• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN - multiple tutorials, cannot connect

Scheduled Pinned Locked Moved OpenVPN
10 Posts 3 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mkyb14
    last edited by Apr 21, 2017, 5:42 PM

    I was really hoping to figure this out on my own, but I've been stumped now for a week.

    Following multiple tutorials, different little variations in how people are setting up their openvpn server's, nothing has worked.  I'm simply trying to allow a connection from my phone or laptop to access cameras or ssh into my proxmox box from outside the house.

    I've followed many tutorials, but always get an error and this would seem pretty straight forward.  I've CC'd the logs from my laptop connected via tunnelblick over another Wireless WAN connection.

    Any direction would be appreciated!

    also, no add on's enabled in PFSense, just the export openvpn tool right now.

    2017-04-21 10:32:09 *Tunnelblick: Established communication with OpenVPN
    2017-04-21 10:32:09 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
    2017-04-21 10:32:09 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
    2017-04-21 10:32:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
    2017-04-21 10:32:09 Need hold release from management interface, waiting…
    2017-04-21 10:32:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
    2017-04-21 10:32:09 MANAGEMENT: CMD 'pid'
    2017-04-21 10:32:09 MANAGEMENT: CMD 'state on'
    2017-04-21 10:32:09 MANAGEMENT: CMD 'state'
    2017-04-21 10:32:09 MANAGEMENT: CMD 'bytecount 1'
    2017-04-21 10:32:09 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:32:09 *Tunnelblick: openvpnstart starting OpenVPN
    2017-04-21 10:32:17 MANAGEMENT: CMD 'username "Auth" "mkyb14"'
    2017-04-21 10:32:17 MANAGEMENT: CMD 'password […]'
    2017-04-21 10:32:17 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:32:25 MANAGEMENT: CMD 'password […]'
    2017-04-21 10:32:25 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    2017-04-21 10:32:25 Control Channel Authentication: using 'pfSense-udp-31000-mkyb14-tls.key' as a OpenVPN static key file
    2017-04-21 10:32:25 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    2017-04-21 10:32:25 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    2017-04-21 10:32:25 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:32:25 MANAGEMENT: >STATE:1492795945,RESOLVE,,,
    2017-04-21 10:32:31 UDPv4 link local (bound): [undef]
    2017-04-21 10:32:31 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,WAIT,,,
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,AUTH,,,
    2017-04-21 10:32:31 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=80379b54 7be8650d
    2017-04-21 10:32:31 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
    2017-04-21 10:32:31 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
    2017-04-21 10:32:31 TLS_ERROR: BIO read tls_read_plaintext error
    2017-04-21 10:32:31 TLS Error: TLS object -> incoming plaintext read error
    2017-04-21 10:32:31 TLS Error: TLS handshake failed
    2017-04-21 10:32:31 SIGUSR1[soft,tls-error] received, process restarting
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RECONNECTING,tls-error,,
    2017-04-21 10:32:31 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:32:31 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:32:31 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RESOLVE,,,
    2017-04-21 10:32:31 UDPv4 link local (bound): [undef]
    2017-04-21 10:32:31 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,WAIT,,,
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,AUTH,,,
    2017-04-21 10:32:31 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=b4df3926 92459d54
    2017-04-21 10:32:31 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
    2017-04-21 10:32:31 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
    2017-04-21 10:32:31 TLS_ERROR: BIO read tls_read_plaintext error
    2017-04-21 10:32:31 TLS Error: TLS object -> incoming plaintext read error
    2017-04-21 10:32:31 TLS Error: TLS handshake failed
    2017-04-21 10:32:31 SIGUSR1[soft,tls-error] received, process restarting
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RECONNECTING,tls-error,,
    2017-04-21 10:32:31 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:32:31 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:32:31 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,RESOLVE,,,
    2017-04-21 10:32:31 UDPv4 link local (bound): [undef]
    2017-04-21 10:32:31 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:32:31 MANAGEMENT: >STATE:1492795951,WAIT,,,
    2017-04-21 10:32:35 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:35 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:37 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:37 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:39 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:39 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:48 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:48 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:49 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:32:49 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:03 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:03 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:06 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:06 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:31 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2017-04-21 10:33:31 TLS Error: TLS handshake failed
