Remote Access to NAS
-
Hi all,
I have pfSense 2.4.2 and have setup OpenVPN client so that all my LAN traffic goes via the VPN. This is working great.
I also have a QNAP NAS that contains data files and also some music that I would like to have access to remotely via my phone and laptop. What is the best way to go about this?
Port Forwarding, VPN Server on NAS or pfSense or some other method?
I have also enabled DDNS (no-ip) on pfSense and that keeps my WAN Public IP updated correctly.
TIA
Greg
-
Just vpn in to pfsense.. If you want to access stuff on your network.
-
So it's OK to have both OpenVPN Client & Server on the one box?
So I followed the instructions here:-
https://www.youtube.com/watch?v=7rQ-Tgt3L18and imported the config into my Android Phone.
I do not get a connection with the pfSense logs showing:-
Dec 24 12:48:29 openvpn 11552 49.195.119.219 TLS Error: TLS handshake failed Dec 24 12:48:29 openvpn 11552 49.195.119.219 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Server config:-
persist-tun persist-key cipher AES-128-CBC ncp-ciphers AES-256-GCM:AES-128-GCM auth SHA256 tls-client client remote x.x.x 1194 udp auth-user-pass remote-cert-tls server <ca>-----BEGIN CERTIFICATE----- MIIESDCCAzCgAwIBAgIBADANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJBVTEM MAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxEDAOBgNVBAoTB0dIIEhvbWUx JDAiBgkqhkiG9w0BCQEWFWdyZWdAdGhlYnJpYXJzLm5ldC5hdTEQMA4GA1UEAxMH SG9tZVZQTjAeFw0xNzEyMjQwMDAyNTVaFw0yNzEyMjIwMDAyNTVaMHYxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEQMA4GA1UEChMH R0ggSG9tZTEkMCIGCSqGSIb3DQEJARYVZ3JlZ0B0aGVicmlhcnMubmV0LmF1MRAw DgYDVQQDEwdIb21lVlBOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA zSeIdn6+XgQMK2aBLnXV564hdpqNjV3Ejg+sb+6Hpc93Nq510NRY12wYwpbwhB+Z 73pb5IJPhXyU1wXkPgB5DB94rHQeC+OuQwaioGHNkQ408ASaVhA8i+i6iXMwmZNl FHYRfRrDvOvJNM5mouTKqSECwJLKbHhZ7/BZZaV/hMpJiWLNMYEfKu2F8uBUDzCo 26H5DPA7mrOR0BqsX3elWqj2WLRx70rr1lu4EYuktBow5MWSW1JIsccluYSmPnCT sKdc4VyM+muT+Pm97NZgOxHnt0uNnV5xJcngAa4mmCT9Ik1FUoKlE25rWiWLkI+P 2KMQDe1MGONpgeMuRNGPmQIDAQABo4HgMIHdMB0GA1UdDgQWBBSqAWXX9p6EhtHX QGTf8C8H2aPR6jCBoAYDVR0jBIGYMIGVgBSqAWXX9p6EhtHXQGTf8C8H2aPR6qF6 pHgwdjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5 MRAwDgYDVQQKEwdHSCBIb21lMSQwIgYJKoZIhvcNAQkBFhVncmVnQHRoZWJyaWFy cy5uZXQuYXUxEDAOBgNVBAMTB0hvbWVWUE6CAQAwDAYDVR0TBAUwAwEB/zALBgNV HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBADGaCabcfBAw1E3+yyb4kRyEgJfy sNlpA4ufX/iit3qNEsidLO4V/RfrwvEQqs53XuJpp/0bkVhbGvNSlFaCZ1qC7BrP H1lxNUZtT1L0gE3p0bLqC6cyNKtZ/0s60ZdpEueELHcd6+Bf1s5c7pU89/TXCZ5V +UrEVtLxcdK2poUMhS3+uWrxxdy9kLdFh4iMJIXecYWwr7LOggxK8UVHw7MueCBJ 3aHVGUlm725nAKRy1cXImWOgqY5b1WNB+FVqQ3FCGTmH9p7tEYVUfvfSy5PLPrJa R9AQpiZ8EKPQVhU4iI67dkZZz9xfnCI6Eh50fAZNNbYdtmKHcA0Nq8EoXeA= -----END CERTIFICATE-----</ca> setenv CLIENT_CERT 0 <tls-auth># # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- 65dac4a5f2a5b84c8dfa3e6c97a7921a fd72b6848bcacfa0812bcdbead460260 3c53f9ced8f32c1465ff8795a133fa65 57f296dcac36f91f0697f2e60473b6a7 a56e13ede9311faa8e7b66af2890447a 66856307a2d2a82f941735d3b3a08f3b 0023936bf1155022e6660bae38306072 629aaa90c6d15b288604334716603b4d 85cc8ec94d20f4b357fbe6fd89fa4309 4e51a9b9588e9b3a397b25c044d056aa 0deed72dd55e9c1feae47d5d73f8af04 9e6879bbbce4cd5a9e84cb204c7705ff 29d0fba696a0b40cecdeb256b355d1f7 1cbfaf8dfc6f7f4363a78ec6a0583375 6f2857079ce83fa5a9f382c6f363a82a 6ef3ea3c3ca7a49ccf4d5b5beab2a21b -----END OpenVPN Static key V1-----</tls-auth> key-direction 1
Is there anything special that needs to be done to support both OpenVPN client and server?
