Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - multiple tutorials, cannot connect

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mkyb14
      last edited by

      I was really hoping to figure this out on my own, but I've been stumped now for a week.

      Following multiple tutorials, different little variations in how people are setting up their openvpn server's, nothing has worked.  I'm simply trying to allow a connection from my phone or laptop to access cameras or ssh into my proxmox box from outside the house.

      I've followed many tutorials, but always get an error and this would seem pretty straight forward.  I've CC'd the logs from my laptop connected via tunnelblick over another Wireless WAN connection.

      Any direction would be appreciated!

      also, no add on's enabled in PFSense, just the export openvpn tool right now.

      2017-04-21 10:32:09 *Tunnelblick: Established communication with OpenVPN
      2017-04-21 10:32:09 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
      2017-04-21 10:32:09 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
      2017-04-21 10:32:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
      2017-04-21 10:32:09 Need hold release from management interface, waiting…
      2017-04-21 10:32:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
      2017-04-21 10:32:09 MANAGEMENT: CMD 'pid'
      2017-04-21 10:32:09 MANAGEMENT: CMD 'state on'
      2017-04-21 10:32:09 MANAGEMENT: CMD 'state'
      2017-04-21 10:32:09 MANAGEMENT: CMD 'bytecount 1'
      2017-04-21 10:32:09 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:32:09 *Tunnelblick: openvpnstart starting OpenVPN
      2017-04-21 10:32:17 MANAGEMENT: CMD 'username "Auth" "mkyb14"'
      2017-04-21 10:32:17 MANAGEMENT: CMD 'password […]'
      2017-04-21 10:32:17 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:32:25 MANAGEMENT: CMD 'password […]'
      2017-04-21 10:32:25 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
      2017-04-21 10:32:25 Control Channel Authentication: using 'pfSense-udp-31000-mkyb14-tls.key' as a OpenVPN static key file
      2017-04-21 10:32:25 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      2017-04-21 10:32:25 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      2017-04-21 10:32:25 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:32:25 MANAGEMENT: >STATE:1492795945,RESOLVE,,,
      2017-04-21 10:32:31 UDPv4 link local (bound): [undef]
      2017-04-21 10:32:31 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,WAIT,,,
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,AUTH,,,
      2017-04-21 10:32:31 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=80379b54 7be8650d
      2017-04-21 10:32:31 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
      2017-04-21 10:32:31 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
      2017-04-21 10:32:31 TLS_ERROR: BIO read tls_read_plaintext error
      2017-04-21 10:32:31 TLS Error: TLS object -> incoming plaintext read error
      2017-04-21 10:32:31 TLS Error: TLS handshake failed
      2017-04-21 10:32:31 SIGUSR1[soft,tls-error] received, process restarting
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RECONNECTING,tls-error,,
      2017-04-21 10:32:31 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:32:31 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:32:31 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RESOLVE,,,
      2017-04-21 10:32:31 UDPv4 link local (bound): [undef]
      2017-04-21 10:32:31 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,WAIT,,,
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,AUTH,,,
      2017-04-21 10:32:31 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=b4df3926 92459d54
      2017-04-21 10:32:31 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
      2017-04-21 10:32:31 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
      2017-04-21 10:32:31 TLS_ERROR: BIO read tls_read_plaintext error
      2017-04-21 10:32:31 TLS Error: TLS object -> incoming plaintext read error
      2017-04-21 10:32:31 TLS Error: TLS handshake failed
      2017-04-21 10:32:31 SIGUSR1[soft,tls-error] received, process restarting
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RECONNECTING,tls-error,,
      2017-04-21 10:32:31 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:32:31 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:32:31 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RESOLVE,,,
      2017-04-21 10:32:31 UDPv4 link local (bound): [undef]
      2017-04-21 10:32:31 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,WAIT,,,
      2017-04-21 10:32:35 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:35 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:37 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:37 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:39 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:39 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:48 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:48 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:49 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:32:49 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:03 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:03 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:06 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:06 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:31 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      2017-04-21 10:33:31 TLS Error: TLS handshake failed
