Open VPN error

cyberbot

Hi guys,
Today we have installed a 2.3.3 pfsense on a hardware. i've been working on this like 2 hrs and can't seem to get the openvpn working.

the error is

Sat Apr 01 10:48:09 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sat Apr 01 10:48:09 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 01 10:48:09 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sat Apr 01 10:48:14 2017 WARNING: –ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Apr 01 10:48:14 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]IP ADRESS:1194
Sat Apr 01 10:48:14 2017 UDP link local (bound): [AF_INET][undef]:1194

can someone please advies ?

i am stuck here

johnpoz

there is no error there..

"Sat Apr 01 10:48:14 2017 WARNING: –ns-cert-type is DEPRECATED. Use --remote-cert-tls instead."

That is not an error nor stopping you from connecting. Where is your connection attempt to your server?

cyberbot

@johnpoz:

there is no error there..

"Sat Apr 01 10:48:14 2017 WARNING: –ns-cert-type is DEPRECATED. Use --remote-cert-tls instead."

That is not an error nor stopping you from connecting. Where is your connection attempt to your server?

i just tried over 4G and also over the LAN by changing the external IP to the firewall IP.
the error i have now is

Sat Apr 01 11:14:06 2017 UDP link remote: [AF_INET]10.10.2.1:1194
Sat Apr 01 11:15:06 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 01 11:15:06 2017 TLS Error: TLS handshake failed
Sat Apr 01 11:15:06 2017 SIGUSR1[soft,tls-error] received, process restarting

firewall rule on the WAN side is attached, also on the openvpn interface have created allow any to any.

the crypto i am using for the OPENVPN
Crypto: AES-128-CBC/SHA1
D-H Params: 1024 bits

OPENVPN Client is 11.5.0

is this a related issue ?
thank you

firewall.jpg_thumb

johnpoz

"UDP link remote: [AF_INET]10.10.2.1:1194"

How and the F could you connect to a rfc1918 address? Is your pfsense behind a NAT? If so you can create firewall rules on its wan til doomsday and nothing will happen.. Is that your lan IP.. Why would you have pfsense openvpn listen on the lan interface?

Current client of openvpn is 24.1 – what client are you using that is 11.5 ???

cyberbot

@johnpoz:

"UDP link remote: [AF_INET]10.10.2.1:1194"

How and the F could you connect to a rfc1918 address? Is your pfsense behind a NAT? If so you can create firewall rules on its wan til doomsday and nothing will happen.. Is that your lan IP.. Why would you have pfsense openvpn listen on the lan interface?

Current client of openvpn is 24.1 – what client are you using that is 11.5 ???

thank you John,
i dont know what happens but after i rebooted the firewall and everything starts working.
Thank you so much for your support