TIA
Greg
Edit:
vpnserver.logSun Dec 24 13:59:45 2017 us=834470 WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional (or --client-cert-not-required) may accept clients which do not present a certificate Sun Dec 24 13:59:45 2017 us=835231 Current Parameter Settings: Sun Dec 24 13:59:45 2017 us=835261 config = '/var/etc/openvpn/server2.conf' Sun Dec 24 13:59:45 2017 us=835287 mode = 1 Sun Dec 24 13:59:45 2017 us=835313 show_ciphers = DISABLED Sun Dec 24 13:59:45 2017 us=835345 show_digests = DISABLED Sun Dec 24 13:59:45 2017 us=835372 show_engines = DISABLED Sun Dec 24 13:59:45 2017 us=835397 genkey = DISABLED Sun Dec 24 13:59:45 2017 us=835423 key_pass_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=835448 show_tls_ciphers = DISABLED Sun Dec 24 13:59:45 2017 us=835473 connect_retry_max = 0 Sun Dec 24 13:59:45 2017 us=835499 Connection profiles [0]: Sun Dec 24 13:59:45 2017 us=835524 proto = udp Sun Dec 24 13:59:45 2017 us=835549 local = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=835575 local_port = '1194' Sun Dec 24 13:59:45 2017 us=835600 remote = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=835625 remote_port = '1194' Sun Dec 24 13:59:45 2017 us=835650 remote_float = ENABLED Sun Dec 24 13:59:45 2017 us=835675 bind_defined = DISABLED Sun Dec 24 13:59:45 2017 us=835700 bind_local = ENABLED Sun Dec 24 13:59:45 2017 us=835725 bind_ipv6_only = DISABLED Sun Dec 24 13:59:45 2017 us=835750 connect_retry_seconds = 5 Sun Dec 24 13:59:45 2017 us=835776 connect_timeout = 120 Sun Dec 24 13:59:45 2017 us=835801 socks_proxy_server = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=835826 socks_proxy_port = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=835851 tun_mtu = 1500 Sun Dec 24 13:59:45 2017 us=835876 tun_mtu_defined = ENABLED Sun Dec 24 13:59:45 2017 us=835902 link_mtu = 1500 Sun Dec 24 13:59:45 2017 us=835927 link_mtu_defined = DISABLED Sun Dec 24 13:59:45 2017 us=835952 tun_mtu_extra = 0 Sun Dec 24 13:59:45 2017 us=835977 tun_mtu_extra_defined = DISABLED Sun Dec 24 13:59:45 2017 us=836002 mtu_discover_type = -1 Sun Dec 24 13:59:45 2017 us=836033 fragment = 0 Sun Dec 24 13:59:45 2017 us=836060 mssfix = 1450 Sun Dec 24 13:59:45 2017 us=836086 explicit_exit_notification = 0 Sun Dec 24 13:59:45 2017 us=836111 Connection profiles END Sun Dec 24 13:59:45 2017 us=836137 remote_random = DISABLED Sun Dec 24 13:59:45 2017 us=836162 ipchange = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=836187 dev = 'ovpns2' Sun Dec 24 13:59:45 2017 us=836213 dev_type = 'tun' Sun Dec 24 13:59:45 2017 us=836238 dev_node = '/dev/tun2' Sun Dec 24 13:59:45 2017 us=836263 lladdr = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=836289 topology = 3 Sun Dec 24 13:59:45 2017 us=836314 ifconfig_local = '192.168.5.1' Sun Dec 24 13:59:45 2017 us=836340 ifconfig_remote_netmask = '255.255.255.0' Sun Dec 24 13:59:45 2017 us=836365 ifconfig_noexec = DISABLED Sun Dec 24 13:59:45 2017 us=836390 ifconfig_nowarn = DISABLED Sun Dec 24 13:59:45 2017 us=836415 ifconfig_ipv6_local = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=836440 ifconfig_ipv6_netbits = 0 Sun Dec 24 13:59:45 2017 us=836465 ifconfig_ipv6_remote = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=836491 shaper = 0 Sun Dec 24 13:59:45 2017 us=836515 mtu_test = 0 Sun Dec 24 13:59:45 2017 us=836540 mlock = DISABLED Sun Dec 24 13:59:45 2017 us=836565 keepalive_ping = 10 Sun Dec 24 13:59:45 2017 us=836591 keepalive_timeout = 60 Sun Dec 24 13:59:45 2017 us=836616 inactivity_timeout = 0 Sun Dec 24 13:59:45 2017 us=836641 ping_send_timeout = 10 Sun Dec 24 13:59:45 2017 us=836666 ping_rec_timeout = 120 Sun Dec 24 13:59:45 2017 us=836691 ping_rec_timeout_action = 2 Sun Dec 24 13:59:45 2017 us=836716 ping_timer_remote = ENABLED Sun Dec 24 13:59:45 2017 us=836751 remap_sigusr1 = 0 Sun Dec 24 13:59:45 2017 us=836778 persist_tun = ENABLED Sun Dec 24 13:59:45 2017 us=836803 persist_local_ip = DISABLED Sun Dec 24 13:59:45 2017 us=836829 persist_remote_ip = ENABLED Sun Dec 24 13:59:45 2017 us=836854 persist_key = ENABLED Sun Dec 24 13:59:45 2017 us=836879 passtos = DISABLED Sun Dec 24 13:59:45 2017 us=836905 resolve_retry_seconds = 1000000000 Sun Dec 24 13:59:45 2017 us=836948 resolve_in_advance = DISABLED Sun Dec 24 13:59:45 2017 us=836976 username = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=837001 groupname = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=837027 chroot_dir = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=837057 cd_dir = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=837083 writepid = '/var/run/openvpn_server2.pid' Sun Dec 24 13:59:45 2017 us=837109 up_script = '/usr/local/sbin/ovpn-linkup' Sun Dec 24 13:59:45 2017 us=837134 down_script = '/usr/local/sbin/ovpn-linkdown' Sun Dec 24 13:59:45 2017 us=837159 down_pre = DISABLED Sun Dec 24 13:59:45 2017 us=837184 up_restart = DISABLED Sun Dec 24 13:59:45 2017 us=837209 up_delay = DISABLED Sun Dec 24 13:59:45 2017 us=837235 daemon = ENABLED Sun Dec 24 13:59:45 2017 us=837260 inetd = 0 Sun Dec 24 13:59:45 2017 us=837285 log = ENABLED Sun Dec 24 13:59:45 2017 us=837311 suppress_timestamps = DISABLED Sun Dec 24 13:59:45 2017 us=837336 machine_readable_output = DISABLED Sun Dec 24 13:59:45 2017 us=837361 nice = 0 Sun Dec 24 13:59:45 2017 us=837386 verbosity = 4 Sun Dec 24 13:59:45 2017 us=837412 mute = 0 Sun Dec 24 13:59:45 2017 us=837437 gremlin = 0 Sun Dec 24 13:59:45 2017 us=837462 status_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=837488 status_file_version = 1 Sun Dec 24 13:59:45 2017 us=837514 status_file_update_freq = 60 Sun Dec 24 13:59:45 2017 us=837539 occ = ENABLED Sun Dec 24 13:59:45 2017 us=837564 rcvbuf = 0 Sun Dec 24 13:59:45 2017 us=837589 sndbuf = 0 Sun Dec 24 13:59:45 2017 us=837615 sockflags = 1 Sun Dec 24 13:59:45 2017 us=837640 fast_io = DISABLED Sun Dec 24 13:59:45 2017 us=837665 comp.alg = 0 Sun Dec 24 13:59:45 2017 us=837690 comp.flags = 0 Sun Dec 24 13:59:45 2017 us=837716 route_script = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=837742 route_default_gateway = '192.168.5.2' Sun Dec 24 13:59:45 2017 us=837768 route_default_metric = 0 Sun Dec 24 13:59:45 2017 us=837794 route_noexec = DISABLED Sun Dec 24 13:59:45 2017 us=837819 route_delay = 0 Sun Dec 24 13:59:45 2017 us=837845 route_delay_window = 30 Sun Dec 24 13:59:45 2017 us=837870 route_delay_defined = DISABLED Sun Dec 24 13:59:45 2017 us=837896 route_nopull = DISABLED Sun Dec 24 13:59:45 2017 us=837921 route_gateway_via_dhcp = DISABLED Sun Dec 24 13:59:45 2017 us=837947 allow_pull_fqdn = DISABLED Sun Dec 24 13:59:45 2017 us=837973 management_addr = '/var/etc/openvpn/server2.sock' Sun Dec 24 13:59:45 2017 us=837999 management_port = 'unix' Sun Dec 24 13:59:45 2017 us=838024 management_user_pass = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838055 management_log_history_cache = 250 Sun Dec 24 13:59:45 2017 us=838081 management_echo_buffer_size = 100 Sun Dec 24 13:59:45 2017 us=838107 management_write_peer_info_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838133 management_client_user = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838158 