OpenVPN does not work on bridged PFsense router
-
If it’s behind your home router did you port forward port 1194 to it from your home router? It needs to know where to send that traffic.
-
@JonathanLee The router LAN port is in already in bridged mode, so I didn't forward that 1194 port. Do I still need to?
-
O ok, can you capture traffic and generate a PCP file from inside PFsense and attempt the connection again? PFsense can do that for you to help isolate the issue. We want to grab the pcap file and import it into Wireshark so we can look at what occurs. We want to see that port hit PFsense and when it drops.
-
@JonathanLee You want me to share the Packet capture file?
-
@george1116 no because it could have info you don’t want shared. just open it with wireshark search for that port number do a screenshot of just that and post it here, I just want to see that connect initiated not the details of it.
-
-
That's good it hits your firewall, it looks to be a certificate issue here, can you delete the client info and export it again?
How are you accessing the VPN?
-
I am using Tunnelblick to connect.
How is it able to connect on a mobile network though if it's indeed a problem with the certificate?
Also, which client info are you referring to?
-
@george1116 What is your goal? RDM? Access a NAS?
-
@JonathanLee Purely RDM, I want to be able to manage my network from other locations.
-
@george1116 You have different export wizards in OpenVPN for different machines. Also if you open that file in a text editor you may see udp4 if you have a ipv6 hotspot it will need that disabled change it to udp only.
Export and try this also change to just udp, I had an issue that was not letting my use my iphone yesterday when it was set to udp4 because the iphone could not understand that it just wanted it set to udp
remote f.q.d.n (your ip address will show here) 1194 udp
not
remote f.q.d.n (your ip address here) 1194 udp4 -
@george1116 That is good it works already so we know it's mostly some setting in the client export profile file.
Are you using pfsense for OpenVPN? if not you need to set it to forward the traffic to the device that has the vpn software set up on.
If you only use VPN software on the mac pfsense needs to reroute that port to that machine
You might need to NAT port foward port 1194 to that machine if that is where your VPN software is located.
Here is an example I use port forward for my AP for syslogs to pfsense so ap 192.168.1.2:514 ----> 192.168.1.1:5140
-
@george1116 is OpenVPN used in pfSense or just VPN software on the mac is uses and pfSense does not have VPN software installed on it?
-
yes, I am using pfsense for OpenVPN. By default, it accepts all UDP connections on the WAN port.
Also, this is what part of my config file looks like, it is already setup like yours.
-
@george1116 change it to just udp and save it import it and try again
-
Please help me understand, what am I changing to UDP only. it's already set to only use UDP, so I am a little confused right now.
-
@george1116 it says udp4 that is upd ipv4 some systems cannot understand it like my iphone it just wants it to say udp.
-
Modified and it didn't work either
still failing at
2024-01-03 09:53:25.497694 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2024-01-03 09:53:25.497766 TLS Error: TLS handshake failed -
@george1116
What shows the server log? -
@george1116 dang
