Jump to content
TorGuard
  • 0
anjan42

PfSense not working with openvpn

Rate this question

Question

anjan42
I am using Pfsense 2.3.4.
 
I configured openvpn as mentioned here
 
The only difference I did was enabled TLS authentication and copied the key in zip file I received. If I dont select TLS it wont connect, also I have changed encryption to AES and hash to SHA256 in VPN config as in the client file. If I configure SHA1 it wont work. I am using UDP tunnel files.
THe intial certification configuration is exactly the same mentioned in the article. 
 
I have sucessfully configured NAT and I can see the default route too but the problem is VPN is up but send receive bytes are 3-4 KB all the time. I cannot access the internet using it, I think there is some mistake in the configuration 
 
Here are the logs from verb 3 configuartion
 
 
 
Oct 21 09:31:36 openvpn 53208 Restart pause, 5 second(s)
Oct 21 09:31:41 openvpn 53208 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 09:31:41 openvpn 53208 Socket Buffers: R=[65228->65228] S=[65228->65228]
Oct 21 09:31:41 openvpn 53208 Attempting to establish TCP connection with [AF_INET]195.154.209.57:1912 [nonblock]
Oct 21 09:31:42 openvpn 53208 TCP connection established with [AF_INET]195.154.209.57:1912
Oct 21 09:31:42 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
Oct 21 09:31:42 openvpn 53208 TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.66
Oct 21 09:31:42 openvpn 53208 TCPv4_CLIENT link remote: [AF_INET]195.154.209.57:1912
Oct 21 09:31:42 openvpn 53208 TLS: Initial packet from [AF_INET]195.154.209.57:1912, sid=7dfe3564 874ca556
Oct 21 09:31:42 openvpn 53208 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, [email protected]
Oct 21 09:31:42 openvpn 53208 Validating certificate key usage
Oct 21 09:31:42 openvpn 53208 ++ Certificate has key usage 00a0, expects 00a0
Oct 21 09:31:42 openvpn 53208 VERIFY KU OK
Oct 21 09:31:42 openvpn 53208 Validating certificate extended key usage
Oct 21 09:31:42 openvpn 53208 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 21 09:31:42 openvpn 53208 VERIFY EKU OK
Oct 21 09:31:42 openvpn 53208 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, [email protected]
Oct 21 09:31:42 openvpn 53208 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
Oct 21 09:31:42 openvpn 53208 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Oct 21 09:31:42 openvpn 53208 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 21 09:31:42 openvpn 53208 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 09:31:42 openvpn 53208 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 21 09:31:42 openvpn 53208 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 09:31:42 openvpn 53208 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 21 09:31:42 openvpn 53208 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]195.154.209.57:1912
Oct 21 09:31:44 openvpn 53208 SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
Oct 21 09:31:44 openvpn 53208 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 10.8.0.1,route 10.34.0.1,topology net30,ping 5,ping-restart 30,socket-flags TCP_NODELAY,ifconfig 10.34.0.10 10.34.0.9,peer-id 0'
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: timers and/or timeouts modified
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: --socket-flags option modified
Oct 21 09:31:44 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: --ifconfig/up options modified
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: route options modified
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: peer-id set
Oct 21 09:31:44 openvpn 53208 OPTIONS IMPORT: adjusting link_mtu to 1574
Oct 21 09:31:44 openvpn 53208 Preserving previous TUN/TAP instance: ovpnc1
Oct 21 09:31:44 openvpn 53208 Initialization Sequence Completed
Oct 21 09:32:40 openvpn 53208 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 21 09:32:40 openvpn 53208 MANAGEMENT: CMD 'state 1'
Oct 21 09:32:40 openvpn 53208 MANAGEMENT: CMD 'status 2'
Oct 21 09:32:40 openvpn 53208 MANAGEMENT: Client disconnected
Oct 21 09:32:43 openvpn 53208 Connection reset, restarting [0]
Oct 21 09:32:43 openvpn 53208 SIGUSR1[soft,connection-reset] received, process restarting
Oct 21 09:32:43 openvpn 53208 Restart pause, 5 second(s)
Oct 21 09:32:48 openvpn 53208 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 09:32:48 openvpn 53208 Socket Buffers: R=[65228->65228] S=[65228->65228]
Oct 21 09:32:48 openvpn 53208 Attempting to establish TCP connection with [AF_INET]195.154.209.57:1912 [nonblock]
Oct 21 09:32:49 openvpn 53208 TCP connection established with [AF_INET]195.154.209.57:1912
Oct 21 09:32:49 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
Oct 21 09:32:49 openvpn 53208 TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.66
Oct 21 09:32:49 openvpn 53208 TCPv4_CLIENT link remote: [AF_INET]195.154.209.57:1912
Oct 21 09:32:49 openvpn 53208 TLS: Initial packet from [AF_INET]195.154.209.57:1912, sid=e7b2957d a044c05b
Oct 21 09:32:50 openvpn 53208 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, [email protected]
Oct 21 09:32:50 openvpn 53208 Validating certificate key usage
Oct 21 09:32:50 openvpn 53208 ++ Certificate has key usage 00a0, expects 00a0
Oct 21 09:32:50 openvpn 53208 VERIFY KU OK
Oct 21 09:32:50 openvpn 53208 Validating certificate extended key usage
Oct 21 09:32:50 openvpn 53208 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 21 09:32:50 openvpn 53208 VERIFY EKU OK
Oct 21 09:32:50 openvpn 53208 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, [email protected]
Oct 21 09:32:50 openvpn 53208 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
Oct 21 09:32:50 openvpn 53208 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Oct 21 09:32:50 openvpn 53208 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 21 09:32:50 openvpn 53208 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 09:32:50 openvpn 53208 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Oct 21 09:32:50 openvpn 53208 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 09:32:50 openvpn 53208 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 21 09:32:50 openvpn 53208 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]195.154.209.57:1912
Oct 21 09:32:52 openvpn 53208 SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
Oct 21 09:32:52 openvpn 53208 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 10.8.0.1,route 10.34.0.1,topology net30,ping 5,ping-restart 30,socket-flags TCP_NODELAY,ifconfig 10.34.0.10 10.34.0.9,peer-id 0'
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: timers and/or timeouts modified
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: --socket-flags option modified
Oct 21 09:32:52 openvpn 53208 Socket flags: TCP_NODELAY=1 succeeded
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: --ifconfig/up options modified
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: route options modified
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: peer-id set
Oct 21 09:32:52 openvpn 53208 OPTIONS IMPORT: adjusting link_mtu to 1574
Oct 21 09:32:52 openvpn 53208 Preserving previous TUN/TAP instance: ovpnc1
Oct 21 09:32:52 openvpn 53208 Initialization Sequence Completed
 
