PfSense as OpenVPN-AS Client



  • I was just wondering if I would be able to set up pfSense to act as an OpenVPN Access Server client and route all traffic through that.

    I have an OpenVPN Access Server running on a VPS. I can confirm that it works through the OpenVPN connect app on my phone.

    If someone could point me to a guide or give me some general guidance, I would greatly appreciate it. Thanks!



  • Well, I've done quite a bit of searching and I feel that I am getting closer.

    I am receiving this in my logs when trying to connect. Looks like an issue with the passwords, I've already checked that those are correct…

    May 18 20:30:32	openvpn[58267]: OpenVPN 2.2.2 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] built on Apr 2 2013
    May 18 20:30:32	openvpn[58267]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    May 18 20:30:32	openvpn[58267]: WARNING: file '/conf/openvpn-server2.pas' is group or others accessible
    May 18 20:30:32	openvpn[58267]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    May 18 20:30:32	openvpn[58267]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
    May 18 20:30:32	openvpn[58267]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    May 18 20:30:32	openvpn[58267]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    May 18 20:30:32	openvpn[58267]: Control Channel MTU parms [ L:1557 D:166 EF:66 EB:0 ET:0 EL:0 ]
    May 18 20:30:32	openvpn[58267]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    May 18 20:30:32	openvpn[58267]: Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
    May 18 20:30:32	openvpn[58267]: Local Options hash (VER=V4): '0f816d6e'
    May 18 20:30:32	openvpn[58267]: Expected Remote Options hash (VER=V4): '2f3e190a'
    May 18 20:30:32	openvpn[58379]: UDPv4 link local (bound): 192.168.1.175
    May 18 20:30:32	openvpn[58379]: UDPv4 link remote: My.IP.Address.123:1194
    May 18 20:30:33	openvpn[58379]: TLS: Initial packet from My.IP.Address.123:1194, sid=a388832d cb9b06e6
    May 18 20:30:33	openvpn[58379]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    May 18 20:30:33	openvpn[58379]: VERIFY OK: depth=1, /CN=OpenVPN_CA
    May 18 20:30:33	openvpn[58379]: VERIFY OK: nsCertType=SERVER
    May 18 20:30:33	openvpn[58379]: VERIFY OK: depth=0, /CN=OpenVPN_Server
    May 18 20:30:34	openvpn[58379]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1542'
    May 18 20:30:34	openvpn[58379]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    May 18 20:30:34	openvpn[58379]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
    May 18 20:30:34	openvpn[58379]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    May 18 20:30:34	openvpn[58379]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    May 18 20:30:34	openvpn[58379]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    May 18 20:30:34	openvpn[58379]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    May 18 20:30:34	openvpn[58379]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    May 18 20:30:34	openvpn[58379]: [OpenVPN_Server] Peer Connection Initiated with My.IP.Address.123:1194
    May 18 20:30:36	openvpn[58379]: SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
    May 18 20:30:36	openvpn[58379]: AUTH: Received AUTH_FAILED control message
    May 18 20:30:36	openvpn[58379]: SIGTERM received, sending exit notification to peer
    May 18 20:30:38	openvpn[58379]: TCP/UDP: Closing socket
    May 18 20:30:38	openvpn[58379]: SIGTERM[soft,exit-with-notification] received, process exiting
    

Log in to reply