/openvpn/server1.crl-verify
    comp-lzo

    Thanks Phil Davis but



  • Hi,
    I just reboot my pfsense and my VPN works now….

    Thanks for the help.


Log in to reply