Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN on Multi-WAN

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    5
    6
    3.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Boolah
      last edited by

      2.0-BETA4 (amd64)
      built on Thu Oct 14 01:04:17 UTC 2010
      FreeBSD 8.1-RELEASE-p1

      I upgraded from the above build to that of Oct. 28 and it appears to have broken something with OpenVPN.

      I've got a dual WAN with one OpenVPN server running on WAN1 on port 1194 and a separate OpenVPN server running on WAN2 on port 1195.  When running on the Oct. 14 build, clients could connect to either (and/or both) OpenVPN server(s) without issue.  However, after upgrading to the Oct. 28 build, clients can no longer connect to the second OpenVPN server (the one running on WAN2/port 1195), but are still able to connect to the first OpenVPN server (running on WAN1/port 1194).

      The following error is found in the client's logs:

      openvpn[36074]: TCP/UDP: Incoming packet rejected from [AF_INET]WAN1_GW:1195[2], expected peer address: [AF_INET]WAN2_IP:1195 (allow this incoming source address/port by removing --remote or adding --float)

      where WAN1_GW is the Gateway of WAN1 and WAN2_IP is WAN2's IP.

      Here are the logs from the server:

      Oct 31 13:16:38 	openvpn[1657]: CLIENT_IP:2058 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 31 13:16:36 	openvpn[1657]: CLIENT_IP:52168 TLS Error: TLS handshake failed

      Reverting to the Oct. 14 build resolves the issue.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        known issue from http://redmine.pfsense.org/issues/958

        1 Reply Last reply Reply Quote 0
        • C
          c0urier
          last edited by

          Boolah,

          I had that error as well on some earlier shots. After I upgraded to:
          2.0-BETA4  (amd64) - built on Thu Oct 28 17:17:55 UTC 2010
          The error was gone.

          pfsense: 2.1.5-RELEASE, AMD64
          Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
          [/U

          1 Reply Last reply Reply Quote 0
          • M
            muffin
            last edited by

            I am having the same problem. I have tried the following builds:

            Oct 30
            Oct 14
            Oct 28

            Currently on Oct 28
            Had the same error on all. "TLS handshake failed"

            Is there a workarounduntil this is resolved?

            1 Reply Last reply Reply Quote 0
            • D
              drmabuse
              last edited by

              It is the same problem like:
              http://forum.pfsense.org/index.php/topic,29683.0.html

              The backrouting is wrong (all traffic to the standard-gateway, not to the incoming Interface)

              1 Reply Last reply Reply Quote 0
              • M
                muffin
                last edited by

                I have resolved this by updating to the latest snapshop:

                2.0-BETA4 (i386)
                built on Mon Nov 1 02:02:45 EDT 2010

                and by also setting the WAN OpenVPN is running on to default under System -> Routing.
                Not sure if this is by design or not?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post