Any success recommendations for OpenVPN client connect to Netgate/pfsense?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Any success recommendations for OpenVPN client connect to Netgate/pfsense?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Any success recommendations for OpenVPN client connect to Netgate/pfsense?
Any success recommendations for OpenVPN client connect to Netgate/pfsense?
2022-07-30 03:04:04
Tags: #VPN
Model: Archer AX55  
Hardware Version: V1
Firmware Version: 1.1.0 Build 20220428 rel.64552(5553)

Anybody can share a success story and tips for making OpenVPN client work with a Netgate router (pfsense) as the OpenVPN server? I can load profiles which seem to be accepted in the web page for OpenVPN client configuration. Yet every time it is stuck at "Connecting". I can successfully connect to the same OpenVPN server from mobile and PC clients. So I'm wondering if anybody has succeeded in configuring their TP-Link router to connect with the OpenVPN server on a pfsense-based router and what were the settings they found to be successful.

 

Thanks!!

  0      
  0      
#1
Options
1 Reply
Re:Any success recommendations for OpenVPN client connect to Netgate/pfsense?
2022-07-30 13:11:28

  @polyphon 

 

Hi,

 

I doubt there is much configuration you can do from the TP-Link router's side. Just look at the options you have in the AX55's VPN configuration webpage.

 

If anything, I guess any VPN configuration changes would have to be made on the Netgate router's side.

 

I don't have a solution to your problem at hand, but I suggest you compare the *.ovpn file you got from the Netgate to an *.ovpn file from the AX55 (you would need to setup a "sample" OpenVPN server on the AX55 to export such a file)

 

Then open both files side by side and compare the upper sections of them. (everything above "<ca>, -----BEGIN CERTIFICATE-----")

Look for options that appear to make a significant functional difference between the two or options that are competely missing.

 

Like the following example that I have made up the solely for illustration:

Let's say the Netgate's file has an option "cipher AES-256-CBC" and that same option on the AX55 was "cipher AES-128-CBC". Then go to the Netgate OpenVPN server configuration and change it to use "cipher AES-128-CBC" as well. Alternatively you could also try if manually editing that line in the *.ovpn file is sufficient.

 

If you don't mind, then you could also post the mentioned section of the Netgate's *.ovpn file here so that other people can look at it and maybe come up with a solution. Just make sure you don't post the certificates and keys from the *.ovpn file here and alter any of your personal IP addresses !! (like in the example below)

 

--------------------------------------

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote myvpnserver.whatever 1194

--------------------------------------

 

  0  
  0  
#2
Options