[SOLVED] PFSense + OpenVPN: Client Install Package Exporting with Public IP

Bunkai.Satori · Sep 5, 2015, 1:34 PM

Dear all,

my PFSense is behind a router / behind NAT. In other words, PFSense's WAN Interface has private IP Address. If I do OpenVPN Client Export, the config.ovpn file contains this private IP Address, such as:

remote 172.20.20.10 1194 udp

This of course can not work as the VPN Client won't find the VPN Server based on the private IP Address. Therefore, I have to manually edit the config.ovpn file and change the private IP Address to the router's public WAN IP Address. Together with Port Forwarding set the connection works.

What I would like to know, if it is possible to enter router's WAN IP Address (public IP) somewhere in the PFSense's UI please. I want to export correct Client Install Packages and not additionally change this and that. This is even more important, when I submit the Client Install Packages to third parties. It will cause complications to expect them to additionally edit config.ovpn files. Thank you very much.

johnpoz · Sep 5, 2015, 12:18 PM

Why don't you just use the name?? Do you not have dyndns setup to point a name to your public IP? Or in the dropdown or pick other and then put in the IP address before you export..

Even if you had to edit it by hand, why you not have done this before giving the package to third party?

Bunkai.Satori · Sep 5, 2015, 1:32 PM

Hi Johnpoz,

apparently, you know this subject very well. Thank you for the answer.

Why don't you just use the name?? Do you not have dyndns setup to point a name to your public IP?

Yes, I do have a domain name. Whether I enter an IP Address or a hostname into config.ovpn, the functionality is basically the same. When asking, I just picked public IP Address.

Or in the dropdown or pick other and then put in the IP address before you export..

I was completely unaware of this point. Thank you very much. It does exactly what I asked.

Even if you had to edit it by hand, why you not have done this before giving the package to third party?

It would be possible to find many workarounds. I want to deliver x64-win6.exe Client Install Package, and the config.ovpn is already built in, which is the reason, if it is possible to export Client Intall Packages with the correct hostname / public IP.

Thank you very much Johnpoz.

johnpoz · Sep 5, 2015, 1:59 PM

You do understand that exe can be edited.. its just a self extractor that kicks off setup after it extracts.. extract it via zip/7zip and then edit the ovpn file and then just zip it back up as self extractor that runs setup exe.

Here are some simple instructions on how to do such a thing
http://ntsblog.homedev.com.au/index.php/2015/05/14/self-extracting-archive-runs-setup-exe-7zip-sfx-switch/

Bunkai.Satori · Sep 5, 2015, 2:12 PM

I know it now :-) How is it that you know so much about pfSense? Are you part of the development team?

johnpoz · Sep 5, 2015, 3:41 PM

How is you don't know all this stuff? ;)

No not a member of the dev team, just a fan and user and been working in IT for 30+ years so pick up a few things ;) Not only is IT and Networking my job its also my hobby and passion..

Bunkai.Satori · Sep 5, 2015, 5:06 PM

Johnpoz,

would you be in a mood to take a look at two my other difficulties, please? Both of them relate with PFSense and OpenVPN. If yes, would you recommend to create separate discussion threads, or may I discuss them right here? The two problems I am having are:

When I ping a device on the LAN behind PFSense from OpenVPN client, I get about 50% of Request timed out responses. I monitor this over two hours through ping 172.20.20.241 -t from the OpenVPN client.
I can access Windows shared directories on the OpenVPN client from the LAN behind PFSense, but I can not do it in the opposite way. From the OpenVPN client I can not access Windows shared directories through IP Address (ex. //172.20.20.241/downloads), and I can ping the devices on the PFSense LAN with difficulties as described in the point above.

Now when you know what are the subjects, I will gladly elaborate each of them. If you are in a mood to take a look at them, would you tell me, please, where is the best place to do it? Thank you very much.

SergeCOUDÉ · Mar 16, 2020, 2:52 PM

Hi,

with pfSense 2.4.4, it's possible to "force" the ip server to connect :

In the "Client Export Utility", "Client Connection behavior" heading, select "Other" for "Host Name Resolution". A second field appears "Hostname" and indicate in the hostname (dyndns, etc.) or public ip of the box...

The next exe client generated will had the good public ip or hostname !