management_client_group = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838184 management_flags = 256 Sun Dec 24 13:59:45 2017 us=838210 shared_secret_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838235 key_direction = 1 Sun Dec 24 13:59:45 2017 us=838261 ciphername = 'AES-128-CBC' Sun Dec 24 13:59:45 2017 us=838287 ncp_enabled = ENABLED Sun Dec 24 13:59:45 2017 us=838313 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' Sun Dec 24 13:59:45 2017 us=838339 authname = 'SHA256' Sun Dec 24 13:59:45 2017 us=838365 prng_hash = 'SHA1' Sun Dec 24 13:59:45 2017 us=838390 prng_nonce_secret_len = 16 Sun Dec 24 13:59:45 2017 us=838416 keysize = 0 Sun Dec 24 13:59:45 2017 us=838441 engine = DISABLED Sun Dec 24 13:59:45 2017 us=838467 replay = ENABLED Sun Dec 24 13:59:45 2017 us=838492 mute_replay_warnings = DISABLED Sun Dec 24 13:59:45 2017 us=838518 replay_window = 64 Sun Dec 24 13:59:45 2017 us=838544 replay_time = 15 Sun Dec 24 13:59:45 2017 us=838569 packet_id_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838595 use_iv = ENABLED Sun Dec 24 13:59:45 2017 us=838620 test_crypto = DISABLED Sun Dec 24 13:59:45 2017 us=838665 tls_server = ENABLED Sun Dec 24 13:59:45 2017 us=838692 tls_client = DISABLED Sun Dec 24 13:59:45 2017 us=838718 key_method = 2 Sun Dec 24 13:59:45 2017 us=838743 ca_file = '/var/etc/openvpn/server2.ca' Sun Dec 24 13:59:45 2017 us=838769 ca_path = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838795 dh_file = '/etc/dh-parameters.2048' Sun Dec 24 13:59:45 2017 us=838821 cert_file = '/var/etc/openvpn/server2.cert' Sun Dec 24 13:59:45 2017 us=838846 extra_certs_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838872 priv_key_file = '/var/etc/openvpn/server2.key' Sun Dec 24 13:59:45 2017 us=838898 pkcs12_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838923 cipher_list = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=838949 tls_verify = '/usr/local/sbin/ovpn_auth_verify tls 'HomeVPN' 1' Sun Dec 24 13:59:45 2017 us=838975 tls_export_cert = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=839000 verify_x509_type = 0 Sun Dec 24 13:59:45 2017 us=839026 verify_x509_name = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=839057 crl_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=839083 ns_cert_type = 0 Sun Dec 24 13:59:45 2017 us=839109 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839135 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839160 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839186 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839212 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839238 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839264 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839290 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839315 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839341 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839367 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839392 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839418 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839444 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839470 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839496 remote_cert_ku[i] = 0 Sun Dec 24 13:59:45 2017 us=839521 remote_cert_eku = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=839547 ssl_flags = 5 Sun Dec 24 13:59:45 2017 us=839573 tls_timeout = 2 Sun Dec 24 13:59:45 2017 us=839598 renegotiate_bytes = -1 Sun Dec 24 13:59:45 2017 us=839624 renegotiate_packets = 0 Sun Dec 24 