Netgate SG-1000 microFirewall

Author Topic: How to create an OpenVPN client to StrongVPN  (Read 179216 times)

0 Members and 1 Guest are viewing this topic.

Offline guybrush2k4

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #150 on: October 22, 2015, 12:58:07 pm »
Hi guys,
Lately I had some time to think. and finally I bought a pc-based firewall (Attom d525 and 6 gigabit inter ports)
so I'm back with the idea of a serious router firewall using pfsense.

but no sure if this would be posible.

1 I can't remove my provider router (because I was not able to replace it with pfsense due to the TV packages)
so I have my router forwarding everything to the pfsesnse box and that normally works.
2 the question is now i'm thinking on getting  an vpn to access streaming services from abroad. (using openvpn)
do you think it would be posible with to have the pfsense box with the vpn open 24x7 and to have all the pc on the same network but only for certain ips modify the output to internet to use the vpn the rest of the ips going throught the standard gateway? (no vpn)
so they have access to my servers in the local network but internet they have different accesses.

At the moment I'm just thinking but That can be a nice setup.

Regards.
Guybrush2k4

Offline peterbuttler

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #151 on: October 03, 2016, 02:34:36 am »
OpenVPN is the most secure VPN protocol use for highly encrypted data transfer but it slightly impacts on the internet speed because of encryption but it always hide your data successfully.


Here is an official guide about how to setup OpenVPN https://openvpn.net/index.php/access-server/docs/admin-guides-sp-859543150/howto-connect-client-configuration.html

Offline mcarson75

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #152 on: September 05, 2017, 11:06:26 am »
I'm having some trouble with setting up StrongVPN on pfSense.  The tunnel is connects successfully and the gateway is up, but I can not get traffic to go through it.  My intent is to only have traffic from a single interface routed through it with policy based routing.  I have two other OpenVPN site-to-site tunnels up and working with policy based routing on the router, so I have been able to successfully do something similar before.  I just can't get this to work.  I think I probably have an error in my NAT settings.  On my other two clients I defined the tunnel subnet (10.0.3.1/24 and 10.0.12.1/24) in the OpenVPN settings, and these were automatically added in Outbound NAT.  The StrongVPN gateway is dynamic so nothing is added in NAT.  The tunnel comes up with an address of 10.8.2.118 with a gateway of 10.8.2.117, so I have tried adding 10.8.2.0/24 in Outbound NAT with translation to the WAN address (as the automatic rules were created for the other tunnels) and also tried adding NAT from my local subnet translated to my tunnel interface, but neither makes a difference.  I get internet access but through my default gateway (as verified with whatsmyip.org).  My setup is below.  Any help would be appreciated!  I have tried to follow this thread as best I can but some of the images are now gone and most of the setup is for older versions of pfSense.  I did try changing to AON on NAT but this didn't make any difference either.

pfSense 2.3.4-RELEASE

OpenVPN advanced settings


NAT Settings


Gateway Status


Firewall Rules


« Last Edit: September 05, 2017, 11:10:17 am by mcarson75 »

Offline leonardpin

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
  • Learning every day
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #153 on: October 16, 2017, 09:33:12 am »
Thank you, @ericab.

I have been trying to solve my connection problems for days.

You helped me a lot.

P.S. none of your images appeared to me. I could not see any of them.
« Last Edit: October 16, 2017, 01:35:48 pm by leonardpin »

Offline ctyokley

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #154 on: November 08, 2017, 10:16:47 pm »
Just for an FYI, i have found the following Custom Options work the best with strong vpn:

verb 4;tun-mtu 1500;fragment 1390;mssfix 1390;keysize 128;key-direction 1;persist-tun;persist-key;route-delay 2;explicit-exit-notify 2;comp-lzo yes;

Offline leonardpin

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
  • Learning every day
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #155 on: November 09, 2017, 09:08:14 am »
Just for an FYI, i have found the following Custom Options work the best with strong vpn:

verb 4;tun-mtu 1500;fragment 1390;mssfix 1390;keysize 128;key-direction 1;persist-tun;persist-key;route-delay 2;explicit-exit-notify 2;comp-lzo yes;

@ctyokley,

Those are OpenVPN parameters. Could you explain each one individually?

Why do these work best with StrongVPN?

Offline aagaag

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #156 on: April 15, 2018, 12:58:00 pm »
I am still fighting with StrongVPN. I have managed to get the tunnel up, inasmuch as I received the message: "Initialization Sequence Completed". I have read that this means that the handshake between VPN server and client is  OK. Immediately thereafter, however, the VPN bombs.

Here is a log transcript. Might a good soul tell me what I am doing that is wrong? Thanks in advance! (Note that the newest entry is on the top.)

Apr 14 20:07:01    openvpn    56391    SIGTERM[soft,exit-with-notification] received, process exiting
Apr 14 20:07:01    openvpn    56391    /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1546 10.8.0.86 10.8.0.85 init
Apr 14 20:07:01    openvpn    56391    Closing TUN/TAP interface
Apr 14 20:07:01    openvpn    56391    /sbin/route delete -net 10.8.0.81 10.8.0.85 255.255.255.255
Apr 14 20:07:01    openvpn    56391    TCP/UDP: Closing socket
Apr 14 20:06:59    openvpn    56391    SIGTERM received, sending exit notification to peer
Apr 14 20:06:59    openvpn    56391    event_wait : Interrupted system call (code=4)
Apr 14 20:06:56    openvpn    56391    Authenticate/Decrypt packet error: cipher final failed
Apr 14 20:06:47    openvpn    56391    Authenticate/Decrypt packet error: cipher final failed
Apr 14 20:06:37    openvpn    56391    Authenticate/Decrypt packet error: cipher final failed
Apr 14 20:06:36    openvpn    56391    Initialization Sequence Completed