New Setup, I Followed The Guide, What Gives? No server certificate verification!
-
No fatal errors there – just a timeout. What shows in the server log? Anything?
-
OpenVPN log shows nothing - shows that the service is bound to the WAN, and it's "Intialization Sequence Completed"
-
Check your WAN firewall rules – the traffic is probably not making it past the firewall!
It's being blocked somewhere between the client and server, so either it's not hitting the right IP address or port, or the packets are being dropped by either the firewall rules or some other device in between.
-
From what I'm seeing, it's never making it in the tunnel - ping request is hitting the firewall directly. I'm trying an uninstall/reboot/re-install/reboot of the client now…
-
It appears that for whatever reason, the OpenVPN client is not binding or not accepting an address from the server. The TAP adapter constantly shows a red X through it (disconnected) and I never get an IP address from the server. :(
-
as jimp said: you are not reaching your openvpn server, it fails even before a connection is initiated.
either rules on your pfsense WAN are blocking the port your vpn-server is running on, or your vpn server is not bound on WAN & you need to portforward.
-
Yeah it doesn't get far enough to obtain an IP, it gets no reply at all from the server (which means it probably can't reach it). The issue is the timeout, not the server certificate verification message.
-
You think maybe trying to talk to 1.2.3.4 as your IP might be an issue ;)
UDPv4 link remote: [AF_INET]1.2.3.4:1194
if your obfuscating your actual public IP by editing your logs for posting, you really should state that!!
-
Sorry, yes 1.2.3.4 is a fake IP - even though this is on the test bench, I am using real, live IP's because after testing it is going into a live environment.
So after installing the OpenVPN Client Export package and using that, I had the same luck and discovered that during the OpenVPN wizard, it assigned the firewall rule for port 1194 to "WAN address" - once I changed to my CARP VIP, I was able to connect, so now I'm one step closer…so now at least it's actually connected and is working. Looking at the config that was created, it's completely different than the generic one in the book: https://portal.pfsense.org/docs/book/openvpn/openvpn-client-installation-generic.html
So my final question is (I know this is a Windows issue) - is there any way to manually run the OpenVPN client without "Run As Administrator"? Or does anyone know if any of the other OpenVPN clients can do this? I just know of a handful of clients who are on domains and don't have access rights to do this so I have to give them some other way and I'd prefer them not to install as service...
-
Use the viscosity client if you don't want to run as admin on windows. https://www.sparklabs.com/viscosity/
Its not free..
