OpenVPN Management Daemon Unreachable
I'm running pfSense 2.0.3, and have set up an OpenVPN instance listening on TCP port 443 (I've tried various UDP ports as well, to the same effect). I cannot get my client to connect (Mac or Windows). The Mac client (Tunnelblick) never shows an entry on the OpenVPN status page, but the Windows client shows the OpenVPN Management Daemon Unreachable error. I can't seem to find the solution for this, and I've been looking for a few hours. Here are some more details of my setup…
Using external CA for certificate generation (a CentOS VM that I use for all my domain certs)
Authenticating users agains Server 2008R2 Active Directory (works when logging in as admin user on pfSense)
OpenVPN using TUN mode
My pfSense machine is sitting on my local network behind my provider's router. I'm trying to get pfSense built to replace the provider's router once I've finished testing.
I used the client export package to export the configuration, cert, and tls key. Can anyone point me in the right direction?
My pfSense machine is sitting on my local network behind my provider's router.
Have you setup a port forward on provider's router to forward port 443 to the pfSense WAN IP (which will be an IP on the local network)?
"my local network" will be a private address space. You will need something (Dynamic DNS name) that points to the current public IP on provider's router. When you do the client export, you will need to have it use that name. That will get the connect to the provider's router public IP, which then forwards it to your pfSense.
There also has to be a firewall rule on pfSense WAN allowing the incoming on port 443.
If checking the above doesn't get the connection through, post more detailed info of your network and settings.
Well, I figured out half of my issue…
In the OpenVPN configuration, I mistakenly assumed that leaving the "Concurrent connections" field blank would default to unlimited, but once I plugged an arbitrary positive integer in there, VOILA! My Tunnelblick client on the Mac can now fully establish a connection.
I still can't get the Windows machine to connect. I originally installed the client, the imported the configuration from the client export package. I think I'm going to try and use the Windows Installer export instead and see if that fixes the issue.