LAN to LAN between pfSense<>Zeroshell

Home Page Forums Network Management VPN LAN to LAN between pfSense<>Zeroshell

This topic contains 0 replies, has 0 voices, and was last updated by  drummer 5 years, 9 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43597

    drummer
    Member

    Hi all,
    i am facing an issue with the openvpn configuration, i was interested if you could help. I have multiple sites connected with zeroshell, but now i would like to connect pfSense`s openvpn to zeroshell. Zeroshell should work as server, here is my error report:
    on Zeroshell (server):

    TCP NOTE: Rejected connection attempt from xxx.xxx.xxx.xxx:xxxx due to --remote setting

    On pfSense (client):

    Status: reconnecting; ping-restart

    openvpn[43466]: Attempting to establish TCP connection with [AF_INET]xxxxxxxx:1199 [nonblock]
    openvpn[43466]: TCP connection established with [AF_INET]xxxxxxxx:1199
    openvpn[43466]: TCPv4_CLIENT link local (bound): [AF_INET]yyyyyyyy
    openvpn[43466]: TCPv4_CLIENT link remote: [AF_INET]xxxxxxxx:1199
    openvpn[43466]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    openvpn[43466]: TCP/UDP: Closing socket
    openvpn[43466]: SIGUSR1[soft,ping-restart] received, process restarting
    openvpn[43466]: Restart pause, 5 second(s)

    And here is the config file from both:

    Openvpn server (zeroshell):
    Remote Host: aaaaa
    Port: 1199 TCP
    Role: server
    Encryption: ON
    Gateway:…….
    X.509 Host certificate: Imported

    Interface configured as: 192.168.7.1

    Client (pfSense):

    dev ovpnc1
    dev-type tap
    dev-node /dev/tap1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-client
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local yyy.yyy.yyy.yyy
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote xxx.xxx.xxx.xxx 1199
    ifconfig 192.168.7.2 192.168.7.1
    route 192.168.110.0 255.255.255.0
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    float
    verb 3

    Thanks.

    Kind regards
    drummer

    #52685

    redfive
    Participant

    Hi drummer , openvpn by default uses BF-CBC as cipher, you could try to add this line in Zs , OpenVPN Parameters, Command Line Parameters

    --cipher AES-128-CBC

    and restart the service. for more detailed logs, also add

    --verb 5

    ciao
    jonatha

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.