      2017-04-21 10:33:31 SIGUSR1[soft,tls-error] received, process restarting
      2017-04-21 10:33:31 MANAGEMENT: >STATE:1492796011,RECONNECTING,tls-error,,
      2017-04-21 10:33:31 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:33:31 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:33:31 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:33:31 MANAGEMENT: >STATE:1492796011,RESOLVE,,,
      2017-04-21 10:33:37 UDPv4 link local (bound): [undef]
      2017-04-21 10:33:37 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,WAIT,,,
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,AUTH,,,
      2017-04-21 10:33:37 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=847f9fd0 be742b78
      2017-04-21 10:33:37 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
      2017-04-21 10:33:37 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
      2017-04-21 10:33:37 TLS_ERROR: BIO read tls_read_plaintext error
      2017-04-21 10:33:37 TLS Error: TLS object -> incoming plaintext read error
      2017-04-21 10:33:37 TLS Error: TLS handshake failed
      2017-04-21 10:33:37 SIGUSR1[soft,tls-error] received, process restarting
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RECONNECTING,tls-error,,
      2017-04-21 10:33:37 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:33:37 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:33:37 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RESOLVE,,,
      2017-04-21 10:33:37 UDPv4 link local (bound): [undef]
      2017-04-21 10:33:37 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,WAIT,,,
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,AUTH,,,
      2017-04-21 10:33:37 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=28bc40ca 82971199
      2017-04-21 10:33:37 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
      2017-04-21 10:33:37 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
      2017-04-21 10:33:37 TLS_ERROR: BIO read tls_read_plaintext error
      2017-04-21 10:33:37 TLS Error: TLS object -> incoming plaintext read error
      2017-04-21 10:33:37 TLS Error: TLS handshake failed
      2017-04-21 10:33:37 SIGUSR1[soft,tls-error] received, process restarting
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RECONNECTING,tls-error,,
      2017-04-21 10:33:37 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:33:37 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:33:37 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RESOLVE,,,
      2017-04-21 10:33:37 UDPv4 link local (bound): [undef]
      2017-04-21 10:33:37 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,WAIT,,,
      2017-04-21 10:33:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:42 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:42 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:46 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:46 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:47 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:47 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:53 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:53 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:54 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:33:54 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:34:09 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:34:09 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:34:10 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:34:10 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
      2017-04-21 10:34:37 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      2017-04-21 10:34:37 TLS Error: TLS handshake failed
      2017-04-21 10:34:37 SIGUSR1[soft,tls-error] received, process restarting
      2017-04-21 10:34:37 MANAGEMENT: >STATE:1492796077,RECONNECTING,tls-error,,
      2017-04-21 10:34:37 MANAGEMENT: CMD 'hold release'
      2017-04-21 10:34:37 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      2017-04-21 10:34:37 Socket Buffers: R=[196724->196724] S=[9216->9216]
      2017-04-21 10:34:37 MANAGEMENT: >STATE:1492796077,RESOLVE,,,
      2017-04-21 10:34:41 *Tunnelblick: Disconnecting; notification window disconnect button pressed
      2017-04-21 10:34:41 *Tunnelblick: No 'pre-disconnect.sh' script to execute
      2017-04-21 10:34:41 *Tunnelblick: Disconnecting using 'kill'
      2017-04-21 10:34:43 UDPv4 link local (bound): [undef]
      2017-04-21 10:34:43 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
      2017-04-21 10:34:43 SIGTERM[hard,init_instance] received, process exiting
      2017-04-21 10:34:43 MANAGEMENT: >STATE:1492796083,EXITING,init_instance,,
      2017-04-21 10:34:44 *Tunnelblick: No 'post-disconnect.sh' script to execute
      2017-04-21 10:34:44 *Tunnelblick: Expected disconnection occurred.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well you have the wrong cert type for starters
        "unsupported certificate purpose"

