I haven't found any documentation that actually spells out the steps for me to set up an OpenVPN client connection accessible by all users within my LAN network.
Here's the situation I have: I have a server in my data center that has an OpenVPN server running on it, a UDP port, and TAP. I am managing the keys and certs on the server. I want to make my pfSense firewall at the office connect to this remote server and provide connectivity between the LAN at the data center and the LAN at the office. I have set up the OpenVPN client settings on the pfSense firewall. I am able to get the two to handshake, and here's a snippet of the server log to prove it: Wed Jan 26 14:35:49 2011 MULTI: multi_create_instance called Wed Jan 26 14:35:49 2011 myclientswanip:37238 Re-using SSL/TLS context Wed Jan 26 14:35:49 2011 myclientswanip:37238 LZO compression initialized Wed Jan 26 14:35:49 2011 myclientswanip:37238 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Jan 26 14:35:49 2011 myclientswanip:37238 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Jan 26 14:35:49 2011 myclientswanip:37238 Local Options hash (VER=V4): 'f7df56b8' Wed Jan 26 14:35:49 2011 myclientswanip:37238 Expected Remote Options hash (VER=V4): 'd79ca330' Wed Jan 26 14:35:49 2011 myclientswanip:37238 TLS: Initial packet from myclientswanip:37238, sid=23f90d4a 5eb484f3 Wed Jan 26 14:35:49 2011 myclientswanip:37238 VERIFY OK: depth=1, /C=US/ST=NY/L=NewYork/O=MyCompanyName/CN=MyCompanyName_CA/[email protected] Wed Jan 26 14:35:49 2011 myclientswanip:37238 VERIFY OK: depth=0, /C=US/ST=NY/L=NewYork/O=MyCompanyName/[email protected]/[email protected] Wed Jan 26 14:35:49 2011 myclientswanip:37238 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Jan 26 14:35:49 2011 myclientswanip:37238 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Jan 26 14:35:49 2011 myclientswanip:37238 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Jan 26 14:35:49 2011 myclientswanip:37238 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Jan 26 14:35:49 2011 myclientswanip:37238 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Jan 26 14:35:49 2011 myclientswanip:37238 [[email protected]] Peer Connection Initiated with myclientswanip:37238 Wed Jan 26 14:35:49 2011 MULTI: new connection by client '[email protected]' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Wed Jan 26 14:35:51 2011 [email protected]/myclientswanip:37238 PUSH: Received control message: 'PUSH_REQUEST' Wed Jan 26 14:35:51 2011 [email protected]/myclientswanip:37238 SENT CONTROL [[email protected]]: 'PUSH_REPLY,route 10.82.0.0 255.255.255.0,route-gateway 10.0.0.1,ping 10,ping-restart 120,ifconfig 10.0.0.4 255.255.255.0' (status=1) Wed Jan 26 14:39:51 2011 [email protected]/myclientswanip:37238 [[email protected]] Inactivity timeout (--ping-restart), restarting Wed Jan 26 14:39:51 2011 [email protected]/myclientswanip:37238 SIGUSR1[soft,ping-restart] received, client-instance restarting What do I need to do next on the pfSense side to get traffic to move? Is there anything else I need to look for? Thanks! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