13:59:45 2017 us=839650 renegotiate_seconds = 3600 Sun Dec 24 13:59:45 2017 us=839676 handshake_window = 60 Sun Dec 24 13:59:45 2017 us=839702 transition_window = 3600 Sun Dec 24 13:59:45 2017 us=839728 single_session = DISABLED Sun Dec 24 13:59:45 2017 us=839753 push_peer_info = DISABLED Sun Dec 24 13:59:45 2017 us=839779 tls_exit = DISABLED Sun Dec 24 13:59:45 2017 us=839805 tls_auth_file = '/var/etc/openvpn/server2.tls-auth' Sun Dec 24 13:59:45 2017 us=839830 tls_crypt_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=839859 server_network = 192.168.5.0 Sun Dec 24 13:59:45 2017 us=839888 server_netmask = 255.255.255.0 Sun Dec 24 13:59:45 2017 us=839923 server_network_ipv6 = :: Sun Dec 24 13:59:45 2017 us=839950 server_netbits_ipv6 = 0 Sun Dec 24 13:59:45 2017 us=839979 server_bridge_ip = 0.0.0.0 Sun Dec 24 13:59:45 2017 us=840007 server_bridge_netmask = 0.0.0.0 Sun Dec 24 13:59:45 2017 us=840040 server_bridge_pool_start = 0.0.0.0 Sun Dec 24 13:59:45 2017 us=840069 server_bridge_pool_end = 0.0.0.0 Sun Dec 24 13:59:45 2017 us=840095 push_entry = 'route 192.168.10.0 255.255.255.0' Sun Dec 24 13:59:45 2017 us=840121 push_entry = 'dhcp-option DNS 192.168.10.1' Sun Dec 24 13:59:45 2017 us=840148 push_entry = 'route-gateway 192.168.5.1' Sun Dec 24 13:59:45 2017 us=840173 push_entry = 'topology subnet' Sun Dec 24 13:59:45 2017 us=840199 push_entry = 'ping 10' Sun Dec 24 13:59:45 2017 us=840225 push_entry = 'ping-restart 60' Sun Dec 24 13:59:45 2017 us=840250 ifconfig_pool_defined = ENABLED Sun Dec 24 13:59:45 2017 us=840279 ifconfig_pool_start = 192.168.5.2 Sun Dec 24 13:59:45 2017 us=840307 ifconfig_pool_end = 192.168.5.253 Sun Dec 24 13:59:45 2017 us=840336 ifconfig_pool_netmask = 255.255.255.0 Sun Dec 24 13:59:45 2017 us=840374 ifconfig_pool_persist_filename = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=840401 ifconfig_pool_persist_refresh_freq = 600 Sun Dec 24 13:59:45 2017 us=840427 ifconfig_ipv6_pool_defined = DISABLED Sun Dec 24 13:59:45 2017 us=840455 ifconfig_ipv6_pool_base = :: Sun Dec 24 13:59:45 2017 us=840481 ifconfig_ipv6_pool_netbits = 0 Sun Dec 24 13:59:45 2017 us=840507 n_bcast_buf = 256 Sun Dec 24 13:59:45 2017 us=840533 tcp_queue_limit = 64 Sun Dec 24 13:59:45 2017 us=840559 real_hash_size = 256 Sun Dec 24 13:59:45 2017 us=840585 virtual_hash_size = 256 Sun Dec 24 13:59:45 2017 us=840611 client_connect_script = '/usr/local/sbin/openvpn.attributes.sh' Sun Dec 24 13:59:45 2017 us=840637 learn_address_script = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=840663 client_disconnect_script = '/usr/local/sbin/openvpn.attributes.sh' Sun Dec 24 13:59:45 2017 us=840689 client_config_dir = '/var/etc/openvpn-csc/server2' Sun Dec 24 13:59:45 2017 us=840715 ccd_exclusive = DISABLED Sun Dec 24 13:59:45 2017 us=840740 tmp_dir = '/tmp' Sun Dec 24 13:59:45 2017 us=840766 push_ifconfig_defined = DISABLED Sun Dec 24 13:59:45 2017 us=840794 push_ifconfig_local = 0.0.0.0 Sun Dec 24 13:59:45 2017 us=840823 push_ifconfig_remote_netmask = 0.0.0.0 Sun Dec 24 13:59:45 2017 us=840849 push_ifconfig_ipv6_defined = DISABLED Sun Dec 24 13:59:45 2017 us=840876 push_ifconfig_ipv6_local = ::/0 Sun Dec 24 13:59:45 2017 us=840903 push_ifconfig_ipv6_remote = :: Sun Dec 24 13:59:45 2017 us=840929 enable_c2c = DISABLED Sun Dec 24 13:59:45 2017 us=840955 duplicate_cn = DISABLED Sun Dec 24 13:59:45 2017 us=840980 cf_max = 0 Sun Dec 24 13:59:45 2017 us=841006 cf_per = 0 Sun Dec 24 13:59:45 2017 us=841036 max_clients = 5 Sun Dec 24 13:59:45 2017 us=841063 max_routes_per_client = 256 Sun Dec 24 13:59:45 2017 us=841089 