        Did you set this up with wizard, the wizard prevents you from using the wrong cert - you need server cert.  Look in your cert manager does it list the cert your using as server?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mkyb14
          last edited by

          for this last instance, with the logs no.  I started with creating them manually following a video and documentation.  I will delete everything, start with the wizard again and make sure.  take me 5 minutes.

          1 Reply Last reply Reply Quote 0
          • M
            mkyb14
            last edited by

            ok. deleted server config, firewall rules, certs.

            ran wizard, created certs, went to the user added the existing cert to that name.  exported the visa.bundle and archive.  tested tunnel blick again and get a TLS error.

            Had this in the past too, double checked all my settings and passwords etc.

            2017-04-21 11:11:07 *Tunnelblick: Established communication with OpenVPN
            2017-04-21 11:11:07 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
            2017-04-21 11:11:07 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
            2017-04-21 11:11:07 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
            2017-04-21 11:11:07 Need hold release from management interface, waiting…
            2017-04-21 11:11:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
            2017-04-21 11:11:07 MANAGEMENT: CMD 'pid'
            2017-04-21 11:11:07 MANAGEMENT: CMD 'state on'
            2017-04-21 11:11:07 MANAGEMENT: CMD 'state'
            2017-04-21 11:11:07 MANAGEMENT: CMD 'bytecount 1'
            2017-04-21 11:11:07 MANAGEMENT: CMD 'hold release'
            2017-04-21 11:11:07 *Tunnelblick: openvpnstart starting OpenVPN
            2017-04-21 11:11:13 MANAGEMENT: CMD 'username "Auth" "mkyb14"'
            2017-04-21 11:11:13 MANAGEMENT: CMD 'password […]'
            2017-04-21 11:11:13 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
            2017-04-21 11:11:18 MANAGEMENT: CMD 'password […]'
            2017-04-21 11:11:18 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
            2017-04-21 11:11:18 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
            2017-04-21 11:11:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
            2017-04-21 11:11:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
            2017-04-21 11:11:18 Socket Buffers: R=[196724->196724] S=[9216->9216]
            2017-04-21 11:11:18 MANAGEMENT: >STATE:1492798278,RESOLVE,,,
            2017-04-21 11:11:18 UDPv4 link local (bound): [undef]
            2017-04-21 11:11:18 UDPv4 link remote: [AF_INET]ipAddrHidden:31000
            2017-04-21 11:11:18 MANAGEMENT: >STATE:1492798278,WAIT,,,
            2017-04-21 11:11:18 MANAGEMENT: >STATE:1492798278,AUTH,,,
            2017-04-21 11:11:18 TLS: Initial packet from [AF_INET]ipAddrHidden:31000, sid=2601affd 9235c435
            2017-04-21 11:11:18 VERIFY OK: depth=1, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_CA
            2017-04-21 11:11:18 VERIFY OK: nsCertType=SERVER
            2017-04-21 11:11:18 VERIFY X509NAME OK: C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
            2017-04-21 11:11:18 VERIFY OK: depth=0, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
            2017-04-21 11:12:18 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
            2017-04-21 11:12:18 TLS Error: TLS handshake failed
            2017-04-21 11:12:18 SIGUSR1[soft,tls-error] received, process restarting
            2017-04-21 11:12:18 MANAGEMENT: >STATE:1492798338,RECONNECTING,tls-error,,
            2017-04-21 11:12:18 MANAGEMENT: CMD 'hold release'
            2017-04-21 11:12:18 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
            2017-04-21 11:12:18 Socket Buffers: R=[196724->196724] S=[9216->9216]
            2017-04-21 11:12:18 MANAGEMENT: >STATE:1492798338,RESOLVE,,,
            2017-04-21 11:12:19 UDPv4 link local (bound): [undef]
            2017-04-21 11:12:19 UDPv4 link remote: [AF_INET]ipAddrHidden:31000
            2017-04-21 11:12:19 MANAGEMENT: >STATE:1492798339,WAIT,,,
            2017-04-21 11:12:19 MANAGEMENT: >STATE:1492798339,AUTH,,,
            2017-04-21 11:12:19 TLS: Initial packet from [AF_INET]ipAddrHidden:31000, sid=1272a2b0 341bc086
            2017-04-21 11:12:19 VERIFY OK: depth=1, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_CA
            2017-04-21 11:12:19 VERIFY OK: nsCertType=SERVER
            2017-04-21 11:12:19 VERIFY X509NAME OK: C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
            2017-04-21 11:12:19 VERIFY OK: depth=0, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
            2017-04-21 11:12:26 *Tunnelblick: Disconnecting; notification window disconnect button pressed
            2017-04-21 11:12:26 *Tunnelblick: No 'pre-disconnect.sh' script to execute
            2017-04-21 11:12:26 *Tunnelblick: Disconnecting using 'kill'
            2017-04-21 11:12:26 event_wait : Interrupted system call (code=4)
            2017-04-21 11:12:26 SIGTERM[hard,] received, process exiting
            2017-04-21 11:12:26 MANAGEMENT: >STATE:1492798346,EXITING,SIGTERM,,
            2017-04-21 11:12:27 *Tunnelblick: No 'post-disconnect.sh' script to execute
            2017-04-21 11:12:27 *Tunnelblick: Expected disconnection occurred.

            1 Reply Last reply Reply Quote 0
            • M
              mkyb14
              last edited by

              Double and triple checked everything, seems to be setup correctly based on numerous videos, tutorials just using a different port.
              Also tried TCP vs UDP, still doesn't connect.

              Any other thoughts?

