file xxxxx.ovpn
-
hello,
i can't connect. Here is my firewall rule.is there something false?
Thanks
ThierryReload status
Initializing
Creating aliases
Creating gateway group item...
Generating Limiter rules
Generating NAT rules
Creating 1:1 rules...
Creating outbound NAT rules
Creating automatic outbound rules
Setting up TFTP helper
Generating filter rules
Creating default rules
Pre-caching OpenVPN OpenVPN-Server-Information wizard...
Creating filter rule OpenVPN OpenVPN-Server-Information wizard ...
Creating filter rules OpenVPN OpenVPN-Server-Information wizard ...
Setting up pass/block rules
Setting up pass/block rules OpenVPN OpenVPN-Server-Information wizard
Creating rule OpenVPN OpenVPN-Server-Information wizard
Pre-caching Default allow LAN to any rule...
Creating filter rule Default allow LAN to any rule ...
Creating filter rules Default allow LAN to any rule ...
Setting up pass/block rules
Setting up pass/block rules Default allow LAN to any rule
Creating rule Default allow LAN to any rule
Pre-caching OpenVPN OpenVPN-Server-Information wizard...
Creating filter rule OpenVPN OpenVPN-Server-Information wizard ...
Creating filter rules OpenVPN OpenVPN-Server-Information wizard ...
Setting up pass/block rules
Setting up pass/block rules OpenVPN OpenVPN-Server-Information wizard
Creating rule OpenVPN OpenVPN-Server-Information wizard
Creating IPsec rules...
Creating uPNP rules...
Generating ALTQ queues
Loading filter rules
Setting up logging information
Setting up SCRUB information
Processing down interface states
Running plugins
Done -
i have also this :
Mar 10 16:11:25 WAN Default deny rule IPv4 (1000000103) 192.168.1.254:138 192.168.1.255:138 UDPthanks for your help
Thierry -
Those are not the OpenVPN logs from the OpenVPN tab.
If you're seeing that traffic blocked on your WAN then is the WAN interface in the 192.168.1.X subnet?
If it is then it's behind another router and that will need to have port 1194 forwarded through it.
In addition that would conflict with the default LAN subnet if you have one configured.
Steve
-
my pfSense computer is connected to my LAN at address 192.168.0.1 and connected to my WAN ADSL box at 192.168.1.30
this box is connected to internet at 82.xxx.xxx.xxx -
Ok so do you have port 1194 forwarded through the ADSL router to pfSense?
Without that the ADSL router will just block all the traffic from your OpenVPN client.
Steve
-
i have set up redirection but i have always the error at connection :
openvpn --config xxxxxxx.ovpn
Mon Mar 11 16:55:02 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]82.240.100.49:1194
Mon Mar 11 16:55:02 2019 UDP link local (bound): [AF_INET][undef]:1194
Mon Mar 11 16:55:02 2019 UDP link remote: [AF_INET]82.240.100.49:1194
Mon Mar 11 16:56:02 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Mar 11 16:56:02 2019 TLS Error: TLS handshake failed
Mon Mar 11 16:56:02 2019 SIGUSR1[soft,tls-error] received, process restarting -
Packet Capture pfSense WAN to check if the OpenVPN traffic hit pfSense or not: https://forum.netgate.com/topic/140842/openvpn-without-wan-vpn-provider/4
-Rico
-
Yes, your client is just showing the connection times out. It never sees and reply from the server.
Most likely that traffic is never reaching the server.
Steve
-
here is my connexion:
[root@dell-centos pfSense]# openvpn --config pfSense-UDP4-1194-UserVPN-config.ovpn
Tue Mar 12 11:31:45 2019 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Tue Mar 12 11:31:45 2019 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Tue Mar 12 11:31:45 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]82.240.100.49:1194
Tue Mar 12 11:31:45 2019 UDP link local (bound): [AF_INET][undef]:1194
Tue Mar 12 11:31:45 2019 UDP link remote: [AF_INET]82.240.100.49:1194
Tue Mar 12 11:31:46 2019 [Server-Certificate] Peer Connection Initiated with [AF_INET]82.240.100.49:1194
Tue Mar 12 11:31:47 2019 TUN/TAP device tun0 opened
Tue Mar 12 11:31:47 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Mar 12 11:31:47 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 12 11:31:47 2019 /sbin/ip addr add dev tun0 10.0.8.2/24 broadcast 10.0.8.255
Tue Mar 12 11:31:47 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 12 11:31:47 2019 Initialization Sequence CompletedHe He, it's seeming to work!!!
Thanks for your help -
And what did you change to get it working?
-Rico
-
This post is deleted! -
it was the redirection port on my ADSL router
-
Cool, glad you got it working.
Steve
