Failing to connect OpenVPN to IPVanish
-
I mostly tried to follow these instructions but I've been fighting it all day now. https://forum.pfsense.org/index.php?topic=66467.0
Initially, I thought it was a subnet problem because pfSense LAN was 172.22.x.x and OPT1 VPN connection was 172.20.x.x. However, I reconfigured the LAN to 192.168 and it didn't help anything.
VPN -> Client setup:
Server mode: Peer to Peer
Protocol: UDP
Device mode: tun
Interface: WAN
Server host: xx.ipvanish.com
Server port: 443
Peer Certificate Authority: (cert from IPVanish)
Encryption: AES-256-CBC
Compression: Enabled with Adaptive CompressionI'm attaching a screenshot of Firewall: NAT and will get the logs for the next post. Have to lose my internet connection to get those logs. :)
 -
Here's the OpenVPN log.
The error at the bottom "ERROR: FreeBSD route add command failed: external program exited with error status: 1" was why I initially started playing with the subnet.
I was actually able to connect to an IPVanish server that didn't throw that error, but my internet connection still wouldn't work.
Any ideas? What other logs or settings do you need?
Thanks!
 -
After a reboot, it sometimes initializes without the "route add command failed: external program exited with error status: 1".
However, if I try to go to a website it still doesn't work.
Is this a DNS issue? NAT issue? Can anyone help?
 -
have you imported ipvanish crt?
And how does your advanced settings look like?
and outbound rules? -
Yes, imported the cert. Haven't changed anything under advanced. Here's the cert and outbound pages.
 -
Is that helpful at all? Do I need to change something under advanced?
-
Is that helpful at all? Do I need to change something under advanced?
try to use this instead of your current advanced settings.(remember to change ther server name)
persist-remote-ip keysize 256 tls-remote nyc-a03.ipvanish.com auth-user-pass /tmp/auth.conf script-security 3 system
-
Tried those settings. Also tried the ones from an "ovpn" file straight from IPVanish.
I seem to be connecting to the VPN just fine. It's just that the traffic is not going through. When I try to navigate to a website the browser just shows "connecting…" down at the bottom and eventually fails.
Guessing it's a Firewall/NAT setting I have wrong somewhere?
 -
what is the ip route?
-
I'm not sure where I'm supposed to look for my ip route.
However, it's finally working! I reset all "Firewall: NAT: Outbound" rules then copied two from the WAN rules creating them for VPN. That solved it!
Thanks for the help!