Vyprvpn openvpn setup issues



  • Good day all, I am in the process of configuring an openvpn connection to vyprvpn server.  I have followed the guide from here:  http://forum.pfsense.org/index.php/topic,35292.msg192957.html

    I think that I am getting connected but not actually connected.  If i try to check the status the log immediately drops the connection.  Before checking the status the openvpn log looks like this:

    Dec 28 21:41:50 openvpn[19036]: ifconfig_ipv6_pool_base = ::
    Dec 28 21:41:50 openvpn[19036]: ifconfig_ipv6_pool_netbits = 0
    Dec 28 21:41:50 openvpn[19036]: n_bcast_buf = 256
    Dec 28 21:41:50 openvpn[19036]: tcp_queue_limit = 64
    Dec 28 21:41:50 openvpn[19036]: real_hash_size = 256
    Dec 28 21:41:50 openvpn[19036]: virtual_hash_size = 256
    Dec 28 21:41:50 openvpn[19036]: client_connect_script = '[UNDEF]'
    Dec 28 21:41:50 openvpn[19036]: learn_address_script = '[UNDEF]'
    Dec 28 21:41:50 openvpn[19036]: client_disconnect_script = '[UNDEF]'
    Dec 28 21:41:50 openvpn[19036]: client_config_dir = '[UNDEF]'
    Dec 28 21:41:50 openvpn[19036]: ccd_exclusive = DISABLED
    Dec 28 21:41:50 openvpn[19036]: tmp_dir = '/tmp'
    Dec 28 21:41:50 openvpn[19036]: push_ifconfig_defined = DISABLED
    Dec 28 21:41:50 openvpn[19036]: push_ifconfig_local = 0.0.0.0
    Dec 28 21:41:50 openvpn[19036]: push_ifconfig_remote_netmask = 0.0.0.0
    Dec 28 21:41:50 openvpn[19036]: push_ifconfig_ipv6_defined = DISABLED
    Dec 28 21:41:50 openvpn[19036]: push_ifconfig_ipv6_local = ::/0
    Dec 28 21:41:50 openvpn[19036]: push_ifconfig_ipv6_remote = ::
    Dec 28 21:41:50 openvpn[19036]: enable_c2c = DISABLED
    Dec 28 21:41:50 openvpn[19036]: duplicate_cn = DISABLED
    Dec 28 21:41:50 openvpn[19036]: cf_max = 0
    Dec 28 21:41:50 openvpn[19036]: cf_per = 0
    Dec 28 21:41:50 openvpn[19036]: max_clients = 1024
    Dec 28 21:41:50 openvpn[19036]: max_routes_per_client = 256
    Dec 28 21:41:50 openvpn[19036]: auth_user_pass_verify_script = '[UNDEF]'
    Dec 28 21:41:50 openvpn[19036]: auth_user_pass_verify_script_via_file = DISABLED
    Dec 28 21:41:50 openvpn[19036]: ssl_flags = 0
    Dec 28 21:41:50 openvpn[19036]: port_share_host = '[UNDEF]'
    Dec 28 21:41:50 openvpn[19036]: port_share_port = 0
    Dec 28 21:41:50 openvpn[19036]: client = ENABLED
    Dec 28 21:41:50 openvpn[19036]: pull = ENABLED
    Dec 28 21:41:50 openvpn[19036]: auth_user_pass_file = '/cf/conf/VyprVPN.pas'
    Dec 28 21:41:50 openvpn[19036]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 6 2012
    Dec 28 21:41:50 openvpn[19036]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client2.sock
    Dec 28 21:41:50 openvpn[19036]: WARNING: file '/cf/conf/VyprVPN.pas' is group or others accessible
    Dec 28 21:41:50 openvpn[19036]: WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
    Dec 28 21:41:50 openvpn[19036]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Dec 28 21:41:50 openvpn[19036]: Control Channel Authentication: using '/var/etc/openvpn/client2.tls-auth' as a OpenVPN static key file
    Dec 28 21:41:50 openvpn[19036]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec 28 21:41:50 openvpn[19036]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec 28 21:41:50 openvpn[19036]: LZO compression initialized
    Dec 28 21:41:50 openvpn[19036]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Dec 28 21:41:50 openvpn[19036]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Dec 28 21:41:50 openvpn[19036]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Dec 28 21:41:50 openvpn[19036]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
    Dec 28 21:41:50 openvpn[19036]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
    Dec 28 21:41:50 openvpn[19036]: Local Options hash (VER=V4): '272f1b58'
    Dec 28 21:41:50 openvpn[19036]: Expected Remote Options hash (VER=V4): 'a2e63101'
    Dec 28 21:41:50 openvpn[19045]: UDPv4 link local (bound): [AF_INET]192.168.1.50
    Dec 28 21:41:50 openvpn[19045]: UDPv4 link remote: [AF_INET]216.168.2.151:1194

    My network is not quite typical.  I have another routed at 192.168.1.1 that is connected to a cable modem.  I have pfsense with lan of 192.168.1.2 and wan of 192.168.1.50.  I have the default gw from 192.168.1.50 pointed to 192.168.1.1.  I am hopeful that this will work.  Anything that I am missing?

    Bruce



  • It seems that you have:
    WAN IP 192.168.1.50/24 - gateway 192.168.1.1
    LAN IP 192.168.1.2/24
    Normally there are bigger problems than VPN when I accidentally get WAN and LAN subnets the same. Usually I can't even access the WebGUI from LAN.
    First thing is to make your LAN a different subnet - e.g. 192.168.2.1/24
    Then the ordinary routing will work, and maybe when the VPN connects it will do something useful.
    If you want/need to access your pfSense from what is its WAN side (which is actually behind your other router and cable modem), then you can easily add pass rules on WAN to do that.


Locked