EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 24 November 2024, 11:34:10 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
pfSense to Endian OpenVPN Site-to-Site
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: pfSense to Endian OpenVPN Site-to-Site (Read 16686 times)
shcc
Jr. Member
Offline
Posts: 6
pfSense to Endian OpenVPN Site-to-Site
«
on:
Sunday 31 August 2014, 07:38:37 am »
I'm trying to get EFW 2.5.1 or 3.0 to establish a site-to-site (Gw2Gw) OpenVPN tunnel to pfSense 2.1.5 with no success.
Does anyone have experience with this configuration? I've done a lot of Internet research and found there may be a Tun/Tap and/or PSK incompatibility between these two OpenVPN implementations.
Any help would be greatly appreciated. I can't make any major changes to the EFW OVPN server side as I have about a dozen Gw2Gw tunnels already established. So modifying the .tmpl files isn't advisable in my situation.
Thanks
Logged
shcc
Jr. Member
Offline
Posts: 6
Re: pfSense to Endian OpenVPN Site-to-Site
«
Reply #1 on:
Wednesday 03 September 2014, 09:40:34 am »
Some more info - I think I'm close.
pfSense 2.1.5 Endian Community 3.0 site to site.
Working so far:
pfSense 2.1.5 as a client to Endian 3.0 test bed. The pfSense box can ping clients on the Endian net but Endian box can't to the reverse. Clients on either net can't ping across.
pfSense Config:
- Client tab
- Server Mode: Peer to Peer (SSL/TLS)
- Protocol: UDP
- Device Mode: Tun
- Interface: WAN
- Local port: "blank"
- Server host: "public IP"
- Server port: 1194
- No proxy stuff
- Server host name res: unchecked
- Desc: pfSense as client to Endian
- Crypto Settings
- TLS Auth: unchecked
- Peer Cert Authority: CA cert from Endian
- Client Cert: Cert for and Endian user created for site-to-site
- Encryption alg: BF-CBC (128)
what Endian expects
- H/W Cryto: none
- Tunnel Settings:
- IPv4 Tunnel net: 10.0.8.0/24
- IPv6: none
- Limit bandwidth: none
- Compression: LZO
found Endian was using this in /etc/openvpn/openvpn.1.conf
- Type-of-Service: unchecked
- Advanced
auth-user-pass /cf/conf/client2-auth.txt
file with user/pass matching the client cert
link-mtu 1574
gleaned from pfSense OVPN log
- Firewll Rules
- WAN: 1194 allowed inbound
- OpenVPN: Wide open. * * * * *
Endian Config:
- Server settings:
- Auth type: PSK (user/pass)
- Cert config: Use selected (the self-signed default one)
- CA: Same as above. The one export for CA for pfSense.
- Dev type: TUN
- Protocol: UDP
- Port: 1194
- VPN Subnet: 10.0.8.0/24
- Advanced options: none
- Added to endian in a shell:
route add -net "IP segment for pfSense net" netmask 255.255.255.0 tun0
Can ping from the pfSense box in a shell all clients on the Endian net.
Can't ping any Endian net from pfSense net clients.
Can't ping from Endian box or Endian net anything on the pfSense net.
Tried to establish a reverse tunnel using an additional OVPN server on pfSense and an Endian GW2GW client with absolutely no luck in even getting the tunnel to come up after hours of trying different config scenarios.
So, I think I'm close. Suggestions?
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com