@johnpoz Many Thanks.

@viragomann I tried disabling the port-forward rule but the connection didn't drop at all. Maybe I need to kill the states on the firewall but can't do that during production hours without disruption. I haven't actually disconnected the primary WAN either. I suppose I could try that after hours for a real test. I'm adding 2FA to our VPN connections so this is the perfect time to make the connections more robust with failover as well.

@jfassad Thanks a lot for the info. I'll give it a shot!

@thisisbenwoo

Do you have a Firewall -> NAT -> Outbound rule for your VPN Network?

Mine looks like this:

Screen Shot 2021-10-05 at 9.21.56 AM.png

@gremblin Hi, I'm sorry I can't help. But I don't have this setup in pfSense any longer.

@jarlel adding a me too

@gwizzle What solved the problem? there is still no checkbox for nopool ?

@viragomann said in TLS ERROR with pfsense 2.5.2:

@hardousse
Looks like the client are not able to access the pfSense WAN.

Do you have a public WAN IP? Not a CGN.

Do you have WAN firewall in place allowing the VPN packets?

Ensure that the packets arrive on your WAN. Use the packet capture tool from the Diagnostic menu to investigate.

thank you for help yes its public ip and my firewall blocked the traffic i reinstall all and now everything working.
Best reagrds

@viragomann , first, thanks again for your help and support on this.
for all and benefit of the forum :

Took me a long time to figure out , as there was several issues ,
I bypass all tests done going to outcome
1 - my hardware was not strong enough : changes where not applied properly all the time - > this is why I had non consistent behaviors ( I set manually the "Firewall Maximum Table Entries", so apparently no error, but all changes were not applied)
Solution to this 1st point : ordered a new box ( that's why it took some time to get it from china ... )

2 - I had duplicate ranges in my IP's ( the one assigned by VPN was another one as well on another link of my FW )

Having solved these 2, I have the VPN connection created, stable with a GW defined.
In the meantime, I have in the new box a wifi connection, that I 'm gonna use as fail-over solution. I will be able to make tests unlink from the VPN, and see if now I encounter the same problems

Thanks

@ralienpp said in Communication between clients from different OpenVPN networks:

Is such a setup supposed to work, in principle? What troubleshooting methods can I use to understand the root cause of the problem?

Your issue is strictly routing. The fact that VPNs are used is relevant, as when up, they simply provide an IP connection.

So, check your routes and make sure the various devices can find a route, either via default route or specific routes.

@knothing said in How to use multiple WANs to make fater peer-to-peer connection?:

LAGG

Suppos I have created LAGG interface. What next?

@graeme-thomas said in Telnet to host via VPN not working:

It seems like the vpn is not allowing icmp or telnet to route.

Use Packet Capture or Wireshark to see how far the packets are getting and whether you're getting a response. For example, you could run Packet Capture on the pfsense end of the VPN to see if the packets get that far. However, I can assure you that OpenVPN passes pings as I have done that many times. If your pings aren't getting through, then you likely have some rule issue.

BTW: That Package Manager message is a general footnote/explanation:

package_manager.png

-Rico

Ok, Then this is as clear as it gets :

@gertjan said in OpenVPN will not connect:

TLS Error: TLS handshake failed

means : This :

cc3c65c4-515a-4d7b-942a-70bce8617643-image.png

or, more specific : one or more items in this list (marked with a red cross ) :

3492f3a5-889b-4025-8f9f-5d95e8e77358-image.png

doesn't correspond with the OPVN client file (OpenVPN client settings).

The server disagrees with the client.
The servers throws out an 'error' : TLS Error: TLS handshake failed.

edit : and before you think : "why does this happen to me ?"
The answer is a solid : "go talk with the admin".
We all see this error ones in a while. Rarely, it works 'right away'.
( at least, it never did for me ;) )

What I normally do :
I compare the config file of the server and the client. These are small text files. Easy to read.
This is the old fashioned way of making to devices talk to each other : compare their settings on both sides - using a paper and pencil.

Btw : also compare your OpenVPN server version number - and the OpenVPN client version number. If they differ, you also have to read the OpenVPN doc of both version, that is, the details of all the settings used. You're good for a visit at openvpn.org - the section 'manual'.

Just you know an OpenVPN setup can be activated in less then 8 minutes : do this https://www.youtube.com/watch?v=jQHqPq7ftz4 ;)

@viragomann That fixed the problem, thank you very much!
It looks like only VPNUnlimited has this issue, PureVPN and VPNSecure do not require to select "Don't pull routes"

@lesquestionsdetoto Hi, any idea ?

@stephenw10 said in I need to restart the OVPN tunnels after a pfSense reboot:

Does the client get the correct routes?
Do you see blocked traffic?