    2017-04-21 10:33:31 SIGUSR1[soft,tls-error] received, process restarting
    2017-04-21 10:33:31 MANAGEMENT: >STATE:1492796011,RECONNECTING,tls-error,,
    2017-04-21 10:33:31 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:33:31 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:33:31 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:33:31 MANAGEMENT: >STATE:1492796011,RESOLVE,,,
    2017-04-21 10:33:37 UDPv4 link local (bound): [undef]
    2017-04-21 10:33:37 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,WAIT,,,
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,AUTH,,,
    2017-04-21 10:33:37 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=847f9fd0 be742b78
    2017-04-21 10:33:37 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
    2017-04-21 10:33:37 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
    2017-04-21 10:33:37 TLS_ERROR: BIO read tls_read_plaintext error
    2017-04-21 10:33:37 TLS Error: TLS object -> incoming plaintext read error
    2017-04-21 10:33:37 TLS Error: TLS handshake failed
    2017-04-21 10:33:37 SIGUSR1[soft,tls-error] received, process restarting
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RECONNECTING,tls-error,,
    2017-04-21 10:33:37 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:33:37 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:33:37 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RESOLVE,,,
    2017-04-21 10:33:37 UDPv4 link local (bound): [undef]
    2017-04-21 10:33:37 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,WAIT,,,
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,AUTH,,,
    2017-04-21 10:33:37 TLS: Initial packet from [AF_INET]IPHIDDENONPUROPSE:31000, sid=28bc40ca 82971199
    2017-04-21 10:33:37 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=California, L=Encinitas, O=Local, emailAddress=mkyb14@gmail.com, CN=DYNDNS, OU=local
    2017-04-21 10:33:37 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
    2017-04-21 10:33:37 TLS_ERROR: BIO read tls_read_plaintext error
    2017-04-21 10:33:37 TLS Error: TLS object -> incoming plaintext read error
    2017-04-21 10:33:37 TLS Error: TLS handshake failed
    2017-04-21 10:33:37 SIGUSR1[soft,tls-error] received, process restarting
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RECONNECTING,tls-error,,
    2017-04-21 10:33:37 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:33:37 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:33:37 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,RESOLVE,,,
    2017-04-21 10:33:37 UDPv4 link local (bound): [undef]
    2017-04-21 10:33:37 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:33:37 MANAGEMENT: >STATE:1492796017,WAIT,,,
    2017-04-21 10:33:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:41 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:42 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:42 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:46 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:46 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:47 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:47 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:53 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:53 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:54 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:33:54 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:34:09 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:34:09 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:34:10 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:34:10 TLS Error: Unroutable control packet received from [AF_INET]IPHIDDENONPUROPSE:31000 (si=3 op=P_CONTROL_V1)
    2017-04-21 10:34:37 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2017-04-21 10:34:37 TLS Error: TLS handshake failed
    2017-04-21 10:34:37 SIGUSR1[soft,tls-error] received, process restarting
    2017-04-21 10:34:37 MANAGEMENT: >STATE:1492796077,RECONNECTING,tls-error,,
    2017-04-21 10:34:37 MANAGEMENT: CMD 'hold release'
    2017-04-21 10:34:37 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    2017-04-21 10:34:37 Socket Buffers: R=[196724->196724] S=[9216->9216]
    2017-04-21 10:34:37 MANAGEMENT: >STATE:1492796077,RESOLVE,,,
    2017-04-21 10:34:41 *Tunnelblick: Disconnecting; notification window disconnect button pressed
    2017-04-21 10:34:41 *Tunnelblick: No 'pre-disconnect.sh' script to execute
    2017-04-21 10:34:41 *Tunnelblick: Disconnecting using 'kill'
    2017-04-21 10:34:43 UDPv4 link local (bound): [undef]
    2017-04-21 10:34:43 UDPv4 link remote: [AF_INET]IPHIDDENONPUROPSE:31000
    2017-04-21 10:34:43 SIGTERM[hard,init_instance] received, process exiting
    2017-04-21 10:34:43 MANAGEMENT: >STATE:1492796083,EXITING,init_instance,,
    2017-04-21 10:34:44 *Tunnelblick: No 'post-disconnect.sh' script to execute
    2017-04-21 10:34:44 *Tunnelblick: Expected disconnection occurred.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Apr 21, 2017, 5:49 PM

