OpenVPN connection problem
-
Hello,
I have a OpenVPN server, under pfSense 2.1.5 x64.
My OpenVPN Settings is posted in picture attached.
Certificates usses a SHA256 Digest Altgoritm (both Server and User Certificate).The problem is this:
- I can succesfully access and connect to OpenVPN server from almost anywhere, but from work just don't want to work.
I think is some restrictions on our Enterprise Network, because server work from anywhere else I tested, but not from work.
My question is if you know some port/encryption/certification etc… settings that should work from anywhere, like nobody can block this connection to OpenVPN.
Thank you verry mouch!
-
perhaps they are using a proxy of some sort at work? Proxy breaks vpn usually.
(proxy wouldn't impact udp much probably - I just saw that. But UDP on 443 might be blocked in the office)
-
You may try it with TCP protocol.
-
We use a Proxy at work, but I tried to connect on TCP/443 with no succes
My config file looks like this:dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote server.go.ro 8080 tcp-client
lport 0
verify-x509-name "pfSenseOpenVPN" name
http-proxy XX.XX.XX.XX 8080 proxy-credentials.txt ntlm
auth-user-pass
pkcs12 server-TCP-443-SSL_VPN.p12
tls-auth server-TCP-443-SSL_VPN-tls.key 1
ns-cert-type server
comp-lzoAnd I created a proxy-credentials.txt where on first line I put username, and on seccond line I put my proxy password, and still don't work.
It give me this error:
Tue Feb 10 16:56:00 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 28 2014
Tue Feb 10 16:56:00 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Enter Management Password:
Tue Feb 10 16:56:08 2015 Control Channel Authentication: using 'server-TCP-443-SSL_VPN-tls.key' as a OpenVPN static key file
Tue Feb 10 16:56:08 2015 Attempting to establish TCP connection with [AF_INET]XX.XX.XX.XX:8080 [nonblock]
Tue Feb 10 16:56:09 2015 TCP connection established with [AF_INET] XX.XX.XX.XX:8080
Tue Feb 10 16:56:10 2015 HTTP proxy returned bad status
Tue Feb 10 16:56:10 2015 SIGTERM[soft,init_instance] received, process exitingIf you have any thoughts on this it will be really usefull.
Thanks.
-
I connect to pfsense openvpn using tcp 443 over a proxy from work every single day. In your openvpn gui, just setup your proxy..
is it http or socks? Do you have to auth to it?
-
It is HTTP, and use auth.
-
Well good luck with that… You can not send auth from the gui setup. Maybe you can do it in the config?
-
OK. I finaly made this work.
My client config look like this:dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote openvpn-server.org 443 tcp-client
http-proxy proxy-dns-or-ip.org 8080 proxy-uyser-and-pass.txt basic
lport 0
verify-x509-name "pfSenseOpenVPN" name
auth-user-pass
pkcs12 mirceass-TCP-443-SSL_VPN.p12
tls-auth mirceass-TCP-443-SSL_VPN-tls.key 1
ns-cert-type server
comp-lzoAnd "proxy-uyser-and-pass.txt" is in the C:\Program Files\OpenVPN\Config. On the first line is username, and on seccond line is password, for proxy
Now it's working and I'm pretty happy.
Thanks all and have a good day!