Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN server connection and tunneling back out

    Scheduled Pinned Locked Moved OpenVPN
    23 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      davidstoll
      last edited by davidstoll

      On the versions, the android/windows versions are just what I see in the "about". So, maybe that is the GUI version, but I don't see the underlying "version" of OpenVPN in either situation.

      See attached.
      openvpn windows client.jpg

      and

      openvpn android client.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @davidstoll
        last edited by

        @davidstoll
        The OpenVPN versions are mentioned in the clients log files.

        1 Reply Last reply Reply Quote 0
        • D
          davidstoll
          last edited by davidstoll

          Actually, there is more than one change in the config file. Anywhere there is a #, I had to remove it or, in that a couple cases, make a correction.

          In any case, I just searched through the log file on my android and there was no mention of the version or 2.4 or 2.5.

          In the Windows client, the log file shows 2.4.4.

          1 Reply Last reply Reply Quote 0
          • D
            davidstoll
            last edited by

            Sorry, deleted the log file because there was something in there that I didn't edit....anyway, here it is again...

            Thu Sep 08 16:37:51 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
            Thu Sep 08 16:37:51 2022 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:yyyy [nonblock]
            Thu Sep 08 16:37:52 2022 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:yyyy
            Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link local: (not bound)
            Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
            Thu Sep 08 16:37:52 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1571'
            Thu Sep 08 16:37:52 2022 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'
            Thu Sep 08 16:37:52 2022 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
            Thu Sep 08 16:37:52 2022 [openvpn] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:yyyy
            Thu Sep 08 16:37:53 2022 Preserving previous TUN/TAP instance: Ethernet 2
            Thu Sep 08 16:37:53 2022 Blocking outside dns using service succeeded.
            Thu Sep 08 16:37:53 2022 Initialization Sequence Completed
            Thu Sep 08 16:37:59 2022 Connection reset, restarting [0]
            Thu Sep 08 16:37:59 2022 Unblocking outside dns using service succeeded.
            Thu Sep 08 16:37:59 2022 SIGUSR1[soft,connection-reset] received, process restarting

            1 Reply Last reply Reply Quote 0
            • D
              davidstoll
              last edited by davidstoll

              If I uncomment out the lines from my auto generated config and remove my replacement items, I get the following short info from the log...

              Options error: Unrecognized option or missing or extra parameter(s) in pfSense-TCP4-config.ovpn:4: data-ciphers (2.4.3)
              Use --help for more information.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @davidstoll
                last edited by

                @davidstoll
                Since you're running an 2.4.x client, check "Legacy Client" in the client export utility and export a new config file.

                D 1 Reply Last reply Reply Quote 0
                • D
                  davidstoll @viragomann
                  last edited by

                  @viragomann I don't have any options. I can only click on the OS that I am trying to export for. Is there a better export plugin maybe? I'm using "Openvpn-client-export v1.6_4, which seems to be the latest as far as I can tell.

                  export options.jpg export plugin.jpg

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @davidstoll
                    last edited by

                    @davidstoll
                    Try this one:
                    2a2d56f8-1f68-4381-9775-983cd2a43bfe-grafik.png

                    1 Reply Last reply Reply Quote 1
                    • D
                      davidstoll
                      last edited by

                      Ok, thanks. I did that and it only gave me one warning about password caching, so that did help with the config compatibility.

                      However, every 3 hours it disconnects.

                      ...
                      Fri Sep 16 08:33:38 2022 Initialization Sequence Completed
                      ...
                      Fri Sep 16 11:33:26 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                      Fri Sep 16 11:33:26 2022 TLS Error: TLS handshake failed
                      Fri Sep 16 11:33:26 2022 Fatal TLS error (check_tls_errors_co), restarting
                      Fri Sep 16 11:33:35 2022 Initialization Sequence Completed
                      ...
                      Fri Sep 16 14:29:24 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                      Fri Sep 16 14:29:24 2022 TLS Error: TLS handshake failed
                      Fri Sep 16 14:29:24 2022 Fatal TLS error (check_tls_errors_co), restarting

                      D 1 Reply Last reply Reply Quote 0
                      • D
                        davidstoll @davidstoll
                        last edited by

                        @davidstoll Any other suggestions? I would really appreciate it. I think we have made it a little better, but it just doesn't wan to stay connected and it disconnects on a scheduled basis (not randomly).

                        1 Reply Last reply Reply Quote 0
                        • D
                          davidstoll
                          last edited by

                          I tried UDP, but it won't connect...

                          Fri Sep 23 08:31:41 2022 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
                          Fri Sep 23 08:31:41 2022 Windows version 6.2 (Windows 8 or greater) 64bit
                          Fri Sep 23 08:31:41 2022 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
                          Fri Sep 23 08:31:42 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
                          Fri Sep 23 08:31:42 2022 UDP link local: (not bound)
                          Fri Sep 23 08:31:42 2022 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
                          Fri Sep 23 08:32:42 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                          Fri Sep 23 08:32:42 2022 TLS Error: TLS handshake failed
                          Fri Sep 23 08:32:42 2022 SIGUSR1[soft,tls-error] received, process restarting

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @davidstoll
                            last edited by

                            @davidstoll
                            Looks like the server is not responding due to whatever reason.

                            Use packet capture on pfSense to check if the client packets are arriving on the WAN.

                            D 1 Reply Last reply Reply Quote 0
                            • D
                              davidstoll @viragomann
                              last edited by

                              @viragomann They definitely are....up until it disconnects because it's working just fine other than the disconnect.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.