Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense as client using static key to openvpn server on vps

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jynoob
      last edited by

      Hi all,

      I am really a newbie on this topic. I will try to make my story straight so that you may be able to help pin point the cause of problem.

      I live in China, as you may know, due to the Great Fire Wall set in between me and the world of internet, I have to fight hard to squeeze myself out of the jail like "national LAN". So I bought myself a vps outside the country, and successfully setup an openvpn server on the vps which is running centos 5.5.

      At home, I have a pfsense 2.0 as the router and firewall. I have successfully connected to my openvpn server from windows openvpn client using static key behind pfsense. With the help from option "–route  net_gateway", I can even have the openvpn automatically choose whether to use openvpn tunnel based on ip network geo-locations. So all my traffic to outside asia network will use the openvpn tunnel.
      (The reason I am using static key is because the GFW drops packets when it detects TLS negotiation, and one ISP even totally block IP addresses.)

      Based on this success windows openvpn client experience, I thought I could use the openvpn client function on pfsense to directly link all my network traffic. However, when I actually tried the openvpn client in pfsense, I could only get the tunnel up but no traffic at all!?(I could see the openvpn status is up)

      Below is my configurations,
      Server Conf

      port 80
      dev tun
      secret key.txt
      ifconfig 10.10.10.1 10.10.10.2
      float
      cipher AES-256-CBC
      comp-lzo
      log-append /var/log/openvpn.log
      verb 3

      And I have the iptables on the server configured with nat:

      iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o venet0 -j MASQUERADE

      I can use the below config file to successfully connect to my openvpn server and establish a secure tunnel for breaking through the GFW,

      remote openvpn.server.onvps 80
      dev tun
      ifconfig 10.10.10.2 10.10.10.1
      secret key.txt
      cipher AES-256-CBC
      comp-lzo
      route-delay 2
      route-method exe
      redirect-gateway def1
      dhcp-option DNS 8.8.8.8
      float
      verb 3

      route 1.0.0.0 255.0.0.0 net_gateway 5
      route 14.0.0.0 255.0.0.0 net_gateway 5
      route 27.0.0.0 255.0.0.0 net_gateway 5
      ….

      When there are several configurations I am not sure about, one particular area is the "remote network", what is supposed to put in there? I don't have a local network on my vps server, by ifconfig on the vps server, I see the ip address assigned by the vps company with a network mask of 255.255.255.255 on this venet interface. Where should I start looking for errors? As the server can take the windows client with no problem, I assume there must be something I missed?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.