Remote Access to NAS



  • Hi all,

    I have pfSense 2.4.2 and have setup OpenVPN client so that all my LAN traffic goes via the VPN.  This is working great.

    I also have a QNAP NAS that contains data files and also some music that I would like to have access to remotely via my phone and laptop.  What is the best way to go about this?

    Port Forwarding, VPN Server on NAS or pfSense or some other method?

    I have also enabled DDNS (no-ip) on pfSense and that keeps my WAN Public IP updated correctly.

    TIA

    Greg


  • Rebel Alliance Global Moderator

    Just vpn in to pfsense.. If you want to access stuff on your network.



  • So it's OK to have both OpenVPN Client & Server on the one box?

    So I followed the instructions here:-
    https://www.youtube.com/watch?v=7rQ-Tgt3L18

    and imported the config into my Android Phone.

    I do not get a connection with the pfSense logs showing:-

    Dec 24 12:48:29 	openvpn 	11552 	49.195.119.219 TLS Error: TLS handshake failed
    Dec 24 12:48:29 	openvpn 	11552 	49.195.119.219 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
    

    Server config:-

    persist-tun
    persist-key
    cipher AES-128-CBC
    ncp-ciphers AES-256-GCM:AES-128-GCM
    auth SHA256
    tls-client
    client
    remote x.x.x 1194 udp
    auth-user-pass
    remote-cert-tls server
    
     <ca>-----BEGIN CERTIFICATE-----
    MIIESDCCAzCgAwIBAgIBADANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJBVTEM
    MAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxEDAOBgNVBAoTB0dIIEhvbWUx
    JDAiBgkqhkiG9w0BCQEWFWdyZWdAdGhlYnJpYXJzLm5ldC5hdTEQMA4GA1UEAxMH
    SG9tZVZQTjAeFw0xNzEyMjQwMDAyNTVaFw0yNzEyMjIwMDAyNTVaMHYxCzAJBgNV
    BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEQMA4GA1UEChMH
    R0ggSG9tZTEkMCIGCSqGSIb3DQEJARYVZ3JlZ0B0aGVicmlhcnMubmV0LmF1MRAw
    DgYDVQQDEwdIb21lVlBOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
    zSeIdn6+XgQMK2aBLnXV564hdpqNjV3Ejg+sb+6Hpc93Nq510NRY12wYwpbwhB+Z
    73pb5IJPhXyU1wXkPgB5DB94rHQeC+OuQwaioGHNkQ408ASaVhA8i+i6iXMwmZNl
    FHYRfRrDvOvJNM5mouTKqSECwJLKbHhZ7/BZZaV/hMpJiWLNMYEfKu2F8uBUDzCo
    26H5DPA7mrOR0BqsX3elWqj2WLRx70rr1lu4EYuktBow5MWSW1JIsccluYSmPnCT
    sKdc4VyM+muT+Pm97NZgOxHnt0uNnV5xJcngAa4mmCT9Ik1FUoKlE25rWiWLkI+P
    2KMQDe1MGONpgeMuRNGPmQIDAQABo4HgMIHdMB0GA1UdDgQWBBSqAWXX9p6EhtHX
    QGTf8C8H2aPR6jCBoAYDVR0jBIGYMIGVgBSqAWXX9p6EhtHXQGTf8C8H2aPR6qF6
    pHgwdjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5
    MRAwDgYDVQQKEwdHSCBIb21lMSQwIgYJKoZIhvcNAQkBFhVncmVnQHRoZWJyaWFy
    cy5uZXQuYXUxEDAOBgNVBAMTB0hvbWVWUE6CAQAwDAYDVR0TBAUwAwEB/zALBgNV
    HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBADGaCabcfBAw1E3+yyb4kRyEgJfy
    sNlpA4ufX/iit3qNEsidLO4V/RfrwvEQqs53XuJpp/0bkVhbGvNSlFaCZ1qC7BrP
    H1lxNUZtT1L0gE3p0bLqC6cyNKtZ/0s60ZdpEueELHcd6+Bf1s5c7pU89/TXCZ5V
    +UrEVtLxcdK2poUMhS3+uWrxxdy9kLdFh4iMJIXecYWwr7LOggxK8UVHw7MueCBJ
    3aHVGUlm725nAKRy1cXImWOgqY5b1WNB+FVqQ3FCGTmH9p7tEYVUfvfSy5PLPrJa
    R9AQpiZ8EKPQVhU4iI67dkZZz9xfnCI6Eh50fAZNNbYdtmKHcA0Nq8EoXeA=
    -----END CERTIFICATE-----</ca> 
    setenv CLIENT_CERT 0
     <tls-auth>#
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    65dac4a5f2a5b84c8dfa3e6c97a7921a
    fd72b6848bcacfa0812bcdbead460260
    3c53f9ced8f32c1465ff8795a133fa65
    57f296dcac36f91f0697f2e60473b6a7
    a56e13ede9311faa8e7b66af2890447a
    66856307a2d2a82f941735d3b3a08f3b
    0023936bf1155022e6660bae38306072
    629aaa90c6d15b288604334716603b4d
    85cc8ec94d20f4b357fbe6fd89fa4309
    4e51a9b9588e9b3a397b25c044d056aa
    0deed72dd55e9c1feae47d5d73f8af04
    9e6879bbbce4cd5a9e84cb204c7705ff
    29d0fba696a0b40cecdeb256b355d1f7
    1cbfaf8dfc6f7f4363a78ec6a0583375
    6f2857079ce83fa5a9f382c6f363a82a
    6ef3ea3c3ca7a49ccf4d5b5beab2a21b
    -----END OpenVPN Static key V1-----</tls-auth> 
    key-direction 1
    
