Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN server connection and tunneling back out

    Scheduled Pinned Locked Moved OpenVPN
    23 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann @davidstoll
      last edited by

      @davidstoll
      The OpenVPN versions are mentioned in the clients log files.

      1 Reply Last reply Reply Quote 0
      • D
        davidstoll
        last edited by davidstoll

        Actually, there is more than one change in the config file. Anywhere there is a #, I had to remove it or, in that a couple cases, make a correction.

        In any case, I just searched through the log file on my android and there was no mention of the version or 2.4 or 2.5.

        In the Windows client, the log file shows 2.4.4.

        1 Reply Last reply Reply Quote 0
        • D
          davidstoll
          last edited by

          Sorry, deleted the log file because there was something in there that I didn't edit....anyway, here it is again...

          Thu Sep 08 16:37:51 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
          Thu Sep 08 16:37:51 2022 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:yyyy [nonblock]
          Thu Sep 08 16:37:52 2022 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:yyyy
          Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link local: (not bound)
          Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
          Thu Sep 08 16:37:52 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1571'
          Thu Sep 08 16:37:52 2022 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'
          Thu Sep 08 16:37:52 2022 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
          Thu Sep 08 16:37:52 2022 [openvpn] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:yyyy
          Thu Sep 08 16:37:53 2022 Preserving previous TUN/TAP instance: Ethernet 2
          Thu Sep 08 16:37:53 2022 Blocking outside dns using service succeeded.
          Thu Sep 08 16:37:53 2022 Initialization Sequence Completed
          Thu Sep 08 16:37:59 2022 Connection reset, restarting [0]
          Thu Sep 08 16:37:59 2022 Unblocking outside dns using service succeeded.
          Thu Sep 08 16:37:59 2022 SIGUSR1[soft,connection-reset] received, process restarting

          1 Reply Last reply Reply Quote 0
          • D
            davidstoll
            last edited by davidstoll

            If I uncomment out the lines from my auto generated config and remove my replacement items, I get the following short info from the log...

            Options error: Unrecognized option or missing or extra parameter(s) in pfSense-TCP4-config.ovpn:4: data-ciphers (2.4.3)
            Use --help for more information.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @davidstoll
              last edited by

              @davidstoll
              Since you're running an 2.4.x client, check "Legacy Client" in the client export utility and export a new config file.

              D 1 Reply Last reply Reply Quote 0
              • D
                davidstoll @viragomann
                last edited by

                @viragomann I don't have any options. I can only click on the OS that I am trying to export for. Is there a better export plugin maybe? I'm using "Openvpn-client-export v1.6_4, which seems to be the latest as far as I can tell.

                export options.jpg export plugin.jpg

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @davidstoll
                  last edited by

                  @davidstoll
                  Try this one:
                  2a2d56f8-1f68-4381-9775-983cd2a43bfe-grafik.png

                  1 Reply Last reply Reply Quote 1
                  • D
                    davidstoll
                    last edited by

                    Ok, thanks. I did that and it only gave me one warning about password caching, so that did help with the config compatibility.

                    However, every 3 hours it disconnects.

                    ...
                    Fri Sep 16 08:33:38 2022 Initialization Sequence Completed
                    ...
                    Fri Sep 16 11:33:26 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                    Fri Sep 16 11:33:26 2022 TLS Error: TLS handshake failed
                    Fri Sep 16 11:33:26 2022 Fatal TLS error (check_tls_errors_co), restarting
                    Fri Sep 16 11:33:35 2022 Initialization Sequence Completed
                    ...
                    Fri Sep 16 14:29:24 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                    Fri Sep 16 14:29:24 2022 TLS Error: TLS handshake failed
                    Fri Sep 16 14:29:24 2022 Fatal TLS error (check_tls_errors_co), restarting

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      davidstoll @davidstoll
                      last edited by

                      @davidstoll Any other suggestions? I would really appreciate it. I think we have made it a little better, but it just doesn't wan to stay connected and it disconnects on a scheduled basis (not randomly).

                      1 Reply Last reply Reply Quote 0
                      • D
                        davidstoll
                        last edited by

                        I tried UDP, but it won't connect...

                        Fri Sep 23 08:31:41 2022 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
                        Fri Sep 23 08:31:41 2022 Windows version 6.2 (Windows 8 or greater) 64bit
                        Fri Sep 23 08:31:41 2022 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
                        Fri Sep 23 08:31:42 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
                        Fri Sep 23 08:31:42 2022 UDP link local: (not bound)
                        Fri Sep 23 08:31:42 2022 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
                        Fri Sep 23 08:32:42 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                        Fri Sep 23 08:32:42 2022 TLS Error: TLS handshake failed
                        Fri Sep 23 08:32:42 2022 SIGUSR1[soft,tls-error] received, process restarting

                        V 1 Reply Last reply Reply Quote 0
                        • V
                          viragomann @davidstoll
                          last edited by

                          @davidstoll
                          Looks like the server is not responding due to whatever reason.

                          Use packet capture on pfSense to check if the client packets are arriving on the WAN.

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            davidstoll @viragomann
                            last edited by

                            @viragomann They definitely are....up until it disconnects because it's working just fine other than the disconnect.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.