Failing to connect OpenVPN to IPVanish



  • I mostly tried to follow these instructions but I've been fighting it all day now.  https://forum.pfsense.org/index.php?topic=66467.0

    Initially, I thought it was a subnet problem because pfSense LAN was 172.22.x.x and OPT1 VPN connection was 172.20.x.x. However, I reconfigured the LAN to 192.168 and it didn't help anything.

    VPN -> Client setup:
    Server mode: Peer to Peer
    Protocol: UDP
    Device mode: tun
    Interface: WAN
    Server host: xx.ipvanish.com
    Server port: 443
    Peer Certificate Authority: (cert from IPVanish)
    Encryption: AES-256-CBC
    Compression: Enabled with Adaptive Compression

    I'm attaching a screenshot of Firewall: NAT and will get the logs for the next post. Have to lose my internet connection to get those logs. :)

    ![Screenshot from 2015-05-07 16:18:43.png](/public/imported_attachments/1/Screenshot from 2015-05-07 16:18:43.png)
    ![Screenshot from 2015-05-07 16:18:43.png_thumb](/public/imported_attachments/1/Screenshot from 2015-05-07 16:18:43.png_thumb)



  • Here's the OpenVPN log.

    The error at the bottom "ERROR: FreeBSD route add command failed: external program exited with error status: 1" was why I initially started playing with the subnet.

    I was actually able to connect to an IPVanish server that didn't throw that error, but my internet connection still wouldn't work.

    Any ideas? What other logs or settings do you need?

    Thanks!

    ![Screenshot from 2015-05-07 17:28:54.png](/public/imported_attachments/1/Screenshot from 2015-05-07 17:28:54.png)
    ![Screenshot from 2015-05-07 17:28:54.png_thumb](/public/imported_attachments/1/Screenshot from 2015-05-07 17:28:54.png_thumb)



  • After a reboot, it sometimes initializes without the "route add command failed: external program exited with error status: 1".

    However, if I try to go to a website it still doesn't work.

    Is this a DNS issue? NAT issue? Can anyone help?

    ![Screenshot from 2015-05-08 15:12:19.png](/public/imported_attachments/1/Screenshot from 2015-05-08 15:12:19.png)
    ![Screenshot from 2015-05-08 15:12:19.png_thumb](/public/imported_attachments/1/Screenshot from 2015-05-08 15:12:19.png_thumb)



  • have you imported ipvanish crt?
    And how does your advanced settings look like?
    and outbound rules?



  • Yes, imported the cert. Haven't changed anything under advanced. Here's the cert and outbound pages.

    ![Screenshot from 2015-05-10 12:50:17.png](/public/imported_attachments/1/Screenshot from 2015-05-10 12:50:17.png)
    ![Screenshot from 2015-05-10 12:50:17.png_thumb](/public/imported_attachments/1/Screenshot from 2015-05-10 12:50:17.png_thumb)
    ![Screenshot from 2015-05-10 12:54:48.png](/public/imported_attachments/1/Screenshot from 2015-05-10 12:54:48.png)
    ![Screenshot from 2015-05-10 12:54:48.png_thumb](/public/imported_attachments/1/Screenshot from 2015-05-10 12:54:48.png_thumb)



  • Is that helpful at all? Do I need to change something under advanced?



  • @theknurd:

    Is that helpful at all? Do I need to change something under advanced?

    try to use this instead of your current advanced settings.(remember to change ther server name)

    persist-remote-ip keysize 256 tls-remote nyc-a03.ipvanish.com auth-user-pass /tmp/auth.conf script-security 3 system



  • Tried those settings. Also tried the ones from an "ovpn" file straight from IPVanish.

    I seem to be connecting to the VPN just fine. It's just that the traffic is not going through. When I try to navigate to a website the browser just shows "connecting…" down at the bottom and eventually fails.

    Guessing it's a Firewall/NAT setting I have wrong somewhere?

    ![Screenshot from 2015-05-11 16:26:13.png](/public/imported_attachments/1/Screenshot from 2015-05-11 16:26:13.png)
    ![Screenshot from 2015-05-11 16:26:13.png_thumb](/public/imported_attachments/1/Screenshot from 2015-05-11 16:26:13.png_thumb)



  • what is the ip route?



  • I'm not sure where I'm supposed to look for my ip route.

    However, it's finally working! I reset all "Firewall: NAT: Outbound" rules then copied two from the WAN rules creating them for VPN. That solved it!

    Thanks for the help!