    

    Is there anything special that needs to be done to support both OpenVPN client and server?

    TIA

    Greg

    Edit:
    vpnserver.log

    Sun Dec 24 13:59:45 2017 us=834470 WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional (or --client-cert-not-required) may accept clients which do not present a certificate
    Sun Dec 24 13:59:45 2017 us=835231 Current Parameter Settings:
    Sun Dec 24 13:59:45 2017 us=835261   config = '/var/etc/openvpn/server2.conf'
    Sun Dec 24 13:59:45 2017 us=835287   mode = 1
    Sun Dec 24 13:59:45 2017 us=835313   show_ciphers = DISABLED
    Sun Dec 24 13:59:45 2017 us=835345   show_digests = DISABLED
    Sun Dec 24 13:59:45 2017 us=835372   show_engines = DISABLED
    Sun Dec 24 13:59:45 2017 us=835397   genkey = DISABLED
    Sun Dec 24 13:59:45 2017 us=835423   key_pass_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=835448   show_tls_ciphers = DISABLED
    Sun Dec 24 13:59:45 2017 us=835473   connect_retry_max = 0
    Sun Dec 24 13:59:45 2017 us=835499 Connection profiles [0]:
    Sun Dec 24 13:59:45 2017 us=835524   proto = udp
    Sun Dec 24 13:59:45 2017 us=835549   local = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=835575   local_port = '1194'
    Sun Dec 24 13:59:45 2017 us=835600   remote = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=835625   remote_port = '1194'
    Sun Dec 24 13:59:45 2017 us=835650   remote_float = ENABLED
    Sun Dec 24 13:59:45 2017 us=835675   bind_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=835700   bind_local = ENABLED
    Sun Dec 24 13:59:45 2017 us=835725   bind_ipv6_only = DISABLED
    Sun Dec 24 13:59:45 2017 us=835750   connect_retry_seconds = 5
    Sun Dec 24 13:59:45 2017 us=835776   connect_timeout = 120
    Sun Dec 24 13:59:45 2017 us=835801   socks_proxy_server = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=835826   socks_proxy_port = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=835851   tun_mtu = 1500
    Sun Dec 24 13:59:45 2017 us=835876   tun_mtu_defined = ENABLED
    Sun Dec 24 13:59:45 2017 us=835902   link_mtu = 1500
    Sun Dec 24 13:59:45 2017 us=835927   link_mtu_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=835952   tun_mtu_extra = 0
    Sun Dec 24 13:59:45 2017 us=835977   tun_mtu_extra_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=836002   mtu_discover_type = -1
    Sun Dec 24 13:59:45 2017 us=836033   fragment = 0
    Sun Dec 24 13:59:45 2017 us=836060   mssfix = 1450
    Sun Dec 24 13:59:45 2017 us=836086   explicit_exit_notification = 0
    Sun Dec 24 13:59:45 2017 us=836111 Connection profiles END
    Sun Dec 24 13:59:45 2017 us=836137   remote_random = DISABLED
    Sun Dec 24 13:59:45 2017 us=836162   ipchange = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=836187   dev = 'ovpns2'
    Sun Dec 24 13:59:45 2017 us=836213   dev_type = 'tun'
    Sun Dec 24 13:59:45 2017 us=836238   dev_node = '/dev/tun2'
    Sun Dec 24 13:59:45 2017 us=836263   lladdr = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=836289   topology = 3
    Sun Dec 24 13:59:45 2017 us=836314   ifconfig_local = '192.168.5.1'
    Sun Dec 24 13:59:45 2017 us=836340   ifconfig_remote_netmask = '255.255.255.0'
    Sun Dec 24 13:59:45 2017 us=836365   ifconfig_noexec = DISABLED
    Sun Dec 24 13:59:45 2017 us=836390   ifconfig_nowarn = DISABLED
    Sun Dec 24 13:59:45 2017 us=836415   ifconfig_ipv6_local = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=836440   ifconfig_ipv6_netbits = 0
