TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
-
Ok
My client (w10 x64) is connected to my cell phone with the ip adress : 192.168.43.39/24
And here more informations concerning the architecture :
box : 192.168.0.254
|
|
WAN1FREE : 192.168.0.50/24
The tunnel network : 10.0.8.0/24
LAN : 192.168.1.3/24
|
|
.... -
And again what does his wan IP being static have to do with a forward? His test box is on 192.168.0 along with his pfsense wan?
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
my cell phone with the ip adress : 192.168.43.39/24
Huh??? Dude that is never going to work!!! How is some device out on the public internet?? Behind a Carrier grade nat going to get to a rfc1918 address? Your pfsense wan IP.. Is your cell phone on some wifi network that is routed to this 192.168.0 network??
Draw up where your cell phone is connecting and what this 192.168.0.254 box is???
-
@johnpoz
If his pfSense is in a private network, but his WAN is a public address, there is obviously a router in front of it.
I didn't realize that's a test environment with private networks. -
@viragomann said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
@johnpoz
If his pfSense is in a private network, but his WAN is a public address, there is obviously a router in front of it.
I didn't realize that's a test environment with private networks.Sorry maybe i wasn't enought accurate,
I just want to create a vpn access to my network and i want to give access from the outside. (i pretty new in network configuration, i'm learning)
I just want to test and configure a vpn so i just link my computerWhen i plug my computer to my box it works i can go to my network now.
But i just try to share my cell phone to my computer and it doesn't works.
-
Confused to what this box is? Its some router - where is its internet connection?
If your on the internet you can not connect to some rfc1918 address. You would have to connect to a public IP, which you could forward into pfsense sure.
-
Yes it's a router, this box give a internet and have a public ip adresse.
-
i just try from my home and i can't connect to the vpn i don't understand.
-
If your on the internet how do you think you can connect to some rfc1918 address 192.168.x.x ??
When you create your export you need to put in your PUBLIC IP.. ie your ISP public IP, and the port your using for openvpn would have to be forwarded to pfsense IP.
-
@johnpoz said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
When you create your export you need to put in your PUBLIC IP.. ie your ISP public IP, and the port your using for openvpn would have to be forwarded to pfsense IP.
-
BTW "box" is not a good term for your router ;)
Normally box wold refer to a end device, computer, iot, dvr, etc. Not a router doing nat ;)... Maybe if you would of called it your ISP box ;)
-
@johnpoz said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
When you create your export you need to put in your PUBLIC IP.. ie your ISP public IP, and the port your using for openvpn would have to be forwarded to pfsense IP.
Thank you for the reply : what is isp public ip, is it the public ip ?
Could you tell me how to do that please ?So sorry in france we call the router that give us internet : box.
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
in france we call the router that give us internet : box.
I'm using the same "box" (Livebox pro from Orange) as my up-stream "ISP router".
I set it's LAN IP to 192.168.10.1/24, handing over to pfSense an rfc1918 address like 192.168.**10.**9
192.168.10.9 is my pfSense WAN IP - this means that "Block private networks and loopback addresses" shouldn't be checked on the pfSense WAN interface settings page.
This is a typical router-after-router setup, quiet commn these days.To make the VPN work : you have to add a NAT rule in your "ISP BOX/router" the VPN port, probably 1194 to the connected device called "pfSense", like :
Your real WAN IP is https://whatismyipaddress.com/fr/mon-ip
-
hello Gertjan,
Thank you for the reply.
I just add a nat rule to my free box but nothing change.
And if i understand i can connect to my local network because i don't use the good ip ?
in my configuration i've got : 192.168.0.50 1194 udp should i modify it and add my private ip ?Here you can find the client configuration :
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote 192.168.0.50 1194 udp
auth-user-pass
ca pfSense-UDP4-1194-ca.crt
tls-auth pfSense-UDP4-1194-tls.key 1
remote-cert-tls serverand my free nat
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
remote 192.168.0.50 1194 udp
That is a private IP and you can not talk to it from the internet.. What is your public IP?? Search whats my IP in google for gosh sake..
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
remote 192.168.0.50 1194 udp
Is this apart of the config of a client, that lives some where on the net ?
In that case, it should be your WAN IP : this one : https://whatismyipaddress.com/fr/mon-ipYour FreeBox seems well NATted to me.
This rule is needed of course, because by default, every incoming connection from "the world" will be blocked by default by any ISP-router (firewall) (your FreeBox).Now, incoming connections from anywhere (== the world or WAN) on port 1194, protocol UDP, will be directed to the IP used by pfSense, port 1194. If on pfSense the VPN is running, and you used the pfSense VPN Wizard, a rule on the WAN interface of pfSense has been created that looks like this :
-
Problem solved.
I 'm so sorry to be so stupid i was focus on my local network and forgot the client configuration and change the ip --'
I put my public ip and all work fine now.Thank a lot all for your help.
Have a great day (i't my bithday today :p = 30yo)