      Well you have the wrong cert type for starters
      "unsupported certificate purpose"

      Did you set this up with wizard, the wizard prevents you from using the wrong cert - you need server cert.  Look in your cert manager does it list the cert your using as server?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • M
        mkyb14
        last edited by Apr 21, 2017, 6:03 PM

        for this last instance, with the logs no.  I started with creating them manually following a video and documentation.  I will delete everything, start with the wizard again and make sure.  take me 5 minutes.

        1 Reply Last reply Reply Quote 0
        • M
          mkyb14
          last edited by Apr 21, 2017, 6:15 PM

          ok. deleted server config, firewall rules, certs.

          ran wizard, created certs, went to the user added the existing cert to that name.  exported the visa.bundle and archive.  tested tunnel blick again and get a TLS error.

          Had this in the past too, double checked all my settings and passwords etc.

          2017-04-21 11:11:07 *Tunnelblick: Established communication with OpenVPN
          2017-04-21 11:11:07 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
          2017-04-21 11:11:07 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
          2017-04-21 11:11:07 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
          2017-04-21 11:11:07 Need hold release from management interface, waiting…
          2017-04-21 11:11:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
          2017-04-21 11:11:07 MANAGEMENT: CMD 'pid'
          2017-04-21 11:11:07 MANAGEMENT: CMD 'state on'
          2017-04-21 11:11:07 MANAGEMENT: CMD 'state'
          2017-04-21 11:11:07 MANAGEMENT: CMD 'bytecount 1'
          2017-04-21 11:11:07 MANAGEMENT: CMD 'hold release'
          2017-04-21 11:11:07 *Tunnelblick: openvpnstart starting OpenVPN
          2017-04-21 11:11:13 MANAGEMENT: CMD 'username "Auth" "mkyb14"'
          2017-04-21 11:11:13 MANAGEMENT: CMD 'password […]'
          2017-04-21 11:11:13 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
          2017-04-21 11:11:18 MANAGEMENT: CMD 'password […]'
          2017-04-21 11:11:18 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
          2017-04-21 11:11:18 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
          2017-04-21 11:11:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
          2017-04-21 11:11:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
          2017-04-21 11:11:18 Socket Buffers: R=[196724->196724] S=[9216->9216]
          2017-04-21 11:11:18 MANAGEMENT: >STATE:1492798278,RESOLVE,,,
          2017-04-21 11:11:18 UDPv4 link local (bound): [undef]
          2017-04-21 11:11:18 UDPv4 link remote: [AF_INET]ipAddrHidden:31000
          2017-04-21 11:11:18 MANAGEMENT: >STATE:1492798278,WAIT,,,
          2017-04-21 11:11:18 MANAGEMENT: >STATE:1492798278,AUTH,,,
          2017-04-21 11:11:18 TLS: Initial packet from [AF_INET]ipAddrHidden:31000, sid=2601affd 9235c435
          2017-04-21 11:11:18 VERIFY OK: depth=1, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_CA
          2017-04-21 11:11:18 VERIFY OK: nsCertType=SERVER
          2017-04-21 11:11:18 VERIFY X509NAME OK: C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
          2017-04-21 11:11:18 VERIFY OK: depth=0, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
          2017-04-21 11:12:18 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
          2017-04-21 11:12:18 TLS Error: TLS handshake failed
          2017-04-21 11:12:18 SIGUSR1[soft,tls-error] received, process restarting
          2017-04-21 11:12:18 MANAGEMENT: >STATE:1492798338,RECONNECTING,tls-error,,
          2017-04-21 11:12:18 MANAGEMENT: CMD 'hold release'
          2017-04-21 11:12:18 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
          2017-04-21 11:12:18 Socket Buffers: R=[196724->196724] S=[9216->9216]
          2017-04-21 11:12:18 MANAGEMENT: >STATE:1492798338,RESOLVE,,,
          2017-04-21 11:12:19 UDPv4 link local (bound): [undef]
          2017-04-21 11:12:19 UDPv4 link remote: [AF_INET]ipAddrHidden:31000
          2017-04-21 11:12:19 MANAGEMENT: >STATE:1492798339,WAIT,,,
          2017-04-21 11:12:19 MANAGEMENT: >STATE:1492798339,AUTH,,,
          2017-04-21 11:12:19 TLS: Initial packet from [AF_INET]ipAddrHidden:31000, sid=1272a2b0 341bc086
          2017-04-21 11:12:19 VERIFY OK: depth=1, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_CA
          2017-04-21 11:12:19 VERIFY OK: nsCertType=SERVER
          2017-04-21 11:12:19 VERIFY X509NAME OK: C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
          2017-04-21 11:12:19 VERIFY OK: depth=0, C=US, ST=California, L=Encinitas, O=none, emailAddress=mkyb14@gmail.com, CN=Home_Server_CA
          2017-04-21 11:12:26 *Tunnelblick: Disconnecting; notification window disconnect button pressed
          2017-04-21 11:12:26 *Tunnelblick: No 'pre-disconnect.sh' script to execute
          2017-04-21 11:12:26 *Tunnelblick: Disconnecting using 'kill'
          2017-04-21 11:12:26 event_wait : Interrupted system call (code=4)
          2017-04-21 11:12:26 SIGTERM[hard,] received, process exiting
          2017-04-21 11:12:26 MANAGEMENT: >STATE:1492798346,EXITING,SIGTERM,,
          2017-04-21 11:12:27 *Tunnelblick: No 'post-disconnect.sh' script to execute
          2017-04-21 11:12:27 *Tunnelblick: Expected disconnection occurred.

          1 Reply Last reply Reply Quote 0
          • M
            mkyb14
            last edited by Apr 22, 2017, 7:09 PM

            Double and triple checked everything, seems to be setup correctly based on numerous videos, tutorials just using a different port.
            Also tried TCP vs UDP, still doesn't connect.

            Any other thoughts?

