Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Doesn't work from some devices.

    Scheduled Pinned Locked Moved OpenVPN
    12 Posts 5 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alextech0x
      last edited by

      Hello people,

      i am experiencing a weird problem here related to OpenVPN.
      If i connect from Linux or Mac everything works great, but as soon as i want to use the VPN from Windows, iPhone or Android it just doesn't work, it gives me IP Address so the connection is established but i can't surf or log to the pF.

      Any help would be appreciated,

      Regards,
      Alex.

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser
        last edited by

        Version of pfsense, what steps did you use to configure openvpn, ie did you follow steps on website somewhere if so URL?

        Have you used any methods to monitor your android traffic like here?
        http://www.symantec.com/connect/blogs/monitoring-android-network-traffic-part-i-installing-toolchain
        http://www.symantec.com/connect/blogs/monitoring-android-network-traffic-part-ii-cross-compiling-tcpdump
        http://www.symantec.com/connect/blogs/monitoring-android-network-traffic-part-iii-installing-executing-tcpdump
        http://www.symantec.com/connect/blogs/monitoring-android-network-traffic-part-iv-forwarding-wireshark

        If so anything show up?

        Netcat is also useful for getting TCPDUMP's sent to other devices/locations.

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • A
          alextech0x
          last edited by

          Hello there, thanks for the answer.

          I followed this guide: https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/

          Worked sometimes from those devices that now it doesnt. It doesnt even work if im connected to the net's wifi

          Weird, pFsense version is 2.2.3 32 bits

          1 Reply Last reply Reply Quote 0
          • F
            firewalluser
            last edited by

            That link brings back memories to when I set my openvpn up, then found someone tested the presence of openvpn port within minutes of completion, not many people can time that right, but they didnt bank on me having the openvpn on a different port!

            Anyway, one option, install the same version of pfsense as in the guide, carry out out same procedure and then see if Windows & android work or not. If it does, upgrade pfsense to latest version, repeat to make sure it still works. This confirms your windows/android devices work ok or not in the later version of pfsense.

            Another option is to check the logs see if any error messages are showing up, and see if any traffic is actually coming in or being blocked.
            Ticking the Log packets option in a fw rule is useful for this as you can see if the openvpn rules are seeing traffic or not.

            I dont know if it still exists in 2.2.3, but earlier versions of pfsense and windows had issues, which involved TUN/TAP so worth checking out https://openvpn.net/install.html

            You dont say what version of windows or android which may or may not be relevant but checking the various pfsense logs would be my first port of call.

            Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

            Asch Conformity, mainly the blind leading the blind.

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              then found someone tested the presence of openvpn port within minutes of completion, not many people can time that right

              Surely it was a coincidence.  At any given moment, there are a million different worms and other nasties scanning all of public IP space for listening servers, looking to exploit them.

              1 Reply Last reply Reply Quote 0
              • F
                firewalluser
                last edited by

                @KOM:

                then found someone tested the presence of openvpn port within minutes of completion, not many people can time that right

                Surely it was a coincidence.  At any given moment, there are a million different worms and other nasties scanning all of public IP space for listening servers, looking to exploit them.

                It might well have been, but until you log these things, patterns dont become obvious. :)

                Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                Asch Conformity, mainly the blind leading the blind.

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Reminds me of every time a management suit asks to see firewall logs, and then their heads explode when they think we're under constant, targeted attack by every bad actor on Earth.  Good luck trying to convince them it's no different from kids rustling doorknobs or playing Nicky-nicky-9-door in a hotel. Trust in your locks and ignore the noise.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    I can tell you for fact that pfsense open vpn works just fine from windows clients.. I use it every single day.. Did you run the openvpn client as admin?  You should be using the latest client 2.3.7

                    Tue Jul 28 15:43:48 2015 OpenVPN 2.3.7 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jul  9 2015
                    Tue Jul 28 15:43:48 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08

                    I use both tcp and udp connection, and even bounce the tcp off a proxy at work without any issues.

