Help troubleshoot connection problem



  • On an iphone and on an iPad (wireless only - no cell) I have installed OpenVPN app.

    I created the .ovpn certs and have the same client cert installed on each of the iOS devices.

    Using my cell phone from across town, it connects quickly and operates well.

    Using my iPad at various locations with wifi I have not been able to connect.  I do not know if there is any blocking at the sites I have used.

    I can connect the iPad at home which tells me that there is no problem with the .ovpn

    There are no entries that I can find on pfSense that indicate a packet arrived at pfSense but this entry from OpenVPN shows:
    2016-11-21 09:20:11 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
    where x.x.x.x is my Wan_IP.

    Comparing connect logs from OpenVPN app on iPhone cell connect vs iPad wifi connect I have this diff on the iPad:

    2016-11-21 09:20:12 NET Internet:ReachableViaWiFi/-R t------
    2016-11-21 09:20:12 NET WiFi:ReachableViaWiFi/-R t-----d
    2016-11-21 09:20:21 Server poll timeout, trying next remote entry...
    2016-11-21 09:20:21 EVENT: RECONNECTING
    

    What do those 2 lines of NET mean and should I assume perhaps the data is blocked at the client connection or is there some other problem I may have?


  • Rebel Alliance Global Moderator

    If your not seeing the traffic hit pfsense, then yeah where your at is prob blocking it..  1194 is the default vpn port.  Where are you trying to wifi from??  Some hotspot like Starbucks or something??

    Bring up openvpn server on say tcp 443, if there is internet where your at, 443 should be open..  I use the vpn on my ipad without any issues.. But I have only ever used from wifi that I know is open, like my sons house.  Or even via hotspotting from my phone ;)



  • Thanks for those ideas.  I've tried the wifi at my gym, which apparently blocks standard email ports but not the web.  This morning I tried it at my local hospital wifi where I had an appointment.  The web works there, as do some other iOS apps.

    I thought about the phone hotspot but I have the absolute minimum cell data plan and so have not played with that feature.



  • @johnpoz:

    Bring up openvpn server on say tcp 443, if there is internet where your at, 443 should be open..

    Would this require a new client cert also?  A quick shot at changing server & fw rules did not work.  Maybe I missed something, I'll look at it again tonight.


  • Rebel Alliance Global Moderator

    No you can use the same certs if you want..