OpenVPN server connection and tunneling back out

davidstoll

Sorry, deleted the log file because there was something in there that I didn't edit....anyway, here it is again...

Thu Sep 08 16:37:51 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:51 2022 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:yyyy [nonblock]
Thu Sep 08 16:37:52 2022 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link local: (not bound)
Thu Sep 08 16:37:52 2022 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:52 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1571'
Thu Sep 08 16:37:52 2022 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'
Thu Sep 08 16:37:52 2022 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Thu Sep 08 16:37:52 2022 [openvpn] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:yyyy
Thu Sep 08 16:37:53 2022 Preserving previous TUN/TAP instance: Ethernet 2
Thu Sep 08 16:37:53 2022 Blocking outside dns using service succeeded.
Thu Sep 08 16:37:53 2022 Initialization Sequence Completed
Thu Sep 08 16:37:59 2022 Connection reset, restarting [0]
Thu Sep 08 16:37:59 2022 Unblocking outside dns using service succeeded.
Thu Sep 08 16:37:59 2022 SIGUSR1[soft,connection-reset] received, process restarting

davidstoll

If I uncomment out the lines from my auto generated config and remove my replacement items, I get the following short info from the log...

Options error: Unrecognized option or missing or extra parameter(s) in pfSense-TCP4-config.ovpn:4: data-ciphers (2.4.3)
Use --help for more information.

viragomann

@davidstoll
Since you're running an 2.4.x client, check "Legacy Client" in the client export utility and export a new config file.

davidstoll

@viragomann I don't have any options. I can only click on the OS that I am trying to export for. Is there a better export plugin maybe? I'm using "Openvpn-client-export v1.6_4, which seems to be the latest as far as I can tell.

export options.jpg export plugin.jpg

viragomann

@davidstoll
Try this one:

davidstoll

Ok, thanks. I did that and it only gave me one warning about password caching, so that did help with the config compatibility.

However, every 3 hours it disconnects.

...
Fri Sep 16 08:33:38 2022 Initialization Sequence Completed
...
Fri Sep 16 11:33:26 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 16 11:33:26 2022 TLS Error: TLS handshake failed
Fri Sep 16 11:33:26 2022 Fatal TLS error (check_tls_errors_co), restarting
Fri Sep 16 11:33:35 2022 Initialization Sequence Completed
...
Fri Sep 16 14:29:24 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 16 14:29:24 2022 TLS Error: TLS handshake failed
Fri Sep 16 14:29:24 2022 Fatal TLS error (check_tls_errors_co), restarting

davidstoll

@davidstoll Any other suggestions? I would really appreciate it. I think we have made it a little better, but it just doesn't wan to stay connected and it disconnects on a scheduled basis (not randomly).

davidstoll

I tried UDP, but it won't connect...

Fri Sep 23 08:31:41 2022 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Fri Sep 23 08:31:41 2022 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Sep 23 08:31:41 2022 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Fri Sep 23 08:31:42 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Fri Sep 23 08:31:42 2022 UDP link local: (not bound)
Fri Sep 23 08:31:42 2022 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Fri Sep 23 08:32:42 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 23 08:32:42 2022 TLS Error: TLS handshake failed
Fri Sep 23 08:32:42 2022 SIGUSR1[soft,tls-error] received, process restarting

viragomann

@davidstoll
Looks like the server is not responding due to whatever reason.

Use packet capture on pfSense to check if the client packets are arriving on the WAN.

davidstoll

@viragomann They definitely are....up until it disconnects because it's working just fine other than the disconnect.