How do I set up a OpenVPN server on pfsense? I want to be able to VPN in from a labptop when I am on the road. I set up a openvpn server in the openvpn menu. I duplicated that NAT rules for the VPN server. I tried opening the fire wall ports. I also set up the certificates, made a user account (put a certificate on that) as well as turned on the interface. I am thinking my next step has something to do with fixing it so the vpn server process can run but I am not sure why it will not start. I also think my firewall rules should be done better so I don't leave a port wide open but I'm not sure how.
I cleared all the logs and then tried to start up the VPN server. I got this:
Jun 26 00:30:57 openvpn[26660]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jun 26 00:30:57 openvpn[26660]: MANAGEMENT: CMD 'state 1'
Jun 26 00:30:57 openvpn[26660]: MANAGEMENT: Client disconnected
Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: CMD 'state 1'
Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: CMD 'status 2'
Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: Client disconnected
Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: Client connected from /var/etc/openvpn/client4.sock
Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: CMD 'state 1'
Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: CMD 'status 2'
Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: Client disconnected
Jun 26 00:30:59 openvpn[87234]: Options error: --server directive network/netmask combination is invalid
Jun 26 00:30:59 openvpn[87234]: Use --help for more information.
Jun 26 00:31:10 openvpn[26660]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jun 26 00:31:10 openvpn[26660]: MANAGEMENT: CMD 'state 1'
Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jun 26 00:31:10 openvpn[26660]: MANAGEMENT: Client disconnected
Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: CMD 'state 1'
Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: CMD 'status 2'
Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: Client disconnected
Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: Client connected from /var/etc/openvpn/client4.sock
Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: CMD 'state 1'
Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: CMD 'status 2'
Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: Client disconnected
I have a guess that this has something to do with my "IPv4 Tunnel Network" and "IPv4 Local Network/s"
My IPv4 Tunnel Network is: WAN_ip/24
MY IPv4 Local Network/s is: LAN_ip/24
I am not sure this is what is suppose to be here.
edit:
I found two issues. My WAN_ip should not have been my WAN_ip but a made up ip. Also, I was not specifying to for it to get log in account information correctly. I can now connect to the VPN but it gives no internet.
Best Answer
I don't know about pfSense, but from the OpenVPN perspective the line of interest here is
This means that you've specified a VPN network address and netmask that do not combine. OpenVPN checks the network address to have zeroes where the netmask expects zeroes. E.g. 192.168.1.0 + 255.255.255.0 matches, but 192.168.1.1 + 255.255.255.0 does not match.
In your case, you should select a (private) network segment which is not used in your local network, e.g. 10.0.8.0, for your tunnel network instead of your WAN IP. OpenVPN will assign addresses from that range to connecting clients.