TSL Handshake failed
-
Do i understand you right, that you want to have a site-to-site connection?
In this case i would drop the whole PKI and set up a PSK.This sticky thread has more information about that (And the further linked threads):
http://forum.pfsense.org/index.php/topic,12888.0.html -
When I try and ping another device on the client side from the server side I get the following…..............
PING 10.0.0.200 (10.0.0.200) from 192.168.0.1: 56 data bytes
92 bytes from core-antoine.air-pipe.com (208.81.157.73): Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 77ee 0 0000 3a 01 3d4a 192.168.0.1 10.0.0.200 -
ahh, ok, well thank you for that link, as I am dead tired atm and have to be up in about 4 or 5 hours I'm going to hit the sack atm but will get on that thread asap, thanks!
-
OK, so I have the connections established between the server and the client via OpenVPN. There are no errors in the system or vpn logs but I am unable to get traffic through from one network to the other.
Any suggestions?
Trying to go from and to (Server) 192.168.0.0 <-> (VPN Tunnel) 192.168.5.0 <-> (Client) 10.0.0.0
-
Do you have a PSK or PKI now?
Did you add any route/pushes to the config?
Are the routes on both sides to get to the other side known? -
try enabling netbios should work is that a client to client vpn if so i dont think you actually need that option at the moment
-
Well unfortunately it's not working. I can ping from the server to the client router but not the client network. I can not ping at all from the client to the server network.
-
Do you have a PSK or PKI now?
Did you add any route/pushes to the config?
Are the routes on both sides to get to the other side known??
Assumption:
You use a PSK. You didn't add any routes. The client of your remote network is the default gateway for this subnet.–>
You need to add on the server side to the custom config field: "route subnetID_of_clientnet netmask" (ie. route 192.168.0.0 255.255.255.0)
This adds on the server dynamically a static route for the remote subnet when the tunnel comes up.
You also need a similar entry on the client router. "route subnetID_of_servernet netmask".
To add dynamically the static route pointing to the server subnet. -
I tried it with "route 10.0.0.0 255.255.255.0" on the server and "route 192.168.0.0 255.255.255.0" on the client but the logs state that there was an error setting up the routes and they exitted with a signal 1.
I also tried "route 10.0.0.0/24" and "route 192.168.0.0/24" and nothing came up in the logs regarding errors but still they will not route traffic. I can't get traffic in either direction.
-
What error?
(Post it) -
Funny thing is that I had this same error and solved it by switching from UDP to TCP.