Initial set-up of OpenVPN
Using 2.1.5-RELEASE (amd64)
So I've been looking for a tutorial in the documentation but couldn't find one.
I read around there:
But still couldn't find a step by step guide.
So Googling around led me to this:
I followed the steps and it won't work!
I've tried from the LAN (using pfSense IP in the OVPN file) and from home (using a NO-IP hostname which does point to the right IP).
For a client, I'm using TUNNELBLICK.
I used the Client Export Utility to get the file.
When i attempt to connect, it will ask for my username and password, and then it will go "Waiting for server" forever.
So could anyone point me to a good tutorial or help me troubleshoot why it will not work?
One thing that I find suspicious from the tutorial I followed is that it does not talk about the OpenVPN interface…
Reading around, threads often refer to adding a new interface and selecting OpenVPN, then doing something in the gateway.
I did not do any of that, as I thought it might be optional and i wanted the simplest way to make this work.
it's a little outdated but should be fine for a simple roadwarrior setup
Somehow, I made it work.
I'm now connected with a remote computer using TunnelBlick.
I want to use the OpenVPN connection to be able to mount CIFS (SMB) shares from a server which is on the network managed by pfSense.
So how can I do that?
I'd really like help on this if someone will spare the time to help a n00b.
Below is my server1.conf file
The network where pfSense (and OpenVPN) is, is configured as followed :
pfSense is 10.0.1.1
Netmask is /16 (255.255.0.0)
Server with CIFS (SMB) shares is 10.0.3.50
As you can see below:
push "route 10.0.0.0 255.255.0.0"
So as I understand it, it should work…
Is there any config to do on the client side?
I did use the OpenVPN client export utility, and my client is TunnelBlick.
Basically I want to :
Be able to connect to CIFS (SMB) shares through the VPN
Access server Web GUI with a browser through the VPN
dev ovpns1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local XXX tls-server server 10.0.2.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1194 management /var/etc/openvpn/server1.sock unix push "route 10.0.0.0 255.255.0.0" push "dhcp-option DNS 10.0.1.1" push "dhcp-option NTP 10.0.1.1" push "redirect-gateway def1" client-to-client ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip float
Please note that I didn't configure an INTERFACE in pfSense.
I don't know if I should, and I don't know how or why deal with interfaces.
You do not need any manual OpenVPN interface for a road-warrior VPN like this. Check:
- OpenVPN tunnel network is outside of LAN 10.0.0.0/16
- Firewall->Rules OpenVPN tab - put rule/s to pass traffic. The easy way to start is put a pass all rule (source any destination any). After it is working you can make the rules tighter.
- Server at 10.0.3.50 has its gateway set to the pfSense LAN IP 10.0.1.1
- Server does not have a firewall blocking you when coming from a different subnet to LAN.
Post OpenVPN server settings, firewall rules… if you are still stuck.
Problem #1 is your tunnel network is inside your LAN.