    Sun Dec 24 13:59:45 2017 us=836465   ifconfig_ipv6_remote = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=836491   shaper = 0
    Sun Dec 24 13:59:45 2017 us=836515   mtu_test = 0
    Sun Dec 24 13:59:45 2017 us=836540   mlock = DISABLED
    Sun Dec 24 13:59:45 2017 us=836565   keepalive_ping = 10
    Sun Dec 24 13:59:45 2017 us=836591   keepalive_timeout = 60
    Sun Dec 24 13:59:45 2017 us=836616   inactivity_timeout = 0
    Sun Dec 24 13:59:45 2017 us=836641   ping_send_timeout = 10
    Sun Dec 24 13:59:45 2017 us=836666   ping_rec_timeout = 120
    Sun Dec 24 13:59:45 2017 us=836691   ping_rec_timeout_action = 2
    Sun Dec 24 13:59:45 2017 us=836716   ping_timer_remote = ENABLED
    Sun Dec 24 13:59:45 2017 us=836751   remap_sigusr1 = 0
    Sun Dec 24 13:59:45 2017 us=836778   persist_tun = ENABLED
    Sun Dec 24 13:59:45 2017 us=836803   persist_local_ip = DISABLED
    Sun Dec 24 13:59:45 2017 us=836829   persist_remote_ip = ENABLED
    Sun Dec 24 13:59:45 2017 us=836854   persist_key = ENABLED
    Sun Dec 24 13:59:45 2017 us=836879   passtos = DISABLED
    Sun Dec 24 13:59:45 2017 us=836905   resolve_retry_seconds = 1000000000
    Sun Dec 24 13:59:45 2017 us=836948   resolve_in_advance = DISABLED
    Sun Dec 24 13:59:45 2017 us=836976   username = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=837001   groupname = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=837027   chroot_dir = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=837057   cd_dir = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=837083   writepid = '/var/run/openvpn_server2.pid'
    Sun Dec 24 13:59:45 2017 us=837109   up_script = '/usr/local/sbin/ovpn-linkup'
    Sun Dec 24 13:59:45 2017 us=837134   down_script = '/usr/local/sbin/ovpn-linkdown'
    Sun Dec 24 13:59:45 2017 us=837159   down_pre = DISABLED
    Sun Dec 24 13:59:45 2017 us=837184   up_restart = DISABLED
    Sun Dec 24 13:59:45 2017 us=837209   up_delay = DISABLED
    Sun Dec 24 13:59:45 2017 us=837235   daemon = ENABLED
    Sun Dec 24 13:59:45 2017 us=837260   inetd = 0
    Sun Dec 24 13:59:45 2017 us=837285   log = ENABLED
    Sun Dec 24 13:59:45 2017 us=837311   suppress_timestamps = DISABLED
    Sun Dec 24 13:59:45 2017 us=837336   machine_readable_output = DISABLED
    Sun Dec 24 13:59:45 2017 us=837361   nice = 0
    Sun Dec 24 13:59:45 2017 us=837386   verbosity = 4
    Sun Dec 24 13:59:45 2017 us=837412   mute = 0
    Sun Dec 24 13:59:45 2017 us=837437   gremlin = 0
    Sun Dec 24 13:59:45 2017 us=837462   status_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=837488   status_file_version = 1
    Sun Dec 24 13:59:45 2017 us=837514   status_file_update_freq = 60
    Sun Dec 24 13:59:45 2017 us=837539   occ = ENABLED
    Sun Dec 24 13:59:45 2017 us=837564   rcvbuf = 0
    Sun Dec 24 13:59:45 2017 us=837589   sndbuf = 0
    Sun Dec 24 13:59:45 2017 us=837615   sockflags = 1
    Sun Dec 24 13:59:45 2017 us=837640   fast_io = DISABLED
    Sun Dec 24 13:59:45 2017 us=837665   comp.alg = 0
    Sun Dec 24 13:59:45 2017 us=837690   comp.flags = 0
    Sun Dec 24 13:59:45 2017 us=837716   route_script = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=837742   route_default_gateway = '192.168.5.2'
    Sun Dec 24 13:59:45 2017 us=837768   route_default_metric = 0
    Sun Dec 24 13:59:45 2017 us=837794   route_noexec = DISABLED
    Sun Dec 24 13:59:45 2017 us=837819   route_delay = 0
    Sun Dec 24 13:59:45 2017 us=837845   route_delay_window = 30
    Sun Dec 24 13:59:45 2017 us=837870   route_delay_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=837896   route_nopull = DISABLED
