Issues with Client mode -> FrootVPN server



  • Hello, I would like to turn my pfSense box into a client of FrootVPN.  But for some reason it just wont get up the connection.  Please let me know if you can see anything?

    OPENVPN Logs:

    
    Nov 26 18:38:20	fw openvpn[91869]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Nov 26 18:38:20	fw openvpn[91869]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Nov 26 18:38:20	fw openvpn[91869]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Nov 26 18:38:20	fw openvpn[91869]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Nov 26 18:38:20	fw openvpn[91869]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Nov 26 18:38:20	fw openvpn[91869]: [server] Peer Connection Initiated with [AF_INET]178.73.212.194:1205
    Nov 26 18:38:22	fw openvpn[91869]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Nov 26 18:38:22	fw openvpn[91869]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1159:b::1015/64 2a00:1a28:1159:b::1,dhcp-option DNS 80.x.x.x,dhcp-option DNS 91.x.x.x,redirect-gateway def1,route-ipv6 2000::/3,tun-ipv6,route-gateway 46.x.x.x,topology subnet,ping 10,ping-restart 160,ifconfig 46.x.x.x 255.255.255.224'
    Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: timers and/or timeouts modified
    Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: --ifconfig/up options modified
    Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: route options modified
    Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: route-related options modified
    Nov 26 18:38:22	fw openvpn[91869]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Nov 26 18:38:22	fw openvpn[91869]: ROUTE_GATEWAY 74.x.x.x
    Nov 26 18:38:22	fw openvpn[91869]: ROUTE6: default_gateway=UNDEF
    Nov 26 18:38:22	fw openvpn[91869]: TUN/TAP device /dev/tun1 opened
    Nov 26 18:38:22	fw openvpn[91869]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
    Nov 26 18:38:22	fw openvpn[91869]: /sbin/ifconfig tun 46.x.x.x 46.x.x.x mtu 1500 netmask 255.255.255.224 up
    Nov 26 18:38:22	fw openvpn[91869]: FreeBSD ifconfig failed: external program exited with error status: 1
    Nov 26 18:38:22	fw openvpn[91869]: Exiting due to fatal error
    
    

    Client1.conf

    
    dev ovpnc1
    dev-type tun
    #tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 74.x.x.x
    engine cryptodev
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote se-openvpn.frootvpn.com 1194
    ca /var/etc/openvpn/client1.ca 
    cert /var/etc/openvpn/client1.cert 
    key /var/etc/openvpn/client1.key 
    resolv-retry infinite
    auth-user-pass /conf/TUVPN.pas
    client
    dev tun
    proto udp
    resolv-retry nfinite
    persist-key
    persist-tun
    verb 3
    ns-cert-type server
    
    


  • I am comparing to a client of mine that is actually a site-to-site to another pfSense. My client conf is similar, starting with:

    dev ovpnc1
    verb 1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    
    

    When mine does the ifconfig, the line in the OpenVPN log is:

    openvpn[26867]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up
    

    Mine does the ifconfig on device ovpnc1.
    But yours is trying to do it on "tun":

    openvpn[91869]: /sbin/ifconfig tun 46.x.x.x 46.x.x.x mtu 1500 netmask 255.255.255.224 up
    

    And I guess that is why ifconfig exited with error status: 1

    Maybe things are all different with a client like this. But I suspect that if someone can work out why it does "ifconfig tun" and fix that to "ifconfig ovpnc1" then it might work.



  • I just finished writing up a quick set up guide on a local forum of ours, please feel free to check it out:

    http://mybroadband.co.za/vb/showthread.php/669041-Mini-Guide-Setup-free-VPN-(Froot-using-OpenVPN)-in-PfSense

    Seems to be working fine on my side.


Log in to reply