file xxxxx.ovpn
-
The only saving grace here is that it looks like the server is not listening.
So once you have changed your TLS key and removed and re-issued the user/server certs for good measure check that you have a firewall rule on WAN to allow the traffic.
Check the logs at the server end.
Steve
-
do i must recreate a new TLS Key on the server? and put it on the client screen?
how can i send you my firewall rules on wan ? -
Yes, I would remove the server and start over. New key, new certs etc.
If you ran the OpenVPN wizard to create the RA server it would normally add a firewall rule to pass that traffic. That is shown on the Firewall > Rules > WAN tab screen.
The client was seeing no response at all from the server so either the traffic was blocked and never reached the server or the server couldn't or wouldn't respond. The logs from the server end would show that.
Steve
-
how can i read the servers logs? how can i send you the firewalls rules?
thanks -
Take a screen shot of that tab on the firewall rule and upload it here.
If you re-run the wizard though there it will offer to add the correct rules.Look in Status > System Logs > OpenVPN tab.
That will show you logs for all the OpenVPN instances on the firewall but if you only have the one RA server then that's what you'll see. Look for entries showing the client trying to connect and if they are there look for errors showing why it refused the connection.Steve
-
hello,
i can't connect. Here is my firewall rule.is there something false?
Thanks
ThierryReload status
Initializing
Creating aliases
Creating gateway group item...
Generating Limiter rules
Generating NAT rules
Creating 1:1 rules...
Creating outbound NAT rules
Creating automatic outbound rules
Setting up TFTP helper
Generating filter rules
Creating default rules
Pre-caching OpenVPN OpenVPN-Server-Information wizard...
Creating filter rule OpenVPN OpenVPN-Server-Information wizard ...
Creating filter rules OpenVPN OpenVPN-Server-Information wizard ...
Setting up pass/block rules
Setting up pass/block rules OpenVPN OpenVPN-Server-Information wizard
Creating rule OpenVPN OpenVPN-Server-Information wizard
Pre-caching Default allow LAN to any rule...
Creating filter rule Default allow LAN to any rule ...
Creating filter rules Default allow LAN to any rule ...
Setting up pass/block rules
Setting up pass/block rules Default allow LAN to any rule
Creating rule Default allow LAN to any rule
Pre-caching OpenVPN OpenVPN-Server-Information wizard...
Creating filter rule OpenVPN OpenVPN-Server-Information wizard ...
Creating filter rules OpenVPN OpenVPN-Server-Information wizard ...
Setting up pass/block rules
Setting up pass/block rules OpenVPN OpenVPN-Server-Information wizard
Creating rule OpenVPN OpenVPN-Server-Information wizard
Creating IPsec rules...
Creating uPNP rules...
Generating ALTQ queues
Loading filter rules
Setting up logging information
Setting up SCRUB information
Processing down interface states
Running plugins
Done -
i have also this :
Mar 10 16:11:25 WAN Default deny rule IPv4 (1000000103) 192.168.1.254:138 192.168.1.255:138 UDPthanks for your help
Thierry -
Those are not the OpenVPN logs from the OpenVPN tab.
If you're seeing that traffic blocked on your WAN then is the WAN interface in the 192.168.1.X subnet?
If it is then it's behind another router and that will need to have port 1194 forwarded through it.
In addition that would conflict with the default LAN subnet if you have one configured.
Steve
-
my pfSense computer is connected to my LAN at address 192.168.0.1 and connected to my WAN ADSL box at 192.168.1.30
this box is connected to internet at 82.xxx.xxx.xxx -
Ok so do you have port 1194 forwarded through the ADSL router to pfSense?
Without that the ADSL router will just block all the traffic from your OpenVPN client.
Steve
-
i have set up redirection but i have always the error at connection :
openvpn --config xxxxxxx.ovpn
Mon Mar 11 16:55:02 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]82.240.100.49:1194
Mon Mar 11 16:55:02 2019 UDP link local (bound): [AF_INET][undef]:1194
Mon Mar 11 16:55:02 2019 UDP link remote: [AF_INET]82.240.100.49:1194
Mon Mar 11 16:56:02 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Mar 11 16:56:02 2019 TLS Error: TLS handshake failed
Mon Mar 11 16:56:02 2019 SIGUSR1[soft,tls-error] received, process restarting -
Packet Capture pfSense WAN to check if the OpenVPN traffic hit pfSense or not: https://forum.netgate.com/topic/140842/openvpn-without-wan-vpn-provider/4
-Rico
-
Yes, your client is just showing the connection times out. It never sees and reply from the server.
Most likely that traffic is never reaching the server.
Steve
-
here is my connexion:
[root@dell-centos pfSense]# openvpn --config pfSense-UDP4-1194-UserVPN-config.ovpn
Tue Mar 12 11:31:45 2019 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Tue Mar 12 11:31:45 2019 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Tue Mar 12 11:31:45 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]82.240.100.49:1194
Tue Mar 12 11:31:45 2019 UDP link local (bound): [AF_INET][undef]:1194
Tue Mar 12 11:31:45 2019 UDP link remote: [AF_INET]82.240.100.49:1194
Tue Mar 12 11:31:46 2019 [Server-Certificate] Peer Connection Initiated with [AF_INET]82.240.100.49:1194
Tue Mar 12 11:31:47 2019 TUN/TAP device tun0 opened
Tue Mar 12 11:31:47 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Mar 12 11:31:47 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 12 11:31:47 2019 /sbin/ip addr add dev tun0 10.0.8.2/24 broadcast 10.0.8.255
Tue Mar 12 11:31:47 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 12 11:31:47 2019 Initialization Sequence CompletedHe He, it's seeming to work!!!
Thanks for your help -
And what did you change to get it working?
-Rico
-
This post is deleted! -
it was the redirection port on my ADSL router
-
Cool, glad you got it working.
Steve