    Sun Dec 24 13:59:45 2017 us=837921   route_gateway_via_dhcp = DISABLED
    Sun Dec 24 13:59:45 2017 us=837947   allow_pull_fqdn = DISABLED
    Sun Dec 24 13:59:45 2017 us=837973   management_addr = '/var/etc/openvpn/server2.sock'
    Sun Dec 24 13:59:45 2017 us=837999   management_port = 'unix'
    Sun Dec 24 13:59:45 2017 us=838024   management_user_pass = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838055   management_log_history_cache = 250
    Sun Dec 24 13:59:45 2017 us=838081   management_echo_buffer_size = 100
    Sun Dec 24 13:59:45 2017 us=838107   management_write_peer_info_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838133   management_client_user = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838158   management_client_group = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838184   management_flags = 256
    Sun Dec 24 13:59:45 2017 us=838210   shared_secret_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838235   key_direction = 1
    Sun Dec 24 13:59:45 2017 us=838261   ciphername = 'AES-128-CBC'
    Sun Dec 24 13:59:45 2017 us=838287   ncp_enabled = ENABLED
    Sun Dec 24 13:59:45 2017 us=838313   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
    Sun Dec 24 13:59:45 2017 us=838339   authname = 'SHA256'
    Sun Dec 24 13:59:45 2017 us=838365   prng_hash = 'SHA1'
    Sun Dec 24 13:59:45 2017 us=838390   prng_nonce_secret_len = 16
    Sun Dec 24 13:59:45 2017 us=838416   keysize = 0
    Sun Dec 24 13:59:45 2017 us=838441   engine = DISABLED
    Sun Dec 24 13:59:45 2017 us=838467   replay = ENABLED
    Sun Dec 24 13:59:45 2017 us=838492   mute_replay_warnings = DISABLED
    Sun Dec 24 13:59:45 2017 us=838518   replay_window = 64
    Sun Dec 24 13:59:45 2017 us=838544   replay_time = 15
    Sun Dec 24 13:59:45 2017 us=838569   packet_id_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838595   use_iv = ENABLED
    Sun Dec 24 13:59:45 2017 us=838620   test_crypto = DISABLED
    Sun Dec 24 13:59:45 2017 us=838665   tls_server = ENABLED
    Sun Dec 24 13:59:45 2017 us=838692   tls_client = DISABLED
    Sun Dec 24 13:59:45 2017 us=838718   key_method = 2
    Sun Dec 24 13:59:45 2017 us=838743   ca_file = '/var/etc/openvpn/server2.ca'
    Sun Dec 24 13:59:45 2017 us=838769   ca_path = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838795   dh_file = '/etc/dh-parameters.2048'
    Sun Dec 24 13:59:45 2017 us=838821   cert_file = '/var/etc/openvpn/server2.cert'
    Sun Dec 24 13:59:45 2017 us=838846   extra_certs_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838872   priv_key_file = '/var/etc/openvpn/server2.key'
    Sun Dec 24 13:59:45 2017 us=838898   pkcs12_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838923   cipher_list = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=838949   tls_verify = '/usr/local/sbin/ovpn_auth_verify tls 'HomeVPN' 1'
    Sun Dec 24 13:59:45 2017 us=838975   tls_export_cert = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=839000   verify_x509_type = 0
    Sun Dec 24 13:59:45 2017 us=839026   verify_x509_name = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=839057   crl_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=839083   ns_cert_type = 0
