Fresh Install: TLS handshake failed
-
–server directive network/netmask combination is invalid
So fix that? You are giving us nothing to go on.
-
–server directive network/netmask combination is invalid
So fix that? You are giving us nothing to go on.
No idea what that is. I followed the documentation to setup OpenVPN and that is what I get. No idea what it has done, so I don't know what to fix.
-
Post your server configuration. Obviously you have something done wrong.
-
I just went through the same thing.
Look at your firewall rules. It's possible the wizard put the rule for OpenVPN BELOW the deny all entry. Move it up 1 and try again.
2nd, I have problems using OpenVPN with some public universities and hospitals. They're good at blocking OpenVPN regardless of the port you use. Try another wi-fi site if you think it might be a problem.
-
Post your server configuration. Obviously you have something done wrong.
DHCP Server/LAN
Subnet 10.1.0.0
Subnet Mask 255.255.0.0
Available Range 10.1.0.1 - 10.1.255.254
Range 10.1.1.10 - 10.1.255.245OpenVPN Server
IPv4 Tunnel Network 10.1.0.0/16Firewall/Rules/WAN
Set to pass UDP 1194Firewall/Rules/OpenVPN
Set to pass, any source and destinationIf I leave the OpenVPN client to try and connect on an infinite loop it will randomly connect, maybe the 10th time, maybe the 50 time. When it does the client can access the net but not networked resources on the LAN. Usually though it just doesn't connect as the service is usually always down.
-
Your tunnel network needs to be outside any other network on the firewall.
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server#OpenVPN_Server_Configuration
Tunnel Network – Should be a new, unique network that does not exist anywhere in the current network or routing table.
-
Your tunnel network needs to be outside any other network on the firewall.
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server#OpenVPN_Server_Configuration
Tunnel Network – Should be a new, unique network that does not exist anywhere in the current network or routing table.
Can you suggest a range? Whenever I utilise settings different to that it never works at all, the client won't connect.
-
Should be a new, unique network that does not exist anywhere in the current network or routing table.
$ randomlan.pl
172.22.203.0/24
192.168.253.0/24 -
Should be a new, unique network that does not exist anywhere in the current network or routing table.
$ randomlan.pl
172.22.203.0/24
192.168.253.0/24I utilised 192.168.XXX.XXX originally and people on this forums said that was a bad idea and to go to 10.1.XXX.XXX.
-
I personally don't like using 10.anything. Far too may people out there think it's OK to use 10.0.0.0/8 and you collide with their entire space.
I stay away from 10.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24, and 192.168.168.0/24 (sonicwall default).
But your issue is they are the same, not that you're using 10.1.0.0/16.
-
I personally don't like using 10.anything. Far too may people out there think it's OK to use 10.0.0.0/8 and you collide with their entire space.
I stay away from 10.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24, and 192.168.168.0/24 (sonicwall default).
But your issue is they are the same, not that you're using 10.1.0.0/16.
Could I utilise 172.22.203.0/24 as my tunnel network with my LAN as 10.XXX.XXX.XXX?
Will that allow me access network resorces on my LAN? At the moment I can get a VPN connection to intermittently work. I can see that traffic is being routed through the VPN but I cant see shared drives and printers.
-
Routing and network "discovery" are two different things. You will want to use something like a domain controller or cough WINS to discover network resources across routed subnets.
It should work to IP addresses like \ip.address\share
-
Routing and network "discovery" are two different things. You will want to use something like a domain controller or cough WINS to discover network resources across routed subnets.
It should work to IP addresses like \ip.address\share
I don't know what you mean sorry.
I have looked through the documentation https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server however couldn't find anything about accessing network resources. Where would I find information on getting it to work? Its pretty pointless having a VPN and not be able to access my network shares.
-
You are talking about a windows problem, not a VPN problem. Look for information on "windows network discovery between subnets." Or something like that.
Check Windows resources, not pfSense resources. It's just routing between subnets. Nothing different than having a local LAN1 and LAN2.
-
Still cannot get shared resources to work over OpenVPN.
Can someone tell me whether it is a problem with my network config?
My LAN interface is 10.1.1.1/16
My OpenVPN tunnel network is 172.22.203.0/24
I can get a VPN connection but cannot access my servers shares.
I have tried changing the OpenVPN tunnel to 172.22.203.0/16 however the daemon won't run with this config.
Could someone who actually has a working OpenVPN connection, with access to shared resources, post what config they are utilising? At the moment it seems to me that PFSense OpenVPN doesn't seems to support it.
I have posted on the unRaid forums that I am having this problem as someone here said that it wasn't a PFsense problem. As expected people on the Unraid forums are saying its a PFSense problem.
-
I guess you are not hearing what I am saying.
Network discovery generally does not work across IP subnets/routers without helpers.
Can you ping the unraid server by IP address? Then your VPN is working.
I looked for some documentation on the unraid site about network discovery for their file shares and came up empty.
-
I guess you are not hearing what I am saying.
Network discovery generally does not work across IP subnets/routers without helpers.
Can you ping the unraid server by IP address? Then your VPN is working.
I looked for some documentation on the unraid site about network discovery for their file shares and came up empty.
I hear what you are saying, I don't understand what you mean however.
Yes I can ping the unRaid server.
I can ping, by IP address, all my local machines
-
Have you, by chance, done any searching on network share discovery across subnets?
What, exactly, are you trying to do that is not working?
Details matter here. Please be specific.
-
What he means is all of the service discovery protocols are broadcast or multicast and almost none of those protocols work across routers because routers can not forward the broadcast/multicast traffic, this is by design. Some more clever protocols such as mDNS do actually support discovery across routers but that is because they implement a proxy that listens for and forwards the service announcements across subnets. The avahi package implements mDNS on FreeBSD and I believe also on pfSense.
-
Have you, by chance, done any searching on network share discovery across subnets?
What, exactly, are you trying to do that is not working?
Details matter here. Please be specific.
I am trying to access Unraid SMB shares from my laptop whilst connected via OpenVPN. I cannot do this, I cannot see or access any shared resources.
I have searched for solutions, people on the unRaid forums said that it isan OpenVPN/Freenas problem.
