Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN error

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cyberbot
      last edited by

      Hi guys,
      Today we have installed a 2.3.3 pfsense on a hardware. i've been working on this like 2 hrs and can't seem to get the openvpn working.

      the error is

      Sat Apr 01 10:48:09 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
      Sat Apr 01 10:48:09 2017 Windows version 6.2 (Windows 8 or greater) 64bit
      Sat Apr 01 10:48:09 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
      Sat Apr 01 10:48:14 2017 WARNING: –ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
      Sat Apr 01 10:48:14 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]IP ADRESS:1194
      Sat Apr 01 10:48:14 2017 UDP link local (bound): [AF_INET][undef]:1194

      can someone please advies ?

      i am stuck here

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        there is no error there..

        "Sat Apr 01 10:48:14 2017 WARNING: –ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead."

        That is not an error nor stopping you from connecting.    Where is your connection attempt to your server?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • C Offline
          cyberbot
          last edited by

          @johnpoz:

          there is no error there..

          "Sat Apr 01 10:48:14 2017 WARNING: –ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead."

          That is not an error nor stopping you from connecting.    Where is your connection attempt to your server?

          i just tried over 4G and also over the LAN by changing the external IP to the firewall IP.
          the error i have now is

          Sat Apr 01 11:14:06 2017 UDP link remote: [AF_INET]10.10.2.1:1194
          Sat Apr 01 11:15:06 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
          Sat Apr 01 11:15:06 2017 TLS Error: TLS handshake failed
          Sat Apr 01 11:15:06 2017 SIGUSR1[soft,tls-error] received, process restarting

          firewall rule on the WAN side is attached, also on the openvpn interface have created allow any to any.

          the crypto i am using for the OPENVPN
          Crypto: AES-128-CBC/SHA1
          D-H Params: 1024 bits

          OPENVPN Client is 11.5.0

          is this a related issue ?
          thank you

          firewall.jpg
          firewall.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            "UDP link remote: [AF_INET]10.10.2.1:1194"

            How and the F could you connect to a rfc1918 address?  Is your pfsense behind a NAT?  If so you can create firewall rules on its wan til doomsday and nothing will happen..  Is that your lan IP.. Why would you have pfsense openvpn listen on the lan interface?

            Current client of openvpn is 24.1 – what client are you using that is 11.5 ???

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • C Offline
              cyberbot
              last edited by

              @johnpoz:

              "UDP link remote: [AF_INET]10.10.2.1:1194"

              How and the F could you connect to a rfc1918 address?  Is your pfsense behind a NAT?  If so you can create firewall rules on its wan til doomsday and nothing will happen..  Is that your lan IP.. Why would you have pfsense openvpn listen on the lan interface?

              Current client of openvpn is 24.1 – what client are you using that is 11.5 ???

              thank you John,
              i dont know what happens but after i rebooted the firewall and everything starts working.
              Thank you so much for your support

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.