Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN TLS packet handshake failed PFSense

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 916 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      resch
      last edited by

      So I have this situation where i've tried everything I know and it still doesn't work. The OpenVPN server is a PFSense machine that is also my internet gateway. The LAN behind this PFSense machine have access to the internet through a transparent proxy. I've configured the vpn server as UDP on port 1194, with user + certificates authentication. The problem: client can't connect (infamous tls handshake failed error).

      There's a NAT rule forwarding traffic to PFSense LAN address on port 1194, a firewall rule that allows traffic on WAN address 1194 port, an OpenVPN rule allowing everything on the VPN network.

      Already tried:

      Switching to TCP (connection refused error loop instead);
      Trying to use proxy on the client (only needed if there is a proxy on client side from what I understood, not the other way around);
      route-method exe and route-delay 6 parameters on client conf file;
      Without any further success.

      Already tried on two different client networks, same error. Yes, I'm running OpenVPN GUI as admin, and Windows Firewall is disabled.

      Packet capture shows that the packets are going to the right address, but firewall is blocking them for some reason. Here are my firewall/NAT rules:

      WAN rule

       pass in log quick on pppoe1 reply-to (pppoe1 200.100.88.204) inet proto udp from any to 177.103.160.201 port = openvpn keep state label "USER_RULE: OpenVPN coriben.vpn Assistente"
      

      NAT rule

       rdr on pppoe1 inet proto udp from any to 177.103.160.201 port = openvpn -> 172.27.0.5
      

      NAT reflection is enabled in pure mode (disabling it didn't help).

      Thanks in advance and hope you guys can help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.