OVPN Server, can't get it up and running..



  • Hi,

    Im pretty new to this, as will be obvious when you start reading my post. :)

    So, I used to have a working setup with my pfsense router setup as a client to a vpn host with a static IP. I also setup a openvpn sevrer using the client interface, so that I could always use my static IP. However, a few weeks back it just stopped working, ive tried everything without success, even reinstalled pfsense now to start from scratch. Will probably end up with an easy fix and my that my time has been wasted. ;)

    Right now trying to connect to the server I keep getting the error:

    Jun 3 23:19:27    openvpn    93140    2.150.33.xx:2099 TLS Error: TLS handshake failed
    Jun 3 23:19:27    openvpn    93140    2.150.33.xx:2099 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

    So, the client does reach my server on port 1194 (thats what the server is configured to) but after this it fails. When I turn up the  Verbosity level  I see a lot of things going in, so data seems to be transfered from client to server, not sure what is relevant though.

    Jun 3 23:27:04    openvpn    48044    I/O WAIT TR|Tw|SR|Sw [1/24087]
    Jun 3 23:27:04    openvpn    48044    PO_CTL rwflags=0x0001 ev=5 arg=0x00692588
    Jun 3 23:27:04    openvpn    48044    PO_CTL rwflags=0x0001 ev=7 arg=0x00692584
    Jun 3 23:27:04    openvpn    48044    PO_CTL rwflags=0x0001 ev=6 arg=0x00693720
    Jun 3 23:27:04    openvpn    48044    SCHEDULE: schedule_find_least wakeup=[Fri Jun 3 23:27:06 2016 us=23012] pri=1165868124
    Jun 3 23:27:04    openvpn    48044    2.150.xx.xx:2099 SCHEDULE: schedule_add_modify wakeup=[Fri Jun 3 23:27:06 2016 us=23012] pri=625400304
    Jun 3 23:27:04    openvpn    48044    2.150.xx.xx:2099 TIMER: coarse timer wakeup 1 seconds
    Jun 3 23:27:04    openvpn    48044    MULTI: REAP range 144 -> 160
    Jun 3 23:27:04    openvpn    48044    I/O WAIT status=0x0020
    Jun 3 23:27:04    openvpn    48044    event_wait returned 0

    The firewall log doesn´t indicate that anything related to my source IP or the ports are blocked.

    Any suggestions on how to move forward on this?

    Thanks in advance!

    Update:
    Some more info about server config :

    -Remote access ssl/TLS + user auth
    -UDP
    -tun
    -port 1194

    And forgot to mention the vital part.. I can connect to the vpn server if I'm on the same LAN. So I guess that means that the CAs and cert are ok.. Some issue with routing..

    Update 2:

    Ok.. So I might have identified a potential cause..

    The VPN provider I'm using for my static IP close all incoming ports as default, I can then open up ports, so 1194 is open and the first communication is fine, then all of a sudden another port is used and tls fails. Can't figure out how to specify this port and it seems to differ. Looking at my log at the moment it's 18780,next 18766.

    I've tried adding rport and lport to the config file, but other ports are still used.

    At client export there's a option to use random port, however when unchecking this there's no option to choose port.

    Anyone?



  • Which VPN provider are you using? When using PIA, for instace, you have to Disable authentication of TLS packets. Maybe thats whats wrong.



  • The client is working just fine. I can't access my vpn server through the client interface.

    But you mean that it could be issues with sending tls packages within the client interface to my own vpn server?

    Still don't get why the traffic goes over random ports.. If I only could get it to use specific ports..


Log in to reply