On 26/01/10 16:01, Paul Mansfield wrote: > On 26/01/10 15:39, Nate Davis wrote: >> Paul, >> >> We are using http://www.viscosityvpn.com/ as the OpenVPN Client for the Mac= >> s on our network, and it has worked like a dream. I can resolve items by >> name over the vpn and such. We were using tunnelblick for quite a while, but >> this paid product was the way to go in our environment. We are running >> 10.6.2 clients. >> > > hmm, interesting, so I suspect it's the tunnelblick "helper" app we're > using that's failing to work. we did have one guy use viscosity and like > it, but up till recently there wasn't anyone who was complaing of > problems, but now I've got a real problem with a couple of non-technical > users, unfortunately they're the ones who most need a roaming VPN > solution :-( > > thanks very much for the feedback!
My colleague tried viscosity and found that it didn't make a difference either I'd like to add I have tried shared key and x509 methods, and in both cases usign tunnelblick I have to put the "route" commands in as the Mac ignores it. I am using udp, but on a non-standard port for testing; here's the generated configuration on the pfsense 1.2.3 server. writepid /var/run/openvpn_server43.pid #user nobody #group nobody daemon keepalive 10 60 ping-timer-rem persist-tun persist-key dev tun proto udp cipher BF-CBC up /etc/rc.filter_configure down /etc/rc.filter_configure client-to-client server w.x.y.z 255.255.255.0 client-config-dir /var/etc/openvpn_csc lport zzzz push "dhcp-option DOMAIN example.com" push "dhcp-option DNS a.b.c.d" push "dhcp-option DNS a.b.e.f" push "dhcp-option WINS a.b.c.d" push "dhcp-option NTP a.b.c.d" push "dhcp-option NTP a.b.e.f" push "dhcp-option DISABLE-NBT" ca /var/etc/openvpn_server43.ca cert /var/etc/openvpn_server43.cert key /var/etc/openvpn_server43.key dh /var/etc/openvpn_server43.dh comp-lzo # pick up per-client options client-config-dir /var/etc/ccd # keep detailed log and status status /var/log/full/openvpn_server43.status log /var/log/full/openvpn_server43.log --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
