Re: [pfSense-discussion] openvpn and mac osx 10.6
On 27/01/10 12:27, Paul Mansfield wrote: > On 26/01/10 16:01, Paul Mansfield wrote: >> On 26/01/10 15:39, Nate Davis wrote: BTW, Nate, were you using tun or tap? a test shows that using tap/bridging kicks off the mac's dhcp client and that successfully sets up DNS. I think we're going to end up building a non-pfsense (linux) box for this as it'll be easier and we can use a lot of openvpn options that require too much messing with custom fields in pfsense. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] openvpn and mac osx 10.6
On 26/01/10 16:01, Paul Mansfield wrote: > On 26/01/10 15:39, Nate Davis wrote: >> Paul, >> >> We are using http://www.viscosityvpn.com/ as the OpenVPN Client for the Mac= >> s on our network, and it has worked like a dream. I can resolve items by >> name over the vpn and such. We were using tunnelblick for quite a while, but >> this paid product was the way to go in our environment. We are running >> 10.6.2 clients. >> > > hmm, interesting, so I suspect it's the tunnelblick "helper" app we're > using that's failing to work. we did have one guy use viscosity and like > it, but up till recently there wasn't anyone who was complaing of > problems, but now I've got a real problem with a couple of non-technical > users, unfortunately they're the ones who most need a roaming VPN > solution :-( > > thanks very much for the feedback! My colleague tried viscosity and found that it didn't make a difference either I'd like to add I have tried shared key and x509 methods, and in both cases usign tunnelblick I have to put the "route" commands in as the Mac ignores it. I am using udp, but on a non-standard port for testing; here's the generated configuration on the pfsense 1.2.3 server. writepid /var/run/openvpn_server43.pid #user nobody #group nobody daemon keepalive 10 60 ping-timer-rem persist-tun persist-key dev tun proto udp cipher BF-CBC up /etc/rc.filter_configure down /etc/rc.filter_configure client-to-client server w.x.y.z 255.255.255.0 client-config-dir /var/etc/openvpn_csc lport push "dhcp-option DOMAIN example.com" push "dhcp-option DNS a.b.c.d" push "dhcp-option DNS a.b.e.f" push "dhcp-option WINS a.b.c.d" push "dhcp-option NTP a.b.c.d" push "dhcp-option NTP a.b.e.f" push "dhcp-option DISABLE-NBT" ca /var/etc/openvpn_server43.ca cert /var/etc/openvpn_server43.cert key /var/etc/openvpn_server43.key dh /var/etc/openvpn_server43.dh comp-lzo # pick up per-client options client-config-dir /var/etc/ccd # keep detailed log and status status /var/log/full/openvpn_server43.status log /var/log/full/openvpn_server43.log - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] openvpn and mac osx 10.6
On 26/01/10 18:19, Chris Buechler wrote: > On Tue, Jan 26, 2010 at 10:23 AM, Paul Mansfield > wrote: >> >> we had openvpn working with osx 10.5 with a bit of bodging to get DNS to >> work, but 10.6.2 seems to have quite a few DNS quirks that prevent >> resolver from being set >> >> we've had to fiddle with the macs to add a new network location/profile >> called "vpn" which has manual DNS settings; it's made harder by the >> inconsistent way that apple airport connections are set. >> >> so I was wondering whether anyone had a better fix, or even a way to >> make it work seamlessly? we're using tunnelblick which is a wrapper round openvpn with some scripts; the build we're trying, I'm told, has a very up to date version of ovpn. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] openvpn and mac osx 10.6
On Tue, Jan 26, 2010 at 10:23 AM, Paul Mansfield wrote: > > we had openvpn working with osx 10.5 with a bit of bodging to get DNS to > work, but 10.6.2 seems to have quite a few DNS quirks that prevent > resolver from being set > > we've had to fiddle with the macs to add a new network location/profile > called "vpn" which has manual DNS settings; it's made harder by the > inconsistent way that apple airport connections are set. > > so I was wondering whether anyone had a better fix, or even a way to > make it work seamlessly? > You sure that's not a problem with the client? What client are you using? - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense-discussion] openvpn and mac osx 10.6
we had openvpn working with osx 10.5 with a bit of bodging to get DNS to work, but 10.6.2 seems to have quite a few DNS quirks that prevent resolver from being set we've had to fiddle with the macs to add a new network location/profile called "vpn" which has manual DNS settings; it's made harder by the inconsistent way that apple airport connections are set. so I was wondering whether anyone had a better fix, or even a way to make it work seamlessly? thanks very much Paul - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org