Hey guys,
I am trying to get Vypr vpn setup on pfsense using OpenVPN and I cannot get it to work. I have looked at about 10 different “tutorials” and guides, various forum posts of pfsense forums, and other places. I still cannot figure out what I am doing wrong.
I can post any info that may be needed to assist me here, just ask.
Now the issue i am having seems to be related to the username and password authentication.
I can either use no Certificate and username password are required, or I can choose a CA to put in that option in the openvpn client.
With no CA chosen I get password failed authentication error in the log.
With the proper ca assigned I instead get - “TLS Error: cannot locate HMAC in incoming packet from …”
Obviously if anyone sees this and decides to try to help, you will need more info. Just let me know what ya want and i’ll post it.
I can’t get any help from Vypr either as they told me simply to change my router software to dd-wrt or Tomato. Didn’t even acknowledge that pfsense is a thing. Not so great customer service.
Any help you awesome people can give would be great.
Do you have TLS authentication enabled? Because you don't want to enable that.
You need to install their CA in the certificate manager which it sounds like you've done and you also need to use a user name and password for authentication. The CA is to verify the server, it doesn't authenticate the user.
If you can screenshot your VPN configuration that would be helpful, just blank out anything that should be private. Also if you can post the vypr openvpn config file too then I can check that the settings are correct.
You'll also need to configure a gateway interface and NAT but we'll get to that one you get the VPN connected.
RESOLVED
My issues was a few things. First the TLS needed to be off as you said above, and then I needed to create some additional rules in the NAT outbound rules to handle traffic routing.
I got it working great now, but man some of the info was so hard to find.
I am going to try and take all this info and make a video or something on how to do this properly.
This post helped me (pfSense changed some of the code in version 2.1.1 with regards to Outbound NAT rules to OpenVPN interfaces) - https://forum.pfsense.org/index.php?topic=76015.0
And now here are my screenshots.
http://imgur.com/a/zRXqR
BTW hi Dexter_Kane, I still gotta mess with that backup battery thing sometime as well on FreeNAS. One project at a time though! Thanks for the response!!!
No worries.
If you run in to stability issues with the VPN on pfsense I know how to fix that too. If it happens the easiest sollution is to disable the apinger service but there are some settings you can change so you can keep it running but I can't remember exactly where they are off the top of my head.
Awesome. I'll respond to this post if I run into any issues. Everything seems to be running great now. That damn NAT outbound rule was killing me because all the stuff I was finding on it was old guides, and pfsense changed the way it worked. Fun Fun.
Looking at your LAN firewall rules you should probably just add the gateway option to the first lan to any rule rather than having a second one as the firewall should process rules from top to bottom therefore ignoring that second rule with the gateway option.
It may be working because the VPN is now configured as the default gateway.
1 Like