Author Topic: Use VPN, OPNsense with local IP (Read 5437 times)

deodion · « **on:** August 15, 2017, 12:59:00 pm »

Is it possible if I use VPN when the OPNsense WAN interface is local IP address,

I have my OPNsense as VM in a ESXi 5.5 host, in front of the host I have a broadband LAN router with dynamic IP public,

bartjsmit · « **Reply #1 on:** August 15, 2017, 01:14:20 pm »

You need to elaborate a bit. Where is the VPN server? Where is the client? What do you mean by 'local', RFC 1918?

Bart...

deodion · « **Reply #2 on:** August 15, 2017, 01:37:19 pm »

I have OPNsense as local RFC 1918 (192.168.100.100),
connected to a broadband router, the router wan interface has IP public dynamic,

Where is the VPN server? OPNsense is the server?
Where is the client? from internet

bartjsmit · « **Reply #3 on:** August 15, 2017, 01:56:44 pm »

Yes, that will work just fine :-)

You need a port forward rule (1194 udp by default) on your ISP router and a dynamic DNS provider to overcome your lack of a static IP.

Bart...

deodion · « **Reply #4 on:** August 15, 2017, 02:13:18 pm »

If I dont have any kind of IP public (whether static or dynamic) its not possible to use OpenVPN right?

After intuitively add the client cert and key, in my OpenVPN config folder, change its filename to match with config file,
I also change the config file to OPNsense WAN private IP interface,
also change to remote-cert-tls server,
reconnect
input username and password
and now OpenVPN says: Connecting to OPNsense-udp-1194-config has failed.

Please help, I need this VPN feature badly,

OpenVPN Log:
Tue Aug 15 19:06:42 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Tue Aug 15 19:06:42 2017 Windows version 6.1 (Windows 7) 64bit
Tue Aug 15 19:06:42 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Tue Aug 15 19:06:48 2017 Key file ('OPNsense-udp-1194-tls.key') can be a maximum of 2048 bytes

bartjsmit · « **Reply #5 on:** August 15, 2017, 03:11:56 pm »

Have a look at this https://www.kirkg.us/posts/building-an-openvpn-server-with-opnsense/

Bart...

deodion · « **Reply #6 on:** August 15, 2017, 03:53:37 pm »

in Client Export, I download Archive instead, and put in my OpenVPN/config,

now it looks like this:

Tue Aug 15 20:50:35 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Tue Aug 15 20:50:35 2017 Windows version 6.1 (Windows 7) 64bit
Tue Aug 15 20:50:35 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Tue Aug 15 20:50:38 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.100.10:1194
Tue Aug 15 20:50:38 2017 UDP link local (bound): [AF_INET][undef]:0
Tue Aug 15 20:50:38 2017 UDP link remote: [AF_INET]192.168.100.10:1194
Tue Aug 15 20:50:38 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 15 20:51:38 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Aug 15 20:51:38 2017 TLS Error: TLS handshake failed
Tue Aug 15 20:51:38 2017 SIGUSR1[soft,tls-error] received, process restarting

I have firewall rule on WAN, LAN, and OpenVPN: ALLOW ANY ANY
Block private networks: disabled
Block bogon networks: disabled

deodion · « **Reply #7 on:** August 15, 2017, 04:37:28 pm »

Got it working,

it turns out I forgot to use Google Authenticator,
and I use TCP 1194 it works,

but If I change OpenVPN server to UDP, and change config file to UDP also, reconnect, its not working, I dont know why,

Author Topic: Use VPN, OPNsense with local IP (Read 5437 times)

deodion

Use VPN, OPNsense with local IP

bartjsmit

Re: Use VPN, OPNsense with local IP

deodion

Re: Use VPN, OPNsense with local IP

bartjsmit

Re: Use VPN, OPNsense with local IP

deodion

Re: Use VPN, OPNsense with local IP

bartjsmit

Re: Use VPN, OPNsense with local IP

deodion

Re: Use VPN, OPNsense with local IP

deodion

Re: Use VPN, OPNsense with local IP