• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN connection problem

Scheduled Pinned Locked Moved OpenVPN
8 Posts 4 Posters 5.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mirceasandu
    last edited by Feb 10, 2015, 12:33 PM Feb 10, 2015, 12:27 PM

    Hello,

    I have a OpenVPN server, under pfSense 2.1.5 x64.

    My OpenVPN Settings is posted in picture attached.
    Certificates usses a SHA256 Digest Altgoritm (both Server and User Certificate).

    The problem is this:

    • I can succesfully access and connect to OpenVPN server from almost anywhere, but from work just don't want to work.

    I think is some restrictions on our Enterprise Network, because server work from anywhere else I tested, but not from work.

    My question is if you know some port/encryption/certification etc… settings that should work from anywhere, like nobody can block this connection to OpenVPN.

    Thank you verry mouch!
    OpenVPN-srv.jpg
    OpenVPN-srv2.jpg
    OpenVPN-srv.jpg_thumb
    OpenVPN-srv2.jpg_thumb

    1 Reply Last reply Reply Quote 0
    • K
      kejianshi
      last edited by Feb 10, 2015, 1:40 PM Feb 10, 2015, 12:36 PM

      perhaps they are using a proxy of some sort at work?  Proxy breaks vpn usually.

      (proxy wouldn't impact udp much probably - I just saw that.  But UDP on 443 might be blocked in the office)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by Feb 10, 2015, 1:38 PM

        You may try it with TCP protocol.

        1 Reply Last reply Reply Quote 0
        • M
          mirceasandu
          last edited by Feb 10, 2015, 3:07 PM

          We use a Proxy at work, but I tried to connect on TCP/443 with no succes
          My config file looks like this:

          dev tun
          persist-tun
          persist-key
          cipher AES-256-CBC
          auth SHA1
          tls-client
          client
          resolv-retry infinite
          remote server.go.ro 8080 tcp-client
          lport 0
          verify-x509-name "pfSenseOpenVPN" name
          http-proxy XX.XX.XX.XX 8080  proxy-credentials.txt ntlm
          auth-user-pass
          pkcs12 server-TCP-443-SSL_VPN.p12
          tls-auth server-TCP-443-SSL_VPN-tls.key 1
          ns-cert-type server
          comp-lzo

          And I created a proxy-credentials.txt where on first line I put username, and on seccond line I put my proxy password, and still don't work.

          It give me this error:

          Tue Feb 10 16:56:00 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 28 2014
          Tue Feb 10 16:56:00 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
          Enter Management Password:
          Tue Feb 10 16:56:08 2015 Control Channel Authentication: using 'server-TCP-443-SSL_VPN-tls.key' as a OpenVPN static key file
          Tue Feb 10 16:56:08 2015 Attempting to establish TCP connection with [AF_INET]XX.XX.XX.XX:8080 [nonblock]
          Tue Feb 10 16:56:09 2015 TCP connection established with [AF_INET] XX.XX.XX.XX:8080
          Tue Feb 10 16:56:10 2015 HTTP proxy returned bad status
          Tue Feb 10 16:56:10 2015 SIGTERM[soft,init_instance] received, process exiting

          If you have any thoughts on this it will be really usefull.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator
            last edited by Feb 10, 2015, 3:31 PM

            I connect to pfsense openvpn using tcp 443 over a proxy from work every single day.  In your openvpn gui, just setup your proxy..

            is it http or socks?  Do you have to auth to it?

            vpnproxy.png
            vpnproxy.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              mirceasandu
              last edited by Feb 10, 2015, 5:44 PM

              It is HTTP, and use auth.

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator
                last edited by Feb 10, 2015, 6:29 PM

                Well good luck with that…  You can not send auth from the gui setup.  Maybe you can do it in the config?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • M
                  mirceasandu
                  last edited by Feb 11, 2015, 8:06 AM

                  OK. I finaly made this work.
                  My client config look like this:

                  dev tun
                  persist-tun
                  persist-key
                  cipher AES-256-CBC
                  auth SHA1
                  tls-client
                  client
                  resolv-retry infinite
                  remote openvpn-server.org 443 tcp-client
                  http-proxy proxy-dns-or-ip.org 8080 proxy-uyser-and-pass.txt basic
                  lport 0
                  verify-x509-name "pfSenseOpenVPN" name
                  auth-user-pass
                  pkcs12 mirceass-TCP-443-SSL_VPN.p12
                  tls-auth mirceass-TCP-443-SSL_VPN-tls.key 1
                  ns-cert-type server
                  comp-lzo

                  And "proxy-uyser-and-pass.txt" is in the C:\Program Files\OpenVPN\Config. On the first line is username, and on seccond line is password, for proxy

                  Now it's working and I'm pretty happy.

                  Thanks all and have a good day!

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received