    Sun Dec 24 13:59:45 2017 us=839109   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839135   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839160   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839186   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839212   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839238   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839264   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839290   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839315   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839341   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839367   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839392   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839418   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839444   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839470   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839496   remote_cert_ku[i] = 0
    Sun Dec 24 13:59:45 2017 us=839521   remote_cert_eku = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=839547   ssl_flags = 5
    Sun Dec 24 13:59:45 2017 us=839573   tls_timeout = 2
    Sun Dec 24 13:59:45 2017 us=839598   renegotiate_bytes = -1
    Sun Dec 24 13:59:45 2017 us=839624   renegotiate_packets = 0
    Sun Dec 24 13:59:45 2017 us=839650   renegotiate_seconds = 3600
    Sun Dec 24 13:59:45 2017 us=839676   handshake_window = 60
    Sun Dec 24 13:59:45 2017 us=839702   transition_window = 3600
    Sun Dec 24 13:59:45 2017 us=839728   single_session = DISABLED
    Sun Dec 24 13:59:45 2017 us=839753   push_peer_info = DISABLED
    Sun Dec 24 13:59:45 2017 us=839779   tls_exit = DISABLED
    Sun Dec 24 13:59:45 2017 us=839805   tls_auth_file = '/var/etc/openvpn/server2.tls-auth'
    Sun Dec 24 13:59:45 2017 us=839830   tls_crypt_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=839859   server_network = 192.168.5.0
    Sun Dec 24 13:59:45 2017 us=839888   server_netmask = 255.255.255.0
    Sun Dec 24 13:59:45 2017 us=839923   server_network_ipv6 = ::
    Sun Dec 24 13:59:45 2017 us=839950   server_netbits_ipv6 = 0
    Sun Dec 24 13:59:45 2017 us=839979   server_bridge_ip = 0.0.0.0
    Sun Dec 24 13:59:45 2017 us=840007   server_bridge_netmask = 0.0.0.0
    Sun Dec 24 13:59:45 2017 us=840040   server_bridge_pool_start = 0.0.0.0
    Sun Dec 24 13:59:45 2017 us=840069   server_bridge_pool_end = 0.0.0.0
    Sun Dec 24 13:59:45 2017 us=840095   push_entry = 'route 192.168.10.0 255.255.255.0'
    Sun Dec 24 13:59:45 2017 us=840121   push_entry = 'dhcp-option DNS 192.168.10.1'
    Sun Dec 24 13:59:45 2017 us=840148   push_entry = 'route-gateway 192.168.5.1'
    Sun Dec 24 13:59:45 2017 us=840173   push_entry = 'topology subnet'
    Sun Dec 24 13:59:45 2017 us=840199   push_entry = 'ping 10'
    Sun Dec 24 13:59:45 2017 us=840225   push_entry = 'ping-restart 60'
    Sun Dec 24 13:59:45 2017 us=840250   ifconfig_pool_defined = ENABLED
    Sun Dec 24 13:59:45 2017 us=840279   ifconfig_pool_start = 192.168.5.2
    Sun Dec 24 13:59:45 2017 us=840307   ifconfig_pool_end = 192.168.5.253
    Sun Dec 24 13:59:45 2017 us=840336   ifconfig_pool_netmask = 255.255.255.0
    Sun Dec 24 13:59:45 2017 us=840374   ifconfig_pool_persist_filename = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=840401   ifconfig_pool_persist_refresh_freq = 600
    Sun Dec 24 13:59:45 2017 us=840427   ifconfig_ipv6_pool_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=840455   ifconfig_ipv6_pool_base = ::
    Sun Dec 24 13:59:45 2017 us=840481   ifconfig_ipv6_pool_netbits = 0
    Sun Dec 24 13:59:45 2017 us=840507   n_bcast_buf = 256
    Sun Dec 24 13:59:45 2017 us=840533   tcp_queue_limit = 64
    Sun Dec 24 13:59:45 2017 us=840559   real_hash_size = 256