                    Did your driver get installed on windows?  What are the errors you get when you connect turn up the verb if needed in the config..  Did you install the client on your own or grab the bundel from the openvpn client xport package?  What config did you grab if you installed the client on your own?

                    I am connected right now - through a vpn connection (at a customer site) to work on their wireless to my work proxy and then my openvpn connection to home

                    Ethernet adapter vpn:

                    Connection-specific DNS Suffix  . : local.lan
                      Description . . . . . . . . . . . : TAP-Windows Adapter V9
                      Physical Address. . . . . . . . . : 00-FF-5A-2F-7E-EA
                      DHCP Enabled. . . . . . . . . . . : Yes
                      Autoconfiguration Enabled . . . . : Yes
                      IPv6 Address. . . . . . . . . . . : 2001:<snipped>::1000(Preferred)
                      Link-local IPv6 Address . . . . . : fe80::e94a:98a4:4c11:3db1%22(Preferred)
                      IPv4 Address. . . . . . . . . . . : 10.0.8.6(Preferred)
                      Subnet Mask . . . . . . . . . . . : 255.255.255.252
                      Lease Obtained. . . . . . . . . . : Tuesday, July 28, 2015 3:44:08 PM
                      Lease Expires . . . . . . . . . . : Wednesday, July 27, 2016 3:44:08 PM
                      Default Gateway . . . . . . . . . :
                      DHCP Server . . . . . . . . . . . : 10.0.8.5
                      DHCPv6 IAID . . . . . . . . . . . : 385941338
                      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4C-CA-26-3C-97-0E-99-DF-75
                      DNS Servers . . . . . . . . . . . : 192.168.9.253
                      NetBIOS over Tcpip. . . . . . . . : Enabled

                    Even have ipv6 over my vpn working
                    C:>ping 192.168.9.100

                    Pinging 192.168.9.100 with 32 bytes of data:                                 
                    Reply from 192.168.9.100: bytes=32 time=719ms TTL=127                       
                    Reply from 192.168.9.100: bytes=32 time=325ms TTL=127                       
                    Reply from 192.168.9.100: bytes=32 time=332ms TTL=127                       
                    Reply from 192.168.9.100: bytes=32 time=326ms TTL=127

                    Ping statistics for 192.168.9.100:                                           
                        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),                     
                    Approximate round trip times in milli-seconds:                               
                        Minimum = 325ms, Maximum = 719ms, Average = 425ms

                    C:>ping ipv6.google.com

                    Pinging ipv6.l.google.com [2607:f8b0:4004:808::100e] with 32 bytes of data: 
                    Reply from 2607:f8b0:4004:808::100e: time=357ms                             
                    Reply from 2607:f8b0:4004:808::100e: time=356ms                             
                    Reply from 2607:f8b0:4004:808::100e: time=356ms                             
                    Reply from 2607:f8b0:4004:808::100e: time=384ms

                    Ping statistics for 2607:f8b0:4004:808::100e:                               
                        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),                     
                    Approximate round trip times in milli-seconds:                               
                        Minimum = 356ms, Maximum = 384ms, Average = 363ms

                    Really shitting times because my vpn to work endpoint is in Germany currently ;)  While my work proxy I have to bounce off is in TX and my home is in Chicago and I am in Indy currently.  So clearly taking the scenic route to my home network ;)</snipped>

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      Yeah I forgot all about OpenVPN pretending to work but not really if you forget to run it as administrator.

                      1 Reply Last reply Reply Quote 0
                      • A
                        alextech0x
                        last edited by

                        Finally… i got it to work.
                        The question is that Hostnames dont work, i have to type IP Addresses, but only from the VPN.
                        Any thoughts?

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          yeah what are you using for name resolution - you can not broadcast for host names when your not on the same segment..  So you need to query dns for a fqdn..  What is your search suffix if you just trying to lookup host

                          what is domain.tld that makes it a fully qualified domain name?  FQDN

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • G
                            gazoo
                            last edited by

                            Yeah, the only problems I've ever had is when you don't run as administrator. That's a big one.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.