OpenVPN TLS packet handshake failed PFSense



  • So I have this situation where i've tried everything I know and it still doesn't work. The OpenVPN server is a PFSense machine that is also my internet gateway. The LAN behind this PFSense machine have access to the internet through a transparent proxy. I've configured the vpn server as UDP on port 1194, with user + certificates authentication. The problem: client can't connect (infamous tls handshake failed error).

    There's a NAT rule forwarding traffic to PFSense LAN address on port 1194, a firewall rule that allows traffic on WAN address 1194 port, an OpenVPN rule allowing everything on the VPN network.

    Already tried:

    Switching to TCP (connection refused error loop instead);
    Trying to use proxy on the client (only needed if there is a proxy on client side from what I understood, not the other way around);
    route-method exe and route-delay 6 parameters on client conf file;
    Without any further success.

    Already tried on two different client networks, same error. Yes, I'm running OpenVPN GUI as admin, and Windows Firewall is disabled.

    Packet capture shows that the packets are going to the right address, but firewall is blocking them for some reason. Here are my firewall/NAT rules:

    WAN rule

     pass in log quick on pppoe1 reply-to (pppoe1 200.100.88.204) inet proto udp from any to 177.103.160.201 port = openvpn keep state label "USER_RULE: OpenVPN coriben.vpn Assistente"
    

    NAT rule

     rdr on pppoe1 inet proto udp from any to 177.103.160.201 port = openvpn -> 172.27.0.5
    

    NAT reflection is enabled in pure mode (disabling it didn't help).

    Thanks in advance and hope you guys can help.