OpenVPN issues after upgrading to 2.3.2_1



  • Hey Guys,

    Recently I upgraded my pfsense 2.3.1 to 2.3.2 and I can't connect to my OpenVPN anymore. I used the SSL/TLS+User Auth Server Mode.  And I'm getting this error on the client side "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)".

    My pfsense is configured with High Availability Sync using CARP. The only package installed is the pfBlockerNG.

    I could however connect to the backup pfSense wiithout any errors.

    Any help would greatly appreciated.

    Thanks



  • Having same issue  here too my the services won't start please post solution if you figure it out


  • Rebel Alliance Developer Netgate

    Not enough info there to offer any sort of help/diagnosis. That error is a timeout. It could mean any one of a dozen things from the service on the server not running to traffic being dropped somehow.

    Post the logs from the OpenVPN server, check if it's running properly, make sure your rules are allowing traffic to the OpenVPN port on the correct server IP address, and so on.



  • Had the same issue and found this thread. Wasn't able to OpenVPN back into the remote pfSense box. Paid it a visit and noticed all the ethernet ports were locked up. Manually power cycled it, and everything came back up. OpenVPN works again as expected. Hope this helps someone.



  • I posted about same problem since August, with 2.3.2 release and after new patch, another user gave me the idea to disable web interface plugin for openvpn, you can try it:
    https://forum.pfsense.org/index.php?topic=116670.0

    In my case restarting the machine make the openvpn service responsive again to client requests, to avoid it becomes unresponsive again, try to disable openvpn plugin on web interface. Another user tolds me it worked for him, and it makes sense beacuse 2.3.2 big  change was the new bootstrap interface…



  • My servers work fine, 2 tun and 1 tap, all workstation to server. The implication is that the problem is in your setup, not the server. I used the basic wizard for the tun servers.



  • Wait - the client download has a new item that 'hides' DNS in the pc config file. I had to remove the added line to connnect on a new cert download. Unckeck that box and download your cert again - assuming this was your problem.



  • In my case same client config (no changes) since months ago when deployed.
    I only deleted de openvpn plugin from dashboard and one week passed without openvpn problems…



  • Bad news,
    My openvpn process still becomes unresponsive…
    After a restart it works again.

    if someone is interested in logs for fixing this, simply ask for the things you need.


  • Rebel Alliance Developer Netgate

    It's probably unrelated to this thread. Start a new thread and post the OpenVPN logs and any system log messages related to OpenVPN.



  • Thanks for all the suggestions!

    All my single pfsense firewalls seems to have no issues at all. Even thought multiple widgets are installed on the dashboards. I could still OVPN tunnel without any hitches.

    The pfsense firewalls that has high-availability backup gives me issues on the OVPN tunneling. I tried removing all the widgets on the dashboard and it seems to worked on one setup but not on the other. It is still giving me the same errors. If there no other solution, my next move is to reconstruct the OVPN.



  • As Jimp suggested Im gonna post logs and related data on the thread I previouosly opened for this:
    https://forum.pfsense.org/index.php?topic=116670.0

    Thx


Log in to reply