Messages

1

24.7 Production Series / [Question] Help in VPN Firewall configuration

« on: October 23, 2024, 08:49:11 am »

Hi, I can't figure out how I need to configure OPNSense to work in this scenario.

I have an OPNSense server that has configured three networks and one vpn (in addition to the WAN):

LAN: 10.50.140.0/24
OPT1: 10.10.43.0/24 - > Router A
OPT2: 10.10.44/24 -> Router B
VPN: 10.100.140.0/24

The two OPT networks are connected to two other routers, respectively.
On OPNSense I configured a VPN and set the three networks as local networks.
On Router A and B I configured a static route from the VPN network to the respective OPNSense IP.

However I cannot reach the computers on OPT1 and OPT2. If I do a traceroute I see that the request stops at the ip address of the vpn server (OPNSense):

traceroute to 10.10.44.204 (10.10.44.204), 64 hops max
  1   10.100.140.1  24,026ms  23,306ms  23,625ms
  2   *  *  *
  3   *  *  *
  4   *  *  *
  5   *  *  *

What did I forget to configure?

Thanks

2

24.7 Production Series / Cannot access OPT1 clinets from OpenVPN

« on: July 27, 2024, 01:22:42 pm »

Hi, I have this scenario:

OPNSense as Gateway with 2 phisical network cofigurated like this:

eth0 -> WAN -> brdige1
eth1 -> OPT1 -> bridge2
---    -> LAN -> bridge3

On the LAN i set all my server and on OPT1 are the desktop pc.
I create a OpneVPN that share LAN adress and OPT1 adreses (Local Network). From VPN i can access LAN clients but not OPT1.
I open all ports (for test) in the firewall settings but no way.
OPT1 is connect to another gateway where all pc are connect. Is this the problem? I need to set some routes to that gateway?

Thanks

3

24.1 Legacy Series / Re: OpenVPN Connection Problem [OPNSense 24.1.9]

« on: July 11, 2024, 07:49:09 am »

Hi,
This looks like a firewall issue, more than a VPN server issue.
Could you have a look in the firewall logs ?

You are right. My fault. I forgot the old gateway on. Shutting down that one all works. Thanks a lot.

4

24.1 Legacy Series / Re: OpenVPN Connection Problem [OPNSense 24.1.9]

« on: July 10, 2024, 12:01:55 pm »

Already unflaged.

OPNSense has 2 networks:
WAN: 192.168.1.0/24 (my home network)
LAN: 10.50.140.0/24 (internal network).

The client is a pc connect via Wifi on network 192.168.1.0
 

5

24.1 Legacy Series / OpenVPN Connection Problem [OPNSense 24.1.9]

« on: July 10, 2024, 11:43:12 am »

Hi, i have a fresh install of OPNSense updated to 24.1.9. I try to create a OpenVPN server using the new "Instances" section following this guide: https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html

When from my client i try to connect i get this message and it not work.

TCP/UDP: Incoming packet rejected from [AF_INET]79.20.110.xxx:11194[2], expected peer address: [AF_INET]192.168.1.xxx:11194 (allow this incoming source address/port by removing --remote or adding --float)

What i mssing?
Thanks

6

23.1 Legacy Series / Re: Cannot connect from OpenVPN Client >= 2.6

« on: July 28, 2023, 02:41:17 pm »

Thanks Bart, set it to 1400 works perfect.

But I don't understand why with old linux distro this setting is not necessary instead with the new ones it is.

7

23.1 Legacy Series / Re: Cannot connect from OpenVPN Client >= 2.6

« on: July 27, 2023, 05:53:19 pm »

I also tried with the last Fedora (38) but same result. I can connect to the VPN, i can ping the servers over VPN, but i cannot connect to them (tried http and ssh). On old linux distro releases works.

I never changed MTU parameters. Cuold be a new default openvpn settings. I not much experience with MTU, what i need to check exaclty?

8

23.1 Legacy Series / Re: Cannot connect from OpenVPN Client >= 2.6

« on: July 26, 2023, 01:18:00 pm »

I also tried Bart suggestion and with "File Only" the VPN connect correctly (also removing the legacy options).

But I cannot connect to resources over vpn. For example I have an http server that i can ping but i get timeout if i try to connect with the browser.

With Ubuntu 22.04 i have no problem (with the seme vpn config files) but on Ubuntu 23.04 (and Debian 12) not work.
I'll try with a non debian-based distro like Fedora if there is the same problem.

Thansk for your help.

9

23.1 Legacy Series / Re: Cannot connect from OpenVPN Client >= 2.6

« on: July 26, 2023, 10:45:50 am »

I tried what cookiemonster suggest. Adding the legacy options i can connect to VPN but I cannot access resources over VPN.
Later I try what propose Bart.

But why OPNsens cannot update support for newer openvpn/opensssl versions?

10

23.1 Legacy Series / Re: Cannot connect from OpenVPN Client >= 2.6

« on: July 25, 2023, 04:05:03 pm »

Here the option available in the Client-Export page. I use the Archive option. I also tried to use the Viscosity option and extract files from the viz file but same result.

11

23.1 Legacy Series / Re: Cannot connect from OpenVPN Client >= 2.6

« on: July 25, 2023, 01:26:44 pm »

Thanks Bart I tried what you suggest but each commands give this error:

Code: [Select]

Error outputting keys and certificates
40B7EC78967F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
I'm using Ubuntu 23.04 with OpenVPN 2.6.1 and OpenSSL 3.0.8 7

12

23.1 Legacy Series / Cannot connect from OpenVPN Client >= 2.6

« on: July 24, 2023, 08:30:58 pm »

Hi, I'm using the last stable release of OPNSense (23.1) as vpn server. From the last linux distros (Ubuntu 23.04, Debian 12, etc) with OpenVPN >= 2.6 I cannot connect with the exported configuration. It seems that there is a problem with PKCS12.

This the error i get:

Code: [Select]

...
2023-07-24 20:20:06 OpenSSL: error:0308010C:digital envelope routines::unsupported
2023-07-24 20:20:06 OpenSSL: error:11800071:PKCS12 routines::mac verify failure
2023-07-24 20:20:06 Decoding PKCS12 failed. Probably wrong password or unsupported/legacy encryption
2023-07-24 20:20:06 Error: private key password verification failed
2023-07-24 20:20:06 Exiting due to fatal error
The password is correct and on Ubuntu 22.04 (Openvpn 2.5.x) works.

There is any workaround?

Thanks

13

General Discussion / Re: How import OpenVPN config in Gnome/NetworkManager?

« on: October 02, 2021, 08:19:21 pm »

Already tried but i not work. Maybe NM requires some files and fields that in the exported archive are missing, like the CA Certificate (tried added it manually but no success).

14

General Discussion / How import OpenVPN config in Gnome/NetworkManager?

« on: October 02, 2021, 12:30:18 pm »

Hi, on mac and win client I use the great Viscosity app to connect to OPNSense openvpn server.

On linux (Ubuntu) I tried to import the config (exported as archive) with the built-in Gnome NetworkManager OpenVpn plug-in but always i get the error that the config file is not compatible.

If i try to run this config from terminal with the command "openvpn --config" it works.

How I can edit the autogenerated config file to be able to work with Network Manager?