Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OVPN Server, can't get it up and running..

    OpenVPN
    2
    3
    1398
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      larza last edited by

      Hi,

      Im pretty new to this, as will be obvious when you start reading my post. :)

      So, I used to have a working setup with my pfsense router setup as a client to a vpn host with a static IP. I also setup a openvpn sevrer using the client interface, so that I could always use my static IP. However, a few weeks back it just stopped working, ive tried everything without success, even reinstalled pfsense now to start from scratch. Will probably end up with an easy fix and my that my time has been wasted. ;)

      Right now trying to connect to the server I keep getting the error:

      Jun 3 23:19:27    openvpn    93140    2.150.33.xx:2099 TLS Error: TLS handshake failed
      Jun 3 23:19:27    openvpn    93140    2.150.33.xx:2099 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

      So, the client does reach my server on port 1194 (thats what the server is configured to) but after this it fails. When I turn up the  Verbosity level  I see a lot of things going in, so data seems to be transfered from client to server, not sure what is relevant though.

      Jun 3 23:27:04    openvpn    48044    I/O WAIT TR|Tw|SR|Sw [1/24087]
      Jun 3 23:27:04    openvpn    48044    PO_CTL rwflags=0x0001 ev=5 arg=0x00692588
      Jun 3 23:27:04    openvpn    48044    PO_CTL rwflags=0x0001 ev=7 arg=0x00692584
      Jun 3 23:27:04    openvpn    48044    PO_CTL rwflags=0x0001 ev=6 arg=0x00693720
      Jun 3 23:27:04    openvpn    48044    SCHEDULE: schedule_find_least wakeup=[Fri Jun 3 23:27:06 2016 us=23012] pri=1165868124
      Jun 3 23:27:04    openvpn    48044    2.150.xx.xx:2099 SCHEDULE: schedule_add_modify wakeup=[Fri Jun 3 23:27:06 2016 us=23012] pri=625400304
      Jun 3 23:27:04    openvpn    48044    2.150.xx.xx:2099 TIMER: coarse timer wakeup 1 seconds
      Jun 3 23:27:04    openvpn    48044    MULTI: REAP range 144 -> 160
      Jun 3 23:27:04    openvpn    48044    I/O WAIT status=0x0020
      Jun 3 23:27:04    openvpn    48044    event_wait returned 0

      The firewall log doesn´t indicate that anything related to my source IP or the ports are blocked.

      Any suggestions on how to move forward on this?

      Thanks in advance!

      Update:
      Some more info about server config :

      -Remote access ssl/TLS + user auth
      -UDP
      -tun
      -port 1194

      And forgot to mention the vital part.. I can connect to the vpn server if I'm on the same LAN. So I guess that means that the CAs and cert are ok.. Some issue with routing..

      Update 2:

      Ok.. So I might have identified a potential cause..

      The VPN provider I'm using for my static IP close all incoming ports as default, I can then open up ports, so 1194 is open and the first communication is fine, then all of a sudden another port is used and tls fails. Can't figure out how to specify this port and it seems to differ. Looking at my log at the moment it's 18780,next 18766.

      I've tried adding rport and lport to the config file, but other ports are still used.

      At client export there's a option to use random port, however when unchecking this there's no option to choose port.

      Anyone?

      1 Reply Last reply Reply Quote 0
      • X
        XmickS last edited by

        Which VPN provider are you using? When using PIA, for instace, you have to Disable authentication of TLS packets. Maybe thats whats wrong.

        1 Reply Last reply Reply Quote 0
        • L
          larza last edited by

          The client is working just fine. I can't access my vpn server through the client interface.

          But you mean that it could be issues with sending tls packages within the client interface to my own vpn server?

          Still don't get why the traffic goes over random ports.. If I only could get it to use specific ports..

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy