OpenVPN connection problem

mirceasandu · Feb 10, 2015, 12:33 PM

Hello,

I have a OpenVPN server, under pfSense 2.1.5 x64.

My OpenVPN Settings is posted in picture attached.
Certificates usses a SHA256 Digest Altgoritm (both Server and User Certificate).

The problem is this:

I can succesfully access and connect to OpenVPN server from almost anywhere, but from work just don't want to work.

I think is some restrictions on our Enterprise Network, because server work from anywhere else I tested, but not from work.

My question is if you know some port/encryption/certification etc… settings that should work from anywhere, like nobody can block this connection to OpenVPN.

Thank you verry mouch!

kejianshi · Feb 10, 2015, 1:40 PM

perhaps they are using a proxy of some sort at work? Proxy breaks vpn usually.

(proxy wouldn't impact udp much probably - I just saw that. But UDP on 443 might be blocked in the office)

viragomann · Feb 10, 2015, 1:38 PM

You may try it with TCP protocol.

mirceasandu · Feb 10, 2015, 3:07 PM

We use a Proxy at work, but I tried to connect on TCP/443 with no succes
My config file looks like this:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote server.go.ro 8080 tcp-client
lport 0
verify-x509-name "pfSenseOpenVPN" name
http-proxy XX.XX.XX.XX 8080 proxy-credentials.txt ntlm
auth-user-pass
pkcs12 server-TCP-443-SSL_VPN.p12
tls-auth server-TCP-443-SSL_VPN-tls.key 1
ns-cert-type server
comp-lzo

And I created a proxy-credentials.txt where on first line I put username, and on seccond line I put my proxy password, and still don't work.

It give me this error:

Tue Feb 10 16:56:00 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 28 2014
Tue Feb 10 16:56:00 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Enter Management Password:
Tue Feb 10 16:56:08 2015 Control Channel Authentication: using 'server-TCP-443-SSL_VPN-tls.key' as a OpenVPN static key file
Tue Feb 10 16:56:08 2015 Attempting to establish TCP connection with [AF_INET]XX.XX.XX.XX:8080 [nonblock]
Tue Feb 10 16:56:09 2015 TCP connection established with [AF_INET] XX.XX.XX.XX:8080
Tue Feb 10 16:56:10 2015 HTTP proxy returned bad status
Tue Feb 10 16:56:10 2015 SIGTERM[soft,init_instance] received, process exiting

If you have any thoughts on this it will be really usefull.

Thanks.

johnpoz · Feb 10, 2015, 3:31 PM

I connect to pfsense openvpn using tcp 443 over a proxy from work every single day. In your openvpn gui, just setup your proxy..

is it http or socks? Do you have to auth to it?

mirceasandu · Feb 10, 2015, 5:44 PM

It is HTTP, and use auth.

johnpoz · Feb 10, 2015, 6:29 PM

Well good luck with that… You can not send auth from the gui setup. Maybe you can do it in the config?

mirceasandu · Feb 11, 2015, 8:06 AM

OK. I finaly made this work.
My client config look like this:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote openvpn-server.org 443 tcp-client
http-proxy proxy-dns-or-ip.org 8080 proxy-uyser-and-pass.txt basic
lport 0
verify-x509-name "pfSenseOpenVPN" name
auth-user-pass
pkcs12 mirceass-TCP-443-SSL_VPN.p12
tls-auth mirceass-TCP-443-SSL_VPN-tls.key 1
ns-cert-type server
comp-lzo

And "proxy-uyser-and-pass.txt" is in the C:\Program Files\OpenVPN\Config. On the first line is username, and on seccond line is password, for proxy

Now it's working and I'm pretty happy.

Thanks all and have a good day!