    Sun Dec 24 13:59:45 2017 us=840585   virtual_hash_size = 256
    Sun Dec 24 13:59:45 2017 us=840611   client_connect_script = '/usr/local/sbin/openvpn.attributes.sh'
    Sun Dec 24 13:59:45 2017 us=840637   learn_address_script = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=840663   client_disconnect_script = '/usr/local/sbin/openvpn.attributes.sh'
    Sun Dec 24 13:59:45 2017 us=840689   client_config_dir = '/var/etc/openvpn-csc/server2'
    Sun Dec 24 13:59:45 2017 us=840715   ccd_exclusive = DISABLED
    Sun Dec 24 13:59:45 2017 us=840740   tmp_dir = '/tmp'
    Sun Dec 24 13:59:45 2017 us=840766   push_ifconfig_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=840794   push_ifconfig_local = 0.0.0.0
    Sun Dec 24 13:59:45 2017 us=840823   push_ifconfig_remote_netmask = 0.0.0.0
    Sun Dec 24 13:59:45 2017 us=840849   push_ifconfig_ipv6_defined = DISABLED
    Sun Dec 24 13:59:45 2017 us=840876   push_ifconfig_ipv6_local = ::/0
    Sun Dec 24 13:59:45 2017 us=840903   push_ifconfig_ipv6_remote = ::
    Sun Dec 24 13:59:45 2017 us=840929   enable_c2c = DISABLED
    Sun Dec 24 13:59:45 2017 us=840955   duplicate_cn = DISABLED
    Sun Dec 24 13:59:45 2017 us=840980   cf_max = 0
    Sun Dec 24 13:59:45 2017 us=841006   cf_per = 0
    Sun Dec 24 13:59:45 2017 us=841036   max_clients = 5
    Sun Dec 24 13:59:45 2017 us=841063   max_routes_per_client = 256
    Sun Dec 24 13:59:45 2017 us=841089   auth_user_pass_verify_script = '/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server2 1194'
    Sun Dec 24 13:59:45 2017 us=841116   auth_user_pass_verify_script_via_file = DISABLED
    Sun Dec 24 13:59:45 2017 us=841141   auth_token_generate = DISABLED
    Sun Dec 24 13:59:45 2017 us=841167   auth_token_lifetime = 0
    Sun Dec 24 13:59:45 2017 us=841193   port_share_host = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=841219   port_share_port = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=841244   client = DISABLED
    Sun Dec 24 13:59:45 2017 us=841270   pull = DISABLED
    Sun Dec 24 13:59:45 2017 us=841296   auth_user_pass_file = '[UNDEF]'
    Sun Dec 24 13:59:45 2017 us=841329 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct  8 2017
    Sun Dec 24 13:59:45 2017 us=841365 library versions: OpenSSL 1.0.2m-freebsd  2 Nov 2017, LZO 2.10
    Sun Dec 24 13:59:45 2017 us=842827 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server2.sock
    Sun Dec 24 13:59:45 2017 us=843220 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Sun Dec 24 13:59:45 2017 us=844239 Diffie-Hellman initialized with 2048 bit key
    Sun Dec 24 13:59:45 2017 us=846375 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Sun Dec 24 13:59:45 2017 us=846445 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Sun Dec 24 13:59:45 2017 us=846490 TLS-Auth MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    Sun Dec 24 13:59:45 2017 us=846661 TUN/TAP device ovpns2 exists previously, keep at program end
    Sun Dec 24 13:59:45 2017 us=846775 TUN/TAP device /dev/tun2 opened
    Sun Dec 24 13:59:45 2017 us=846810 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Sun Dec 24 13:59:45 2017 us=846875 /sbin/ifconfig ovpns2 192.168.5.1 192.168.5.2 mtu 1500 netmask 255.255.255.0 up
    Sun Dec 24 13:59:45 2017 us=871644 /sbin/route add -net 192.168.5.0 192.168.5.2 255.255.255.0
    add net 192.168.5.0: gateway 192.168.5.2
    Sun Dec 24 13:59:45 2017 us=874907 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.5.1 255.255.255.0 init
    OK
    Sun Dec 24 13:59:45 2017 us=887403 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
