PFsense with Open VPN

Nightwalker712 · December 22, 2020, 10:35pm

I followed Tom OpenVPN setup on youtube and it works well on my iPhone. However, when I use the Client Export feature in PFsense and used the Current Windows Installers (2.5.0) in the file and when I connect on my Windows pc it spits back this error

Error Message : https://i.imgur.com/f1L8ZYz.png
Open VPN General Information : https://i.imgur.com/Eq8fXkT.png

Cryptographic Settings 1: https://i.imgur.com/bE5KjC8.png
Cryptographic Settings 2: https://i.imgur.com/TGsvd0L.png

Tunnel Settings : https://i.imgur.com/LoU5td1.png

Client Settings / Ping Settings : https://i.imgur.com/BGGjc2n.png

Advance Configuration : https://i.imgur.com/DZyCeNx.png

Please let me know what I did wrong. I Deleted my original post as I posted it in the wrong sub channel

pavlos · December 23, 2020, 12:50am

In Crypto settings 2, do you need to add AES-128-CBC to the right pane?

The error message says, data cipher currently -GCM but it would like -CBC.

Just a thought.

Nightwalker712 · December 23, 2020, 2:39am

I tried that it didn’t work. Do I need to update my client settings, like re-export it?

xMAXIMUSx · December 23, 2020, 4:17am

I assume you are but, I have to ask. Are you trying to tunnel into a network you are already on or are you really off your internal network from a different public IP?

neogrid · December 23, 2020, 8:37am

Your ciphers don’t match, you’ve picked the wrong one.

tcpip.wtf · December 23, 2020, 9:18am

I suggest you to Enable NCP (Enable Negotiable Cryptographic Parameters) and stick with AES-xx-CBC because CBC is most compatible for support of Hardware Crypto Offload.

Nightwalker712 · December 23, 2020, 1:36pm

Yes just to test it before I travel tomorrow.

Nightwalker712 · December 23, 2020, 1:38pm

So my next question is, Since I’m doing authentication by username, why does my phone and laptop get the same IP, I did my subnet as 192.168.210.0/24 but it both devices will do .2 and it will kick one device off. Do I need to make another user for like JHarrison-iPhone to connect with?

thegenius · December 28, 2020, 4:59am

each device that will connect need a different client cert

BambosD · December 28, 2020, 3:51pm

No need of client certificate.

I just connect 2 pc’s open vpn to pfsense, and my tunnels was 150.150.150.2 and 150.150.150.3.
Open VPN , client export, just user auth. Added the users in user manager.

pavlos · December 28, 2020, 4:50pm

BTW, 150.150.. is South Korea, you should use private subnets for vpn tunnels.