Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense server, OVPN client …. ifconfig autoconfig?

    OpenVPN
    2
    2
    1865
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Javik
      last edited by

      I am doing some testing of an extremely simple OVPN setup, essentially using all the pfSense 2.02-Release default settings, and the OVPN Portable 1.8.2 for Windows:

      http://sourceforge.net/projects/ovpnp/

      At the moment I am just trying to hack it into operation, without fully understanding all the options. This works from my home computer, and here's the config:

      pfSense, OpenVPN: Server

      Server mode: Peer to Peer (Shared key)
      Protocol: UDP
      Device mode: tun
      Interface: WAN
      Local port: 1194

      Shared key: (Generated by pfSense)
      Encryption algorithm: AES-128-CBC (128-bit)
      Hardware Crypto: No acceleration

      Tunnel network: 192.168.103.0/24
      Local network:  10.0.0.0/16
      Remote network: (blank)

      Concurrent connections: 16

      OVPN config, is a text file named .\data\config\client.ovpn

      ; Enable verbose logging
      verb 3

      ; Remote site to VPN into
      remote 123.123.123.123
      dev tun
      proto udp
      nobind

      ; No idea what this is for. OVPN wants it in client mode
      ifconfig 192.168.103.2 192.168.103.1

      ; static.key is a text file containing the generated key from pfSense
      secret static.key

      ; pfSense 2.0's default key cipher is not the default for Open VPN Portable, so must specify it
      cipher AES-128-CBC

      ; The above will get you connected, but nothing will work without a route to the remote network.
      ; This copypasta does the magic:
      route-method exe
      route-delay 2
      redirect-gateway def1

      I do not understand why the OVPN client DEMANDS I use the ifconfig option in the client configuration. During startup it reads the configuration info for ifconfig from the server by itself anyway, and will proceed to whine at me, if the ifconfig settings don't match the server settings.

      Um, if the OVPN client is reading the settings from the server, why not just use whatever the server is telling you rather than requiring me to hardcode it in the config?

      However, there does not appear to be an "ifconfig auto" option.

      My concern here is that I don't want to be hardcoding client addresses into the configuration. The eventual goal is to create a universal installer that I can hand our staff, and say "Install this on your home computer for remote desktop access".

      I do not want to have to be creating individual installers with separate custom ifconfig settings for each client, to keep people from accidentally using the same remote address, and then nothing works due to overlapping remote addresses.

      Is there some sort of "DHCP autoconfig" for the client ifconfig address?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You're using shared key mode with tun, which requires that you set an IP with ifconfig.

        If you use a server mode (ssl/tls) then it can automatically supply an IP to clients.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post