Openvpn extracted configuration not working on client

Hoygen83 · Dec 10, 2020, 4:23 PM

Hello, I have setup an openvpn scenario.
During the configuration I always specified to use IPV4.
The guide I followed is quite straightforward:

https://chrislazari.com/pfsense-setting-up-openvpn-on-pfsense-2-4/#:~:text=Creating%20the%20OpenVPN%20Client%20on,Tunnel%20Settings%20and%20Advanced%20Configuration.

I installed openvpn on a client and imported the extracted configuration file.
But when I try to connect I always get those messages:

Thu Dec 10 17:11:24 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Thu Dec 10 17:11:40 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Thu Dec 10 17:11:40 2020 setsockopt(IPV6_V6ONLY=0)
Thu Dec 10 17:11:40 2020 UDPv6 link local (bound): [AF_INET6][undef]:1194
Thu Dec 10 17:11:40 2020 UDPv6 link remote: [AF_UNSPEC]
Thu Dec 10 17:13:40 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Dec 10 17:13:40 2020 SIGUSR1[soft,ping-restart] received, process restarting
Thu Dec 10 17:13:45 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Thu Dec 10 17:13:45 2020 setsockopt(IPV6_V6ONLY=0)
Thu Dec 10 17:13:45 2020 UDPv6 link local (bound): [AF_INET6][undef]:1194
Thu Dec 10 17:13:45 2020 UDPv6 link remote: [AF_UNSPEC]
Thu Dec 10 17:15:45 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Dec 10 17:15:45 2020 SIGUSR1[soft,ping-restart] received, process restarting
Thu Dec 10 17:15:50 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Thu Dec 10 17:15:50 2020 setsockopt(IPV6_V6ONLY=0)
Thu Dec 10 17:15:50 2020 UDPv6 link local (bound): [AF_INET6][undef]:1194
Thu Dec 10 17:15:50 2020 UDPv6 link remote: [AF_UNSPEC]

Should I make the configuration file by myself?
Is there a guide for that?
Any help is appreciated.

The configuration file is this:

dev tun
persist-tun
persist-key
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite

verify-x509-name "CERT_VPN_TEST" name
auth-user-pass
pkcs12 pfSense-UDP4-1195-UserForVpn00.p12
tls-auth pfSense-UDP4-1195-UserForVpn00-tls.key 1
remote-cert-tls server

Hoygen83 · Dec 10, 2020, 9:08 PM

I edited a little the configuration and now I have another error.

Thu Dec 10 22:05:43 2020 UDPv4 link remote: [AF_INET]IP ADDRESS:PORT
Thu Dec 10 22:06:43 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Dec 10 22:06:43 2020 TLS Error: TLS handshake failed
Thu Dec 10 22:06:43 2020 SIGUSR1[soft,tls-error] received, process restarting

The peculiar thing I see it is that if I do an IPCONFIG on the windows machine I try to use, the adapters are not working.
Unknown adapter OpenVPN Wintun:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Unknown adapter OpenVPN TAP-Windows6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Hoygen83 · Dec 11, 2020, 8:01 AM

I changed from udpV4 to tcpV4 on both servers and clients.
Is it correct that if I go in Status Openvpn I see this as a status?
🔒 Log in to view
this is the log I get from Openvpn client
2020-12-11 08:51:29 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2020-12-11 08:51:29 Windows version 10.0 (Windows 10 or greater) 64bit
2020-12-11 08:51:29 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2020-12-11 08:51:47 TCP/UDP: Preserving recently used remote address: [AF_INET]PFSENSE_IP_ADDRESS:1195
2020-12-11 08:51:47 Attempting to establish TCP connection with [AF_INET]PFSENSE_IP_ADDRESS:1195 [nonblock]
2020-12-11 08:53:48 TCP: connect to [AF_INET]PFSENSE_IP_ADDRESS:1195 failed: Unknown error
2020-12-11 08:53:48 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2020-12-11 08:53:53 TCP/UDP: Preserving recently used remote address: [AF_INET]PFSENSE_IP_ADDRESS:1195
2020-12-11 08:53:53 Attempting to establish TCP connection with [AF_INET]PFSENSE_IP_ADDRESS:1195 [nonblock]
2020-12-11 08:55:54 TCP: connect to [AF_INET]PFSENSE_IP_ADDRESS:1195 failed: Unknown error
2020-12-11 08:55:54 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2020-12-11 08:55:59 TCP/UDP: Preserving recently used remote address: [AF_INET]PFSENSE_IP_ADDRESS:1195
2020-12-11 08:55:59 Attempting to establish TCP connection with [AF_INET]PFSENSE_IP_ADDRESS:1195 [nonblock]
2020-12-11 08:58:00 TCP: connect to [AF_INET]PFSENSE_IP_ADDRESS:1195 failed: Unknown error
2020-12-11 08:58:00 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2020-12-11 08:58:05 TCP/UDP: Preserving recently used remote address: [AF_INET]PFSENSE_IP_ADDRESS:1195
2020-12-11 08:58:05 Attempting to establish TCP connection with [AF_INET]PFSENSE_IP_ADDRESS:1195 [nonblock]
2020-12-11 08:58:08 SIGTERM[hard,init_instance] received, process exiting

Hoygen83 · Dec 11, 2020, 10:32 AM

I did it all again from scratch and now I am getting this error:
11/12/2020, 11:19:06 Server poll timeout, trying next remote entry...
11/12/2020, 11:19:06 EVENT: RECONNECTING ⏎11/12/2020, 11:19:06 EVENT: RESOLVE ⏎11/12/2020, 11:19:06 EVENT: WAIT ⏎11/12/2020, 11:19:06 WinCommandAgent: transmitting bypass route to PFSENSE_IP_ADDRESS
{
"host" : "PFSENSE_IP_ADDRESS",
"ipv6" : false
}

11/12/2020, 11:19:16 Server poll timeout, trying next remote entry...
11/12/2020, 11:19:16 EVENT: RECONNECTING
11/12/2020, 11:19:16 EVENT:
RESOLVE 11/12/2020, 11:19:16 EVENT: WAIT
11/12/2020, 11:19:16 WinCommandAgent: transmitting bypass route to PFSENSE_IP_ADDRESS
{
"host" : "PFSENSE_IP_ADDRESS",
"ipv6" : false
}

Hoygen83 · Dec 11, 2020, 11:42 AM

I found out the issue:
checking in system logs openvpn there was this error:
Options error: --server directive when used with --dev tun must define a subnet of 255.255.255.248 (/29) or lower
corrected in vpn--openvpn--server--edit
now I have other errors but at least they are not unknown.