 
 
Route table after connection:
[2.3.4-RELEASE][[email protected]]/root: netstat -r
Routing tables
 
Internet:
Destination        Gateway            Flags      Netif Expire
0.0.0.0/1          10.34.0.5          UGS      ovpnc1
default            mynetwork          UGS         le1
10.34.0.1/32       10.34.0.5          UGS      ovpnc1
10.34.0.5          link#7             UH       ovpnc1
10.34.0.6          link#7             UHS         lo0
dns.usa1.torguard. 10.34.0.5          UGHS     ovpnc1
dns.usa2.torguard. 10.34.0.5          UGHS     ovpnc1
localhost          link#6             UH          lo0
128.0.0.0/1        10.34.0.5          UGS      ovpnc1
185.25.21.161/32   mynetwork          UGS         le1
192.168.1.0        link#1             U           le0
pfSense            link#1             UHS         lo0
192.168.2.0        link#2             U           le1
mynetwork          00:0c:29:1f:f5:78  UHS         le1
192.168.2.66       link#2             UHS         lo0
195.154.204.10/32  mynetwork          UGS         le1
 

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Support

Hi - can you try below commands and see which works:

 

ping 8.8.8.8

ping google.com

 

It could simply be a DNS issue IF you think your firewall is setup as per the guide.

 

Regards

Share this post


Link to post
Share on other sites
  • 0
J Smith

I am having trouble getting pFsense to go as well.  What worked for you

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×