            Internet is COX, modem set in bridge mode to pass through to proxmox, pfsense VM.

            1 Reply Last reply Reply Quote 0
            • I
              isolatedvirus
              last edited by Apr 22, 2017, 10:45 PM Apr 22, 2017, 10:41 PM

              @mkyb14:

              Double and triple checked everything, seems to be setup correctly based on numerous videos, tutorials just using a different port.
              Also tried TCP vs UDP, still doesn't connect.

              Any other thoughts?

              Internet is COX, modem set in bridge mode to pass through to proxmox, pfsense VM.

              disable tls verify

              Edit:
              by tls verify, i meant TLS Authenticaion of packets. its not needed and can cause issues more times than not.

              1 Reply Last reply Reply Quote 0
              • M
                mkyb14
                last edited by Apr 26, 2017, 3:40 PM

                Unchecked TLS Auth on the Openvpn servers tab, re downloaded the config to a laptop and android phone, still no connection.

                Log from TunnelBlick OS X

                2017-04-26 08:37:57 *Tunnelblick: Established communication with OpenVPN
                2017-04-26 08:37:57 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
                2017-04-26 08:37:57 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
                2017-04-26 08:37:57 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
                2017-04-26 08:37:57 Need hold release from management interface, waiting…
                2017-04-26 08:37:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
                2017-04-26 08:37:57 MANAGEMENT: CMD 'pid'
                2017-04-26 08:37:57 MANAGEMENT: CMD 'state on'
                2017-04-26 08:37:57 MANAGEMENT: CMD 'state'
                2017-04-26 08:37:57 MANAGEMENT: CMD 'bytecount 1'
                2017-04-26 08:37:57 MANAGEMENT: CMD 'hold release'
                2017-04-26 08:37:57 *Tunnelblick: openvpnstart starting OpenVPN
                2017-04-26 08:38:07 MANAGEMENT: CMD 'username "Auth" "mkyb14"'
                2017-04-26 08:38:07 MANAGEMENT: CMD 'password […]'
                2017-04-26 08:38:07 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
                2017-04-26 08:38:07 Socket Buffers: R=[196724->196724] S=[9216->9216]
                2017-04-26 08:38:07 MANAGEMENT: >STATE:1493221087,RESOLVE,,,
                2017-04-26 08:38:07 UDPv4 link local (bound): [undef]
                2017-04-26 08:38:07 UDPv4 link remote: [AF_INET]IPADDRESS:31000
                2017-04-26 08:38:07 MANAGEMENT: >STATE:1493221087,WAIT,,,
                2017-04-26 08:39:07 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                2017-04-26 08:39:07 TLS Error: TLS handshake failed
                2017-04-26 08:39:07 SIGUSR1[soft,tls-error] received, process restarting
                2017-04-26 08:39:07 MANAGEMENT: >STATE:1493221147,RECONNECTING,tls-error,,
                2017-04-26 08:39:07 MANAGEMENT: CMD 'hold release'
                2017-04-26 08:39:07 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
                2017-04-26 08:39:07 Socket Buffers: R=[196724->196724] S=[9216->9216]
                2017-04-26 08:39:07 MANAGEMENT: >STATE:1493221147,RESOLVE,,,
                2017-04-26 08:39:08 UDPv4 link local (bound): [undef]
                2017-04-26 08:39:08 UDPv4 link remote: [AF_INET]IPADDRESS:31000
                2017-04-26 08:39:08 MANAGEMENT: >STATE:1493221148,WAIT,,,

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator
                  last edited by Apr 26, 2017, 4:09 PM

                  "2017-04-21 11:12:18 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"

                  Seems to me your not actually making a connection..

                  What dos the server log show?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • M
                    mkyb14
                    last edited by Apr 26, 2017, 4:39 PM

                    Whats odd is it's not showing anything as of two days ago before I turned off TLS.

                    I can do this all over again and delete the config and ports that the wizard created.

                    Status>System Logs > OpenVPN
                    https://drive.google.com/open?id=0B15p4ppbxdipUWRIVTBWbVYxX0k

                    1 Reply Last reply Reply Quote 0
                    • M
                      mkyb14
                      last edited by Apr 26, 2017, 8:22 PM

                      I'm a dunce, plain and simple….

                      deleted everything again, no crazy port number etc.  what I was doing wrong was the wrong android client during the export... was choosing openvpn connect and using a similarly named app in the google play store... realized this when I went back to square 0 and deleted everything off every device I had tried... realized the interface was different and noticed i was using two different apps.

                      needless to say, it works now.  icon in the play store is even the same..... OpenVPN Connect vs OpenVPN Connect for Android (two diff companies)

                      TLDR; read, re-read instructions, follow names explicitly.

                      1 Reply Last reply Reply Quote 0
                      1 out of 10
                      • First post
                        1/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received