I have been having a great time with my new pfsense router setup, especially the OpenVPN remote access server that I have setup on it. Connecting to my home network through my phone has been great for remote troubleshooting and all around fun. Unfortunately, I was having a little trouble getting my Digital Ocean VPS to connect to over the VPN to my home network. After a few hours, and many google searches with little results I finally figured out the issue. Hopefully this will help out others who are trying to get this working on a headless VPS!
From the pfsense box, you are going to want to export your client configs for the VPS you are wanting to connect. This is pretty straightforward and can be done from the pfsense web interface (VPN|OpenVPN|Client Export). If you run into trouble here, make sure that you have a user setup (System|User Manager). I recommend that you use the “Standard Configurations|Archive option for the export.
Once you have the config files, get them over to your VPS securely. I used SFTP to copy the files over. Now here is where the real fun starts!
Normally to connect to the OpenVPN access server you simply use the following command:
sudo openvpn <config>
Where the <config> is your configuration file (default exported as a .ovpn file). The issue I was running into was that after entering this command the client would start but it would just sit there and no connection to the access server would be made.
To find more info on what exactly was going on I used the verbose flag in the configuration file by adding this line:
This showed me that the connection was waiting for the management-hold whatever that is. I think this is used if you are running the client from a computer running network-manager but I’m not sure. Once I found this out I edited the configuration file to comment out the management sections like so:
# dont terminate service process on wrong password, ask again
# open management channel
#management 127.0.0.1 166
# wait for management to explicitly start connection
# query management channel for user/pass
# disconnect VPN when management program connection is closed
# forget password when management disconnects
Notice that I did not comment out the ‘auth-retry intereact’ line but I’m not sure if it makes a difference.
Once the config file was edited I was able to get the client to get to the point where it prompts for the username and password and everything connected just fine! Hopefully this will help out others who where having this issue. From searching online, I mostly found information on how to connect with the network-manager GUI which is useless in a headless case like this.