Issues with OpenVPN

stephenw10

I assume you mean this one:
https://forum.netgate.com/topic/149179/openvpn-remonte-access-througth-dynamic-ip

What exactly is the server behind? What is the wifi box?

Telneting to the port should show nothing as that tests TCP and this is UDP. Where were you testing from? If it was some external IP then something else is responding there.

Steve

koko_adams

@stephenw10

Thanks you for your reply

Well , the wifi box is like a router , we have a sim card , i insert this sim card in this router , the router work lika a access point with Dynamic IP

I can't identify the error , i test my configuration with a static IP public (with Cisco router) and with the same configuration with a an author Pfsense , but It's not working

stephenw10

The celluar router device gives you a public IP? They often do not.

koko_adams

@stephenw10

yes , 165.51.232.XXX this is the ip

my pfsense have 3 network card : 1 for lan and 2 for wan (one is plugged and one no)

koko_adams

log file of openvpn client

Wed Dec 25 09:10:55 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]165.51.232.17:1194
Wed Dec 25 09:10:55 2019 UDP link local (bound): [AF_INET][undef]:1194
Wed Dec 25 09:10:55 2019 UDP link remote: [AF_INET]165.51.232.17:1194
Wed Dec 25 09:11:56 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Dec 25 09:11:56 2019 TLS Error: TLS handshake failed
Wed Dec 25 09:11:56 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Dec 25 09:12:01 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]165.51.232.17:1194
Wed Dec 25 09:12:01 2019 UDP link local (bound): [AF_INET][undef]:1194
Wed Dec 25 09:12:01 2019 UDP link remote: [AF_INET]165.51.232.17:1194

koko_adams

The .ovpn user config

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote 165.51.232.17 1194 udp
verify-x509-name "ovpn.local.com" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-ychtourou.p12
tls-auth pfSense-UDP4-1194-ychtourou-tls.key 1
remote-cert-tls server
comp-lzo yes
remote 165.51.232.17 1194 udp

koko_adams

Rico

Did you forward the OpenVPN server port from this Wifi Box to pfSense WAN?

-Rico

lfoerster

Running OVPN-Konfig
Maybe Google Translator is your friend here but just follow the screenshots. They are more of less self explaining.
A must have is the installation of the openvpn-client-export package from the package manager which eases a lot the generation of the client installation file !

stephenw10

Yes, that 165.x.x.x public IP does not appear in the routing table so you are behind the NAT of that cellular router. You will need a port forward in place for that in the cellular router if you cannot pass the public IP to pfSense directly.
You can see on the WAN firewall rules that 0 packets and states have been passed by the UDP 1194 rules. No traffic from the client is reaching pfSense currently.

Steve