OPEN VPN Works for some user and other nor
-
Hi there,
I need your help in this case.
Can't identify the source of this issue. It seem like the provider is blocking something but TCP and UDP connections are tested and work just fine.Here are the logs from the OPENVPN client when it's not working
Tue Dec 31 12:08:42 2019 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016 Tue Dec 31 12:08:42 2019 Windows version 6.2 (Windows 8 or greater) 64bit Tue Dec 31 12:08:42 2019 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09 Enter Management Password: Tue Dec 31 12:08:54 2019 Control Channel Authentication: using 'X-udp-80-tls.key' as a OpenVPN static key file Tue Dec 31 12:08:54 2019 UDPv4 link local (bound): [undef] Tue Dec 31 12:08:54 2019 UDPv4 link remote: [AF_INET]X:80
And here when it works
Tue Dec 31 12:08:42 2019 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016 Tue Dec 31 12:08:42 2019 Windows version 6.2 (Windows 8 or greater) 64bit Tue Dec 31 12:08:42 2019 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09 Enter Management Password: Tue Dec 31 12:08:54 2019 Control Channel Authentication: using 'X-udp-80-tls.key' as a OpenVPN static key file Tue Dec 31 12:08:54 2019 UDPv4 link local (bound): [undef] Tue Dec 31 12:08:54 2019 UDPv4 link remote: [AF_INET]X:80 Tue Dec 31 12:08:54 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Dec 31 12:08:54 2019 [AMA_PFSIXN_srvcert] Peer Connection Initiated with [AF_INET]X:80 Tue Dec 31 12:08:57 2019 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Dec 31 12:08:57 2019 open_tun, tt->ipv6=0 Tue Dec 31 12:08:57 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{54B48507-1CE7-44F8-BCAD-1863C6C4FD26}.tap Tue Dec 31 12:08:57 2019 Set TAP-Windows TUN subnet mode network/local/netmask = X/X/255.255.255.0 [SUCCEEDED] Tue Dec 31 12:08:57 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of X/255.255.255.0 on interface {54B48507-1CE7-44F8-BCAD-1863C6C4FD26} [DHCP-serv: X, lease-time: 31536000] Tue Dec 31 12:08:57 2019 Successful ARP Flush on interface [49] {54B48507-1CE7-44F8-BCAD-1863C6C4FD26} Tue Dec 31 12:09:02 2019 Initialization Sequence Completed Tue Dec 31 12:09:02 2019 Start net commands... Tue Dec 31 12:09:02 2019 C:\Windows\system32\net.exe stop dnscache Tue Dec 31 12:09:02 2019 ERROR: Windows ipconfig command failed: returned error code 2 Tue Dec 31 12:09:02 2019 C:\Windows\system32\net.exe start dnscache Tue Dec 31 12:09:02 2019 ERROR: Windows ipconfig command failed: returned error code 2 Tue Dec 31 12:09:02 2019 C:\Windows\system32\ipconfig.exe /flushdns Tue Dec 31 12:09:02 2019 C:\Windows\system32\ipconfig.exe /registerdns Tue Dec 31 12:09:05 2019 End net commands...
and here are the pcap files From the PFSense
When it don't work
When it does work
A man need help.
A man is In front of the wall.RegardsSangomab -
Uninstall your 4 year old OpenVPN 2.3.11, Reboot and install the latest OpenVPN 2.4.8
-Rico
-
@Rico first thank you for your reply :)
Is this can be the source of the issue or you see the version and that's all ?
because in my position the upgrade of the openvpn will take time so ?? if it's a general issue for this version please send me logs of it. Perhaps find with me the logic in this logs -
Yes your Logs look like a possible client problem to me.
We had a lot of issues with 2.3.X and Windows 10, since 2.4 everything is smooth.
And because of the "interactive service" they use since OpenVPN 2.4 you definitely want it because your Users don't need admin rights (or any weird hacks) to run OpenVPN. Install it with admin rights and then it works just out of the Box for your users.-Rico
-
i return to you after the update of openvpn and the openvpn client explorer to the last version in PFsense.
it's seen like the most of the issues are solved but i have some users with this errorsomething with the TLS Error
i already googled it and i found this openvpn solutionit's one of these issues:
- A perimeter firewall: it's a home connection no firewalls or other network device ( no provider issue either cause i tested with mobile data and my own WAN provider )
- A NAT gateway on the server's network does not have a port forward rule for TCP/UDP 1194 : it's directly using the PFSense interface for authentication and i have many others clients working
- The OpenVPN client config does not have the correct server address : it's the right one
- Another possible cause is that the windows firewall is blocking access: i disable it for test reason and that's the same
Any idea about this issue
thank youSangomab -
@Rico any idea ?
-
Sniff traffic on the pfSense side to check if the client can even hit your OpenVPN server.
-Rico