Issues with Client mode -> FrootVPN server
-
Hello, I would like to turn my pfSense box into a client of FrootVPN. But for some reason it just wont get up the connection. Please let me know if you can see anything?
OPENVPN Logs:
Nov 26 18:38:20 fw openvpn[91869]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Nov 26 18:38:20 fw openvpn[91869]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Nov 26 18:38:20 fw openvpn[91869]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Nov 26 18:38:20 fw openvpn[91869]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Nov 26 18:38:20 fw openvpn[91869]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Nov 26 18:38:20 fw openvpn[91869]: [server] Peer Connection Initiated with [AF_INET]178.73.212.194:1205 Nov 26 18:38:22 fw openvpn[91869]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Nov 26 18:38:22 fw openvpn[91869]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1159:b::1015/64 2a00:1a28:1159:b::1,dhcp-option DNS 80.x.x.x,dhcp-option DNS 91.x.x.x,redirect-gateway def1,route-ipv6 2000::/3,tun-ipv6,route-gateway 46.x.x.x,topology subnet,ping 10,ping-restart 160,ifconfig 46.x.x.x 255.255.255.224' Nov 26 18:38:22 fw openvpn[91869]: OPTIONS IMPORT: timers and/or timeouts modified Nov 26 18:38:22 fw openvpn[91869]: OPTIONS IMPORT: --ifconfig/up options modified Nov 26 18:38:22 fw openvpn[91869]: OPTIONS IMPORT: route options modified Nov 26 18:38:22 fw openvpn[91869]: OPTIONS IMPORT: route-related options modified Nov 26 18:38:22 fw openvpn[91869]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Nov 26 18:38:22 fw openvpn[91869]: ROUTE_GATEWAY 74.x.x.x Nov 26 18:38:22 fw openvpn[91869]: ROUTE6: default_gateway=UNDEF Nov 26 18:38:22 fw openvpn[91869]: TUN/TAP device /dev/tun1 opened Nov 26 18:38:22 fw openvpn[91869]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1 Nov 26 18:38:22 fw openvpn[91869]: /sbin/ifconfig tun 46.x.x.x 46.x.x.x mtu 1500 netmask 255.255.255.224 up Nov 26 18:38:22 fw openvpn[91869]: FreeBSD ifconfig failed: external program exited with error status: 1 Nov 26 18:38:22 fw openvpn[91869]: Exiting due to fatal error
Client1.conf
dev ovpnc1 dev-type tun #tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher BF-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 74.x.x.x engine cryptodev tls-client client lport 0 management /var/etc/openvpn/client1.sock unix remote se-openvpn.frootvpn.com 1194 ca /var/etc/openvpn/client1.ca cert /var/etc/openvpn/client1.cert key /var/etc/openvpn/client1.key resolv-retry infinite auth-user-pass /conf/TUVPN.pas client dev tun proto udp resolv-retry nfinite persist-key persist-tun verb 3 ns-cert-type server
-
I am comparing to a client of mine that is actually a site-to-site to another pfSense. My client conf is similar, starting with:
dev ovpnc1 verb 1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid
When mine does the ifconfig, the line in the OpenVPN log is:
openvpn[26867]: /sbin/ifconfig ovpnc1 10.49.255.2 10.49.255.1 mtu 1500 netmask 255.255.255.255 up
Mine does the ifconfig on device ovpnc1.
But yours is trying to do it on "tun":openvpn[91869]: /sbin/ifconfig tun 46.x.x.x 46.x.x.x mtu 1500 netmask 255.255.255.224 up
And I guess that is why ifconfig exited with error status: 1
Maybe things are all different with a client like this. But I suspect that if someone can work out why it does "ifconfig tun" and fix that to "ifconfig ovpnc1" then it might work.
-
I just finished writing up a quick set up guide on a local forum of ours, please feel free to check it out:
http://mybroadband.co.za/vb/showthread.php/669041-Mini-Guide-Setup-free-VPN-(Froot-using-OpenVPN)-in-PfSense
Seems to be working fine on my side.