    Sun Dec 24 13:59:45 2017 us=887558 Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Sun Dec 24 13:59:45 2017 us=887636 Socket Buffers: R=[42080->42080] S=[57344->57344]
    Sun Dec 24 13:59:45 2017 us=887667 setsockopt(IPV6_V6ONLY=0)
    Sun Dec 24 13:59:45 2017 us=887735 UDPv6 link local (bound): [AF_INET6][undef]:1194
    Sun Dec 24 13:59:45 2017 us=887766 UDPv6 link remote: [AF_UNSPEC]
    Sun Dec 24 13:59:45 2017 us=887807 MULTI: multi_init called, r=256 v=256
    Sun Dec 24 13:59:45 2017 us=887930 IFCONFIG POOL: base=192.168.5.2 size=252, ipv6=0
    Sun Dec 24 13:59:45 2017 us=888022 Initialization Sequence Completed
    Sun Dec 24 14:00:41 2017 us=287607 MULTI: multi_create_instance called
    Sun Dec 24 14:00:41 2017 us=287740 49.195.119.219 Re-using SSL/TLS context
    Sun Dec 24 14:00:41 2017 us=288077 49.195.119.219 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    Sun Dec 24 14:00:41 2017 us=288120 49.195.119.219 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
    Sun Dec 24 14:00:41 2017 us=288226 49.195.119.219 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    Sun Dec 24 14:00:41 2017 us=288257 49.195.119.219 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    Sun Dec 24 14:00:41 2017 us=288505 49.195.119.219 TLS: Initial packet from [AF_INET6]::ffff:49.195.119.219:34541 (via ::ffff:103.93.68.221%pppoe0), sid=3c84a731 6faefa23
    Sun Dec 24 14:01:41 2017 us=157240 49.195.119.219 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sun Dec 24 14:01:41 2017 us=157315 49.195.119.219 TLS Error: TLS handshake failed
    Sun Dec 24 14:01:41 2017 us=157558 49.195.119.219 SIGUSR1[soft,tls-error] received, client-instance restarting
    Sun Dec 24 14:01:59 2017 us=511561 MULTI: multi_create_instance called
    Sun Dec 24 14:01:59 2017 us=511680 49.195.119.219 Re-using SSL/TLS context
    Sun Dec 24 14:01:59 2017 us=511823 49.195.119.219 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    Sun Dec 24 14:01:59 2017 us=511859 49.195.119.219 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
    Sun Dec 24 14:01:59 2017 us=511956 49.195.119.219 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    Sun Dec 24 14:01:59 2017 us=511987 49.195.119.219 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    Sun Dec 24 14:01:59 2017 us=512175 49.195.119.219 TLS: Initial packet from [AF_INET6]::ffff:49.195.119.219:34541 (via ::ffff:103.93.68.221%pppoe0), sid=97e62bfd a53e7ebb
    Sun Dec 24 14:02:59 2017 us=628338 49.195.119.219 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sun Dec 24 14:02:59 2017 us=628418 49.195.119.219 TLS Error: TLS handshake failed
    Sun Dec 24 14:02:59 2017 us=628568 49.195.119.219 SIGUSR1[soft,tls-error] received, client-instance restarting
    [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
    

  • Rebel Alliance Global Moderator

    "Is there anything special that needs to be done to support both OpenVPN client and server?"

    No I run that sort of setup my self.. Its clickity clickity done..

    Did you run through the wizard??  This looks completely borked

    Could not determine IPv4/IPv6 protocol. Using AF_INET6

    us=887735 UDPv6 link local (bound): [AF_INET6][undef]:1194



  • Yes I did use the wizard!

    Found the problem, it was the Protocol setting in the VPN Server.  Was set to 'UDP IPv4 and IPv6 on all interfaces (multihome)' so I changed it to 'UDP on IPv4 only' and it all worked.

    Thanks for you assistance and have a great Christmas.

    Greg