OpenVPN server connection and tunneling back out

davidstoll

On the versions, the android/windows versions are just what I see in the "about". So, maybe that is the GUI version, but I don't see the underlying "version" of OpenVPN in either situation.

See attached.
openvpn windows client.jpg

and

openvpn android client.png

viragomann

@davidstoll
The OpenVPN versions are mentioned in the clients log files.

davidstoll

Actually, there is more than one change in the config file. Anywhere there is a #, I had to remove it or, in that a couple cases, make a correction.

In any case, I just searched through the log file on my android and there was no mention of the version or 2.4 or 2.5.

In the Windows client, the log file shows 2.4.4.

davidstoll

Sorry, deleted the log file because there was something in there that I didn't edit....anyway, here it is again...

Thu Sep 08 16:37:51 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:51 2022 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:yyyy [nonblock]
Thu Sep 08 16:37:52 2022 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link local: (not bound)
Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:52 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1571'
Thu Sep 08 16:37:52 2022 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'
Thu Sep 08 16:37:52 2022 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Thu Sep 08 16:37:52 2022 [openvpn] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:53 2022 Preserving previous TUN/TAP instance: Ethernet 2
Thu Sep 08 16:37:53 2022 Blocking outside dns using service succeeded.
Thu Sep 08 16:37:53 2022 Initialization Sequence Completed
Thu Sep 08 16:37:59 2022 Connection reset, restarting [0]
Thu Sep 08 16:37:59 2022 Unblocking outside dns using service succeeded.
Thu Sep 08 16:37:59 2022 SIGUSR1[soft,connection-reset] received, process restarting

davidstoll

If I uncomment out the lines from my auto generated config and remove my replacement items, I get the following short info from the log...

Options error: Unrecognized option or missing or extra parameter(s) in pfSense-TCP4-config.ovpn:4: data-ciphers (2.4.3)
Use --help for more information.

viragomann

@davidstoll
Since you're running an 2.4.x client, check "Legacy Client" in the client export utility and export a new config file.

davidstoll

@viragomann I don't have any options. I can only click on the OS that I am trying to export for. Is there a better export plugin maybe? I'm using "Openvpn-client-export v1.6_4, which seems to be the latest as far as I can tell.

export options.jpg export plugin.jpg

viragomann

@davidstoll
Try this one:

davidstoll

Ok, thanks. I did that and it only gave me one warning about password caching, so that did help with the config compatibility.

However, every 3 hours it disconnects.

...
Fri Sep 16 08:33:38 2022 Initialization Sequence Completed
...
Fri Sep 16 11:33:26 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 16 11:33:26 2022 TLS Error: TLS handshake failed
Fri Sep 16 11:33:26 2022 Fatal TLS error (check_tls_errors_co), restarting
Fri Sep 16 11:33:35 2022 Initialization Sequence Completed
...
Fri Sep 16 14:29:24 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 16 14:29:24 2022 TLS Error: TLS handshake failed
Fri Sep 16 14:29:24 2022 Fatal TLS error (check_tls_errors_co), restarting

davidstoll

@davidstoll Any other suggestions? I would really appreciate it. I think we have made it a little better, but it just doesn't wan to stay connected and it disconnects on a scheduled basis (not randomly).

davidstoll

I tried UDP, but it won't connect...

Fri Sep 23 08:31:41 2022 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Fri Sep 23 08:31:41 2022 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Sep 23 08:31:41 2022 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Fri Sep 23 08:31:42 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Fri Sep 23 08:31:42 2022 UDP link local: (not bound)
Fri Sep 23 08:31:42 2022 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Fri Sep 23 08:32:42 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 23 08:32:42 2022 TLS Error: TLS handshake failed
Fri Sep 23 08:32:42 2022 SIGUSR1[soft,tls-error] received, process restarting

viragomann

@davidstoll
Looks like the server is not responding due to whatever reason.

Use packet capture on pfSense to check if the client packets are arriving on the WAN.

davidstoll

@viragomann They definitely are....up until it disconnects because it's working just fine other than the disconnect.