Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN in 2.1RC1 not working as advertised

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    8 Posts 5 Posters 6.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterlinuxgeek
      last edited by

      Hi All,

      I am not a specialist but do have some experience using openvpn with pfSense.

      Installed 2.1-RC1  (i386)
      built on Wed Sep 4 01:46:12 EDT 2013
      FreeBSD 8.3-RELEASE-p10

      My Windows7 client does connect, I can access my pfSense webpage, but cannot get to any other node in the network…
      Opened up the rules - re-did the whole server setup not using the wizard (I usually use it)

      Nothing in the firewall logs for ovpn1 that jumps out.

      Server Config:

      /var/etc/openvpn(4): vi server1.conf

      dev ovpns1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local xxx.xxx.xxx.xxx
      tls-server
      server 10.10.2.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      tls-verify /var/etc/openvpn/server1.tls-verify.php
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      max-clients 5
      push "route 192.168.1.0 255.255.255.0"
      push "dhcp-option DOMAIN xxx.int"
      push "dhcp-option DNS 192.168.1.1"
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.1024
      comp-lzo
      persist-remote-ip
      float

      Am I missing something obvious or is there a bug?

      WAN rule
      IPv4 UDP  *  *  WAN address  1194 (OpenVPN)  *  none      OpenVPN vpnServer wizard

      OPENVPN rule
      IPv4 *  *  *  *  *  *  none      OpenVPN vpnServer wizard

      Nothing else I can think of...

      Thx

      Peter

      1 Reply Last reply Reply Quote 0
      • L
        lucky
        last edited by

        I've been using OpenVPN on 2.1 RC1 with no issues. Let's see if we can track down what's going on…

        • Does "any other node in the network." mean on your 192.168.1.x network?

        • 192.168.1 is a very common subnet. Perhaps that's also the subnet where your Windows 7 client is located.

        • How are you trying to access those nodes? IP, hostname? What protocol/methods? HTTP? RDP?

        • Are you running the OpenVPN client as Administrator so it can add that route? (or are you using OpenVPNManager?)

        1 Reply Last reply Reply Quote 0
        • P
          peterlinuxgeek
          last edited by

          Does "any other node in the network." mean on your 192.168.1.x network?

          Yes anything but 192.168.1.1 - I can connect and visit pfSense via https.
          but there is also a http (80) on 192.168.1.2 that stalls…

          • 192.168.1 is a very common subnet. Perhaps that's also the subnet where your Windows 7 client is located.
            I am very aware of that. Used my phone to tether a laptop so it was something random.
            Tried it from another place with 192.168.210.0/24 same result...

          • How are you trying to access those nodes? IP, hostname? What protocol/methods? HTTP? RDP?
            both name and IP. I actually tried ping-ing from client and the internal name resolved to the right internal IP address...
            (PFsense is setup to do DNS resolving) so that part worked
            No pings came back and nothing in the firewall logs about it either.
            Tried file browsing/ping/http nothing goes beyond 192.168.1.1 = the firewall
            but again no traces of it in the logs
            I actually took out the (wide open) default VPN rule, then I saw blocked traffic in the logs
            made custom rules to allow it back in... no luck

          • Are you running the OpenVPN client as Administrator so it can add that route? (or are you using OpenVPNManager?)

          run it as administrator

          Had this issue yrs ago but cannot recall how to fix it.
          Tried he route-method exe & route-delay stuff no luck.
          Connected from a Linux client same thing - up to the firewall, no further...

          I to have 2 other RC1 setups that work great - it is very weird & frustrating.
          Thinking of blowing it all away and start again.

          Thx for the help.

          Peter

          1 Reply Last reply Reply Quote 0
          • P
            peterlinuxgeek
            last edited by

            Thought… maybe traffic is getting in... but not back out...
            How could I 'see' that in the logs (where?)

            Peter

            1 Reply Last reply Reply Quote 0
            • L
              lucky
              last edited by

              arg, that sounds pretty frustrating.

              your config looks pretty much like mine….i dont see anything that looks like it would cause a problem

              what's the netmask on the pfsense interface for your 192.168.1.x network? is it the same as what you push in your openvpn route (255.255.255.0)

              1 Reply Last reply Reply Quote 0
              • S
                ssheikh
                last edited by

                @peterlinuxgeek:

                server 10.10.2.0 255.255.255.0

                Are you blocking private networks on the interface this server is bound to?

                What does the route table on your client say?

                1 Reply Last reply Reply Quote 0
                • I
                  individual-it
                  last edited by

                  We had very strange routing / firewall problems because of too less memory.

                  First I would check if the routes are set correctly in Diagnostics->Routes
                  And then connect with a serial cable to your box if possible and see if the boot process does not stop somewhere in between.

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    This sounds exactly like what openvpn will do if its not installed with right-click, run as admin…

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.