Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense as OpenVPN-AS Client

    OpenVPN
    1
    2
    1389
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vb543 last edited by

      I was just wondering if I would be able to set up pfSense to act as an OpenVPN Access Server client and route all traffic through that.

      I have an OpenVPN Access Server running on a VPS. I can confirm that it works through the OpenVPN connect app on my phone.

      If someone could point me to a guide or give me some general guidance, I would greatly appreciate it. Thanks!

      1 Reply Last reply Reply Quote 0
      • V
        vb543 last edited by

        Well, I've done quite a bit of searching and I feel that I am getting closer.

        I am receiving this in my logs when trying to connect. Looks like an issue with the passwords, I've already checked that those are correct…

        May 18 20:30:32	openvpn[58267]: OpenVPN 2.2.2 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] built on Apr 2 2013
        May 18 20:30:32	openvpn[58267]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
        May 18 20:30:32	openvpn[58267]: WARNING: file '/conf/openvpn-server2.pas' is group or others accessible
        May 18 20:30:32	openvpn[58267]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
        May 18 20:30:32	openvpn[58267]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
        May 18 20:30:32	openvpn[58267]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
        May 18 20:30:32	openvpn[58267]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
        May 18 20:30:32	openvpn[58267]: Control Channel MTU parms [ L:1557 D:166 EF:66 EB:0 ET:0 EL:0 ]
        May 18 20:30:32	openvpn[58267]: Socket Buffers: R=[42080->65536] S=[57344->65536]
        May 18 20:30:32	openvpn[58267]: Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
        May 18 20:30:32	openvpn[58267]: Local Options hash (VER=V4): '0f816d6e'
        May 18 20:30:32	openvpn[58267]: Expected Remote Options hash (VER=V4): '2f3e190a'
        May 18 20:30:32	openvpn[58379]: UDPv4 link local (bound): 192.168.1.175
        May 18 20:30:32	openvpn[58379]: UDPv4 link remote: My.IP.Address.123:1194
        May 18 20:30:33	openvpn[58379]: TLS: Initial packet from My.IP.Address.123:1194, sid=a388832d cb9b06e6
        May 18 20:30:33	openvpn[58379]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
        May 18 20:30:33	openvpn[58379]: VERIFY OK: depth=1, /CN=OpenVPN_CA
        May 18 20:30:33	openvpn[58379]: VERIFY OK: nsCertType=SERVER
        May 18 20:30:33	openvpn[58379]: VERIFY OK: depth=0, /CN=OpenVPN_Server
        May 18 20:30:34	openvpn[58379]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1542'
        May 18 20:30:34	openvpn[58379]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
        May 18 20:30:34	openvpn[58379]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
        May 18 20:30:34	openvpn[58379]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
        May 18 20:30:34	openvpn[58379]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
        May 18 20:30:34	openvpn[58379]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
        May 18 20:30:34	openvpn[58379]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
        May 18 20:30:34	openvpn[58379]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
        May 18 20:30:34	openvpn[58379]: [OpenVPN_Server] Peer Connection Initiated with My.IP.Address.123:1194
        May 18 20:30:36	openvpn[58379]: SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
        May 18 20:30:36	openvpn[58379]: AUTH: Received AUTH_FAILED control message
        May 18 20:30:36	openvpn[58379]: SIGTERM received, sending exit notification to peer
        May 18 20:30:38	openvpn[58379]: TCP/UDP: Closing socket
        May 18 20:30:38	openvpn[58379]: SIGTERM[soft,exit-with-notification] received, process exiting
        
        1 Reply Last reply Reply Quote 0
        • First post
          Last post