I'm having trouble with OpenVPN on pfSense 1.2.0 and would appreciate some help please. I've searched the pfSense forum and mailing list and though I've found pointers to similar issues I haven't found anything that's helped me fix this yet.
I don't seem to have routing between pfSense and the LAN for the roadwarrior. When using the VPN in I can ssh into pfSense at 10.0.10.1 then ssh out from there to the LAN. I cannot ping addresses on the LAN. I'm not sure if it's related or not but OpenVPN on the server appears to keep restarting every minute or two. No additional packages are installed. The OpenVPN log on pfSense has the following errors: openvpn[12906]: WARNING: using --pull/--client and --ifconfig together is probably not what you want openvpn[12907]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 pfSense IP addressing: pfSense WAN IP address: static IP from ISP pfSense LAN IP address range: 10.0.0.0/24 OpenVPN server configuration: Dynamic IP: yes Address pool: 10.0.10.0/24 Authentication method: PKI Local network: 10.0.0.0/24 LZO compression: yes OpenVPN client configuration: Server address: static IP from ISP Interface IP: 10.0.10.0/24 Authentication method: PKI LZO compression: yes Dynamic sourceport: yes OpenVPN log: Jun 19 14:40:50 openvpn[66753]: [UNDEF] Inactivity timeout (--ping-restart), restarting Jun 19 14:40:50 openvpn[66753]: SIGUSR1[soft,ping-restart] received, process restarting Jun 19 14:40:52 openvpn[66753]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Jun 19 14:40:52 openvpn[66753]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jun 19 14:40:52 openvpn[66753]: Re-using SSL/TLS context Jun 19 14:40:52 openvpn[66753]: LZO compression initialized Jun 19 14:40:52 openvpn[66753]: UDPv4 link local: [undef] Jun 19 14:40:52 openvpn[66753]: UDPv4 link remote: <pfsense Internet routable IP address>:1194 Jun 19 14:41:52 openvpn[66753]: [UNDEF] Inactivity timeout (--ping-restart), restarting Jun 19 14:41:52 openvpn[66753]: SIGUSR1[soft,ping-restart] received, process restarting Jun 19 14:41:54 openvpn[66753]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Jun 19 14:41:54 openvpn[66753]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jun 19 14:41:54 openvpn[66753]: Re-using SSL/TLS context Jun 19 14:41:54 openvpn[66753]: LZO compression initialized Jun 19 14:41:54 openvpn[66753]: UDPv4 link local: [undef] Jun 19 14:41:55 openvpn[66753]: UDPv4 link remote: <pfsense Internet routable IP address>:1194 Jun 19 14:42:02 openvpn[67142]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007 Jun 19 14:42:02 openvpn[67142]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible Jun 19 14:42:02 openvpn[67142]: gw <modem's Internet routable IP address> Jun 19 14:42:02 openvpn[67142]: TUN/TAP device /dev/tun0 opened Jun 19 14:42:02 openvpn[67142]: /sbin/ifconfig tun0 10.0.10.1 10.0.10.2 mtu 1500 netmask 255.255.255.255 up Jun 19 14:42:02 openvpn[67142]: /etc/rc.filter_configure tun0 1500 1542 10.0.10.1 10.0.10.2 init Jun 19 14:42:03 openvpn[67155]: UDPv4 link local (bound): [undef]:1194 Jun 19 14:42:03 openvpn[67155]: UDPv4 link remote: [undef] Jun 19 14:42:03 openvpn[67155]: Initialization Sequence Completed Jun 19 14:42:04 openvpn[67155]: <pfsense Internet routable IP address>:43994 Re-using SSL/TLS context Jun 19 14:42:04 openvpn[67155]: <pfsense Internet routable IP address>:43994 LZO compression initialized Jun 19 14:42:04 openvpn[66753]: [freeatlasttv-firewall] Peer Connection Initiated with <pfsense Internet routable IP address>:1194 Jun 19 14:42:04 openvpn[67155]: <pfsense Internet routable IP address>:43994 [pete-open-plan-it] Peer Connection Initiated with <pfsense Internet routable IP address>:43994 Jun 19 14:42:05 openvpn[66753]: gw <modem's Internet routable IP address> Jun 19 14:42:05 openvpn[66753]: TUN/TAP device /dev/tun1 opened Jun 19 14:42:05 openvpn[66753]: /sbin/ifconfig tun1 10.0.10.6 10.0.10.5 mtu 1500 netmask 255.255.255.255 up Jun 19 14:42:05 openvpn[66753]: /etc/rc.filter_configure tun1 1500 1542 10.0.10.6 10.0.10.5 init Jun 19 14:42:06 openvpn[66753]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 19 14:42:06 openvpn[66753]: Initialization Sequence Completed # netstat -nr 10.0.0.1 00:xx:xx:xx:xx:xx UHLW 1 45 lo0 10.0.0.10 00:xx:xx:xx:xx:xx UHLW 1 50174 xl0 916 10.0.10/24 10.0.10.2 UGS 0 612 tun0 10.0.10.1/32 10.0.10.5 UGS 0 0 tun1 10.0.10.2 10.0.10.1 UH 1 0 tun0 10.0.10.5 10.0.10.6 UH 1 2 tun1 127.0.0.1 127.0.0.1 UH 0 2004 lo0 <3 blocks of Internet routable IP address> link#2 UC 0 0 xl1 <pfsense Internet routable IP address> 00:xx:xx:xx:xx:xx UHLW 1 38295 lo0 <modem's Internet routable IP address> 00:xx:xx:xx:xx:xx UHLW 2 20996 xl1 1159 Thanks Pete Boyd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
