Cannot connect to Mullvad VPN with pfsense OpenVPN.



  • Hello!

    I'm trying to connect to the VPN provider Mullvad through OpenVPN in pfsense but cannot get it to work. It looks like I'm getting an internal IP from Mullvad on the VPN interface but there is no internet connection at all and the Pfsense update checker just says "Unable to check for updates."

    I figure that a lot of things could be wrong and I have no clue what it could be. I have followed this guide:
    http://thefreepenguin.nl/security.html#section2

    Can you guys see anything wrong with it?

    This is how the OpenVPN system log looks like (please note that I edited out my wan IP for privacy concerns):

    Sep 21 07:38:45 openvpn[74643]: OpenVPN 2.3.3 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 15 2014
    Sep 21 07:38:45 openvpn[74643]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sep 21 07:38:45 openvpn[74643]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Sep 21 07:38:45 openvpn[74927]: UDPv4 link local (bound): [AF_INET]WAN IP, edited out for privacy
    Sep 21 07:38:45 openvpn[74927]: UDPv4 link remote: [AF_INET]193.138.219.226:1194
    Sep 21 07:38:46 openvpn[74927]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
    Sep 21 07:38:46 openvpn[74927]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
    Sep 21 07:38:46 openvpn[74927]: [se3.mullvad.net] Peer Connection Initiated with [AF_INET]193.138.219.226:1194
    Sep 21 07:38:54 openvpn[74927]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Sep 21 07:38:54 openvpn[74927]: TUN/TAP device /dev/tun1 opened
    Sep 21 07:38:54 openvpn[74927]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
    Sep 21 07:38:54 openvpn[74927]: /sbin/ifconfig ovpnc1 10.8.0.34 10.8.0.33 mtu 1500 netmask 255.255.255.255 up
    Sep 21 07:38:54 openvpn[74927]: /sbin/ifconfig ovpnc1 inet6 fd24:6256:84f9:8::1007/112
    Sep 21 07:38:54 openvpn[74927]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1541 10.8.0.34 10.8.0.33 init
    Sep 21 07:38:54 openvpn[74927]: add_route_ipv6(::/2 -> fd24:6256:84f9:8:: metric -1) dev ovpnc1
    Sep 21 07:38:54 openvpn[74927]: add_route_ipv6(4000::/2 -> fd24:6256:84f9:8:: metric -1) dev ovpnc1
    Sep 21 07:38:54 openvpn[74927]: add_route_ipv6(8000::/2 -> fd24:6256:84f9:8:: metric -1) dev ovpnc1
    Sep 21 07:38:54 openvpn[74927]: add_route_ipv6(c000::/2 -> fd24:6256:84f9:8:: metric -1) dev ovpnc1
    Sep 21 07:38:54 openvpn[74927]: Initialization Sequence Completed

    Any help would be greatly appreciated!  :)

    Thanks,



    ![Outbound NAT.png](/public/imported_attachments/1/Outbound NAT.png)
    ![Outbound NAT.png_thumb](/public/imported_attachments/1/Outbound NAT.png_thumb)



  • It seems to be working now.  :D

    I don't know what I did to fix it. I just removed everything and tried again. Right now I'm trying to get a kill switch to work so that all traffic is blocked if the VPN connection goes down.

    I found this reply to the same task, but can't get it to work when I disconnect the VPN:

    https://forum.pfsense.org/index.php?topic=74911.0



  • I think this is the setting you're looking for:

    Navigate to "System: Advanced: Miscellaneous"

    Then go to "Gateway Monitoring" and check "Skip rules when gateway is down"


Log in to reply