OpenVPN connectivity with 1.3RC6

Hi,

I spent some time reading other posts trying to get an understanding of how to get the openvpn client working.

openvpn configuration which commits correctly.

set interfaces openvpn vtun10 authentication password ‘mypassword’
set interfaces openvpn vtun10 authentication username ‘myusername’
set interfaces openvpn vtun10 description ‘VPN’
set interfaces openvpn vtun10 device-type ‘tun’
set interfaces openvpn vtun10 encryption cipher ‘aes256’
set interfaces openvpn vtun10 hash ‘sha512’
set interfaces openvpn vtun10 mode ‘client’
set interfaces openvpn vtun10 persistent-tunnel
set interfaces openvpn vtun10 protocol ‘udp’
set interfaces openvpn vtun10 remote-host ‘myprovider’
set interfaces openvpn vtun10 remote-port ‘1194’
set interfaces openvpn vtun10 tls auth-file ‘/config/auth/client.key’
set interfaces openvpn vtun10 tls ca-cert-file ‘/config/auth/ca.crt’

Firewall and zone rule allowed all out

set firewall name VPN-OUTSIDE default-action ‘accept’
set firewall name VPN-OUTSIDE enable-default-log

Firewall rule outside to vpn.

set firewall name OUTSIDE-VPN default-action ‘drop’
set firewall name OUTSIDE-VPN enable-default-log
set firewall name OUTSIDE-VPN rule 50 action ‘accept’
set firewall name OUTSIDE-VPN rule 50 log ‘enable’
set firewall name OUTSIDE-VPN rule 50 state established ‘enable’
set firewall name OUTSIDE-VPN rule 50 state related ‘enable’
set firewall name OUTSIDE-VPN rule 51 action ‘drop’
set firewall name OUTSIDE-VPN rule 51 state invalid ‘enable’

outside zone

set zone-policy zone OUTSIDE default-action ‘drop’
set zone-policy zone OUTSIDE from VPN firewall name ‘VPN-OUTSIDE’
set zone-policy zone OUTSIDE interface ‘eth0’

vpn zone

set zone-policy zone VPN from OUTSIDE firewall name ‘OUTSIDE-VPN’
set zone-policy zone VPN interface ‘vtun10’

Currently I am getting nothing, no logs, no connections.

run show openvpn client
OpenVPN status on vtun10
Client CN Remote Host Local Host TX bytes RX bytes Connected Since

N/A remote.host:1194 N/A 0.0 B 0.0 B N/A

Just wondering where else I can look as /var/log/messages gives nothing.

Regards

Solved it!

No need to create new firewall rules or zones, but just use existing zone LOCAL-OUTSIDE.
Add allow port 1194 to LOCAL-OUTSIDE rules and we are up!

Cheers

Hi,

I did find one thing - when the VPN connected all networks drop. Curious to know what I am missing in the configuration as I just want to test VPN for a specific IoT interface.

Kind Regards