              Internet is COX, modem set in bridge mode to pass through to proxmox, pfsense VM.

              1 Reply Last reply Reply Quote 0
              • I
                isolatedvirus
                last edited by

                @mkyb14:

                Double and triple checked everything, seems to be setup correctly based on numerous videos, tutorials just using a different port.
                Also tried TCP vs UDP, still doesn't connect.

                Any other thoughts?

                Internet is COX, modem set in bridge mode to pass through to proxmox, pfsense VM.

                disable tls verify

                Edit:
                by tls verify, i meant TLS Authenticaion of packets. its not needed and can cause issues more times than not.

                1 Reply Last reply Reply Quote 0
                • M
                  mkyb14
                  last edited by

                  Unchecked TLS Auth on the Openvpn servers tab, re downloaded the config to a laptop and android phone, still no connection.

                  Log from TunnelBlick OS X

                  2017-04-26 08:37:57 *Tunnelblick: Established communication with OpenVPN
                  2017-04-26 08:37:57 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
                  2017-04-26 08:37:57 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
                  2017-04-26 08:37:57 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
                  2017-04-26 08:37:57 Need hold release from management interface, waiting…
                  2017-04-26 08:37:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
                  2017-04-26 08:37:57 MANAGEMENT: CMD 'pid'
                  2017-04-26 08:37:57 MANAGEMENT: CMD 'state on'
                  2017-04-26 08:37:57 MANAGEMENT: CMD 'state'
                  2017-04-26 08:37:57 MANAGEMENT: CMD 'bytecount 1'
                  2017-04-26 08:37:57 MANAGEMENT: CMD 'hold release'
                  2017-04-26 08:37:57 *Tunnelblick: openvpnstart starting OpenVPN
                  2017-04-26 08:38:07 MANAGEMENT: CMD 'username "Auth" "mkyb14"'
                  2017-04-26 08:38:07 MANAGEMENT: CMD 'password […]'
                  2017-04-26 08:38:07 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
                  2017-04-26 08:38:07 Socket Buffers: R=[196724->196724] S=[9216->9216]
                  2017-04-26 08:38:07 MANAGEMENT: >STATE:1493221087,RESOLVE,,,
                  2017-04-26 08:38:07 UDPv4 link local (bound): [undef]
                  2017-04-26 08:38:07 UDPv4 link remote: [AF_INET]IPADDRESS:31000
                  2017-04-26 08:38:07 MANAGEMENT: >STATE:1493221087,WAIT,,,
                  2017-04-26 08:39:07 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                  2017-04-26 08:39:07 TLS Error: TLS handshake failed
                  2017-04-26 08:39:07 SIGUSR1[soft,tls-error] received, process restarting
                  2017-04-26 08:39:07 MANAGEMENT: >STATE:1493221147,RECONNECTING,tls-error,,
                  2017-04-26 08:39:07 MANAGEMENT: CMD 'hold release'
                  2017-04-26 08:39:07 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
                  2017-04-26 08:39:07 Socket Buffers: R=[196724->196724] S=[9216->9216]
                  2017-04-26 08:39:07 MANAGEMENT: >STATE:1493221147,RESOLVE,,,
                  2017-04-26 08:39:08 UDPv4 link local (bound): [undef]
                  2017-04-26 08:39:08 UDPv4 link remote: [AF_INET]IPADDRESS:31000
                  2017-04-26 08:39:08 MANAGEMENT: >STATE:1493221148,WAIT,,,

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    "2017-04-21 11:12:18 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"

                    Seems to me your not actually making a connection..

                    What dos the server log show?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • M
                      mkyb14
                      last edited by

                      Whats odd is it's not showing anything as of two days ago before I turned off TLS.

                      I can do this all over again and delete the config and ports that the wizard created.

                      Status>System Logs > OpenVPN
                      https://drive.google.com/open?id=0B15p4ppbxdipUWRIVTBWbVYxX0k

                      1 Reply Last reply Reply Quote 0
                      • M
                        mkyb14
                        last edited by

                        I'm a dunce, plain and simple….

                        deleted everything again, no crazy port number etc.  what I was doing wrong was the wrong android client during the export... was choosing openvpn connect and using a similarly named app in the google play store... realized this when I went back to square 0 and deleted everything off every device I had tried... realized the interface was different and noticed i was using two different apps.

                        needless to say, it works now.  icon in the play store is even the same..... OpenVPN Connect vs OpenVPN Connect for Android (two diff companies)

                        TLDR; read, re-read instructions, follow names explicitly.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.