Initial set-up of OpenVPN



  • Using 2.1.5-RELEASE (amd64)

    So I've been looking for a tutorial in the documentation but couldn't find one.

    I read around there:
    https://doc.pfsense.org/index.php/Category:OpenVPN

    But still couldn't find a step by step guide.

    So Googling around led me to this:

    https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/

    I followed the steps and it won't work!

    I've tried from the LAN (using pfSense IP in the OVPN file) and from home (using a NO-IP hostname which does point to the right IP).

    For a client, I'm using TUNNELBLICK.

    I used the Client Export Utility to get the file.

    When i attempt to connect, it will ask for my username and password, and then it will go "Waiting for server" forever.

    So could anyone point me to a good tutorial or help me troubleshoot why it will not work?

    One thing that I find suspicious from the tutorial I followed is that it does not talk about the OpenVPN interface…

    Reading around, threads often refer to adding a new interface and selecting OpenVPN, then doing something in the gateway.

    I did not do any of that, as I thought it might be optional and i wanted the simplest way to make this work.



  • http://blog.stefcho.eu/?p=492

    it's a little outdated but should be fine for a simple roadwarrior setup



  • Somehow, I made it work.

    I'm now connected with a remote computer using TunnelBlick.

    I want to use the OpenVPN connection to be able to mount CIFS (SMB) shares from a server which is on the network managed by pfSense.

    So how can I do that?



  • Hi guys,

    I'd really like help on this if someone will spare the time to help a n00b.

    Below is my server1.conf file

    The network where pfSense (and OpenVPN) is, is configured as followed :

    pfSense is 10.0.1.1
    Netmask is /16 (255.255.0.0)

    Server with CIFS (SMB) shares is 10.0.3.50

    As you can see below:

    push "route 10.0.0.0 255.255.0.0"
    

    is there

    So as I understand it, it should work…

    Is there any config to do on the client side?

    I did use the OpenVPN client export utility, and my client is TunnelBlick.

    Basically I want to :

    1. Be able to connect to CIFS (SMB) shares through the VPN

    2. Access server Web GUI with a browser through the VPN

    dev ovpns1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local XXX
    tls-server
    server 10.0.2.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    push "route 10.0.0.0 255.255.0.0"
    push "dhcp-option DNS 10.0.1.1"
    push "dhcp-option NTP 10.0.1.1"
    push "redirect-gateway def1"
    client-to-client
    ca /var/etc/openvpn/server1.ca 
    cert /var/etc/openvpn/server1.cert 
    key /var/etc/openvpn/server1.key 
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float
    
    

    Please note that I didn't configure an INTERFACE in pfSense.

    I don't know if I should, and I don't know how or why deal with interfaces.

    THANKS !



  • You do not need any manual OpenVPN interface for a road-warrior VPN like this. Check:

    1. OpenVPN tunnel network is outside of LAN 10.0.0.0/16
    2. Firewall->Rules OpenVPN tab - put rule/s to pass traffic. The easy way to start is put a pass all rule (source any destination any). After it is working you can make the rules tighter.
    3. Server at 10.0.3.50 has its gateway set to the pfSense LAN IP 10.0.1.1
    4. Server does not have a firewall blocking you when coming from a different subnet to LAN.

    Post OpenVPN server settings, firewall rules… if you are still stuck.



  • Problem #1 is your tunnel network is inside your LAN.


Log in to reply