Hello everyone, I am trying to connect to openvpn client in my pfsense.

OpenVPN server is running in Unifi Express at another location.

I want my pfsense to connect to that.

I did tried to setup everything correctly.

I am attaching screenshots for same:

Client Configuration:

Screenshot 2025-02-02 at 7.44.43 PM1005×772 129 KB

Screenshot 2025-02-02 at 7.45.25 PM1146×842 209 KB

Screenshot 2025-02-02 at 7.46.03 PM1154×816 241 KB

Screenshot 2025-02-02 at 7.46.24 PM1154×816 193 KB

Screenshot 2025-02-02 at 7.46.34 PM1154×816 182 KB

Can someone help ?

Screenshots are not that helpful, error messages and logs are. Don’t screenshot logs, paste in their content where the error is. Also Google the error messages first as that will get you on the right path.

I am attaching the config file and error logs. I tried to do google search but can’t find much about it.

I am sure I am missing out something or doing something wrong. But what can’t figure out what?

Surprisingly, I tried to configure 3 different VPN’s confg’s. One which is in AWS, one that is current and another with proton VPN. All of them give same kind of errors.

Only thing is my Unifi one uses TCP protocol. Also after carefully reviewing the config file I tried to change the settings accordingly but no luck.

OpenVPN config file from unifi :
client
dev tun
proto tcp
remote xxx 1194
resolv-retry infinite
nobind

Downgrade privileges after initialization (non-Windows only)

user nobody
group nogroup

persist-key
persist-tun

auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3

auth SHA1
key-direction 1

reneg-sec 0

redirect-gateway def1

-----END CERTIFICATE-----


-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

Logs :
|WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.|
|Feb 3 11:49:48|openvpn|24359|WARNING: file ‘/var/etc/openvpn/client2/up’ is group or others accessible|
|Feb 3 11:49:48|openvpn|24359|OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]|
|Feb 3 11:49:48|openvpn|24359|library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10|
|Feb 3 11:49:48|openvpn|24359|DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F|
|Feb 3 11:49:48|openvpn|24383|NOTE: the current --script-security setting may allow this configuration to call user-defined scripts|
|Feb 3 11:49:48|openvpn|24383|WARNING: experimental option --capath /var/etc/openvpn/client2/ca|
|Feb 3 11:49:48|openvpn|24383|TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:1194|
|Feb 3 11:49:48|openvpn|24383|Attempting to establish TCP connection with [AF_INET]xxx:1194|
|Feb 3 11:49:48|openvpn|24383|TCP connection established with [AF_INET]xxx:1194|
|Feb 3 11:49:48|openvpn|24383|TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.199:0|
|Feb 3 11:49:48|openvpn|24383|TCPv4_CLIENT link remote: [AF_INET]xxx:1194|
|Feb 3 11:49:48|openvpn|24383|Connection reset, restarting [0]|
|Feb 3 11:49:48|openvpn|24383|SIGUSR1[soft,connection-reset] received, process restarting|
|Feb 3 11:49:58|openvpn|24383|NOTE: the current --script-security setting may allow this configuration to call user-defined scripts|
|Feb 3 11:49:58|openvpn|24383|TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:1194|
|Feb 3 11:49:58|openvpn|24383|Attempting to establish TCP connection with [AF_INET]xxx:1194|
|Feb 3 11:49:58|openvpn|24383|TCP connection established with [AF_INET]xxx:1194|
|Feb 3 11:49:58|openvpn|24383|TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.199:0|
|Feb 3 11:49:58|openvpn|24383|TCPv4_CLIENT link remote: [AF_INET]xxx:1194|
|Feb 3 11:49:58|openvpn|24383|Connection reset, restarting [0]|
|Feb 3 11:49:58|openvpn|24383|SIGUSR1[soft,connection-reset] received, process restarting|

|Feb 3 11:49:58|openvpn|24383|TCP connection established with [AF_INET]xxx:1194|
|Feb 3 11:49:58|openvpn|24383|TCPv4_CLIENT link local (bound): [AF_INET]192.168.2.199:0|
|Feb 3 11:49:58|openvpn|24383|TCPv4_CLIENT link remote: [AF_INET]xxx:1194|
|Feb 3 11:49:58|openvpn|24383|Connection reset, restarting [0]|

it seems it connected but then disconnected. Here’s my .ovpn if it helps.

dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote <some public ip> 1194 udp4
setenv opt block-outside-dns
nobind
verify-x509-name "vpn" name
auth-user-pass
remote-cert-tls server
explicit-exit-notify

Mine is totally different. Can it be a reason my pfsense is virtualized and is behind another NAT of my ISP router ?

If you have confirmed that the server part works, then the issue must be with your client, likely a config error, perhaps DNS related.

On isp router you will have to port forward udp port 1194 to the pfsense wan address.

Th remote ip address will be you isp wan ip address

Have you used the OpenVPN export tool on pfsense to export the config file

I will try to do this, And let you know!

NO, I will also check for this. Thanks