Ar750s openVPN client connection settings to pfSense?

I’ve been forced to work from home for a few weeks, and I’m trying to set up a site to site VPN with my pfSense as the server.

I set pfSense openVPN to use a preshared key and exported a .ovpn file with the settings. The file imports fine but when I try to connect the ar750s errors about TLS, username, secret.

The psk I made as a 256bit key if this matters.

What I’m guessing is that I need to set up my server to use the TLS settings and certificates instead of using the preshared key. Is this correct?

Asking this vs. just trying it because my access to work is on a limited basis so I want to try and get my info together before I go back to work. Running the latest stable of pfSense and just updated my ar750s last night.

Could you post a redacted version of the ovpn file you uploaded?

so you tried the client .ovpn file on an ar750s. got some tls errors. It sounds like a new setup so can you test the client .ovpn file on another client machine like android,windows,linux for just to make sure it is a working and functioning ovpn client file

I do have some connection issues I need to work out, so I’m hoping this is the reason. I set up another pfsense machine at home, and it is only getting partial connection. I think at the college’s firewall, they only forward TCP traffic to me. I know I set the server for UDP traffic so need to fix that. Planning to work on that tomorrow. Once I get both pfsense machines talking to each other, I can get back to testing with the ar750s. The little router uses much less power, so it is my preferred device if I can get things working.

That is the error I’m getting. I did have a tunnel up earlier today with pfsense on both ends after changing to tcp.

Here is the config file that I’m trying to use:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
pull
resolv-retry infinite
proto tcp-client
remote xxxx.yyyy.edu 8003
ifconfig 172.16.0.2 172.16.0.1
keepalive 10 60
ping-timer-rem
(secret)

2048 bit OpenVPN static key

-----BEGIN OpenVPN Static key V1-----
BIG LONG KEY
-----END OpenVPN Static key V1-----
(/secret)

Hmmm… Looks like the preformatted function didn’t work right, hope this comes out OK. I’m failing massively at formatting that config file for the screen. There are a bunch of hash marks after the secret (which I also had to change to ( )) and before the Begin key that I had to take out.

More details are that this is connected to another router at the house then to cable modem. At work it is pfsense to network with port 8003 from campus firewall forwarded back to my pfsense. Again I did have a tunnel up with pfsense to pfsense earlier. It looks like I’m not going to be able to use the static shared key for this, that it requires a tls certificate to make this device work. Maybe I’ll have to reconfigure my server and try again.

so is that .ovpn file before being imported into the ar750s? (I do understand like you do about the preformating that occurs when posting in here)

or is it the .ovpn file found in /etc/openvpn/ovpn0/yourclientfile*.ovpn
reason being I can see some differences in
proto tcp
and
proto tcp-client

I have found that android openvpn config files import very well into gl-inet routers.

Other than the editing to remove the personal info and to remove what the forum thinks is formatting, that’s straight out of the export tool in pfsense for a shared key VPN.

okay so is it the same as /etc/openvpn/ovpn0/EMCfirewall-TCP4-8004-config.ovpn

your file you posted looks like pre-import settings.

location above is post import “actual settings being used on your connection” that is giving you the output screen you are posting in this forum and giving you the errors you qre questioning. they are prolly the same but you just have to check and start from there.

@Greg_E
Is it possible to draw a map of your network connection, and provide a copy of your VPN configuration, I can help you test, you can contact me via email, my email address: guilin.wang@gl-inet.com

Once I figure out what I’ve done wrong, I can send you the info. My pfsense to pfsense tunnel is still not working, no gateways on either end but the tunnel is up. Once I fix that so it works, I’ll come back to trying the AR750S. For the time being, I have Teamviewer installed so I can get to both ends easily.

I’m also still allowed to go to my office as needed and live close enough that it is easy. But I want to tackle this problem, even just for my own satisfaction.

@Greg_E
Ok, please feel free to contact me when you have a test, thank you

I gave up on this. I got pfsense to connect to each other, had an odd “bug” that was stopping it. When I chose 172.16.0.0/16 for the tunnel network it was causing the gateways to fail. Changed to 172.16.0.0/24 and suddenly the gateways popped up and I could get into my network.

I did try the ar750s again and edited the config file to us – in front of the secret and /secret parts of the key. My errors went away but still no connection. It probably still has something to do with the tunnel network because there us no where in the config file or the GUI to specify the subnet.

Also I abandoned this because it wanted to send all traffic through the VPN which would have been a lot slower for general internet. pfSense allows general traffic to bypass the tunnel, and only the required traffic passes through the tunnel. So I just set the ar750s to be an access point for now. I’ll dig into things when I have more time and see if I can get things working. The ar750s is much more power efficient than the little computer I have running pfsense.

@Greg_E
I recommend you use s2s for networking, you can refer to the following link about s2s
https://www.gl-inet.com/solutions/site-to-site/