auth_user_pass_verify_script = '/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server2 1194' Sun Dec 24 13:59:45 2017 us=841116 auth_user_pass_verify_script_via_file = DISABLED Sun Dec 24 13:59:45 2017 us=841141 auth_token_generate = DISABLED Sun Dec 24 13:59:45 2017 us=841167 auth_token_lifetime = 0 Sun Dec 24 13:59:45 2017 us=841193 port_share_host = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=841219 port_share_port = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=841244 client = DISABLED Sun Dec 24 13:59:45 2017 us=841270 pull = DISABLED Sun Dec 24 13:59:45 2017 us=841296 auth_user_pass_file = '[UNDEF]' Sun Dec 24 13:59:45 2017 us=841329 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 8 2017 Sun Dec 24 13:59:45 2017 us=841365 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10 Sun Dec 24 13:59:45 2017 us=842827 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server2.sock Sun Dec 24 13:59:45 2017 us=843220 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Dec 24 13:59:45 2017 us=844239 Diffie-Hellman initialized with 2048 bit key Sun Dec 24 13:59:45 2017 us=846375 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Sun Dec 24 13:59:45 2017 us=846445 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Sun Dec 24 13:59:45 2017 us=846490 TLS-Auth MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ] Sun Dec 24 13:59:45 2017 us=846661 TUN/TAP device ovpns2 exists previously, keep at program end Sun Dec 24 13:59:45 2017 us=846775 TUN/TAP device /dev/tun2 opened Sun Dec 24 13:59:45 2017 us=846810 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sun Dec 24 13:59:45 2017 us=846875 /sbin/ifconfig ovpns2 192.168.5.1 192.168.5.2 mtu 1500 netmask 255.255.255.0 up Sun Dec 24 13:59:45 2017 us=871644 /sbin/route add -net 192.168.5.0 192.168.5.2 255.255.255.0 add net 192.168.5.0: gateway 192.168.5.2 Sun Dec 24 13:59:45 2017 us=874907 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.5.1 255.255.255.0 init OK Sun Dec 24 13:59:45 2017 us=887403 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Sun Dec 24 13:59:45 2017 us=887558 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Sun Dec 24 13:59:45 2017 us=887636 Socket Buffers: R=[42080->42080] S=[57344->57344] Sun Dec 24 13:59:45 2017 us=887667 setsockopt(IPV6_V6ONLY=0) Sun Dec 24 13:59:45 2017 us=887735 UDPv6 link local (bound): [AF_INET6][undef]:1194 Sun Dec 24 13:59:45 2017 us=887766 UDPv6 link remote: [AF_UNSPEC] Sun Dec 24 13:59:45 2017 us=887807 MULTI: multi_init called, r=256 v=256 Sun Dec 24 13:59:45 2017 us=887930 IFCONFIG POOL: base=192.168.5.2 size=252, ipv6=0 Sun Dec 24 13:59:45 2017 us=888022 Initialization Sequence Completed Sun Dec 24 14:00:41 2017 us=287607 MULTI: multi_create_instance called Sun Dec 24 14:00:41 2017 us=287740 49.195.119.219 Re-using SSL/TLS context Sun Dec 24 14:00:41 2017 us=288077 49.195.119.219 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ] Sun Dec 24 14:00:41 2017 us=288120 49.195.119.219 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Sun Dec 24 14:00:41 2017 us=288226 49.195.119.219 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' Sun Dec 24 14:00:41 2017 us=288257 49.195.119.219 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' Sun Dec 24 14:00:41 2017 us=288505 49.195.119.219 TLS: Initial packet from [AF_INET6]::ffff:49.195.119.219:34541 (via ::ffff:103.93.68.221%pppoe0), sid=3c84a731 6faefa23 Sun Dec 24 14:01:41 2017 us=157240 49.195.119.219 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sun Dec 24 14:01:41 2017 us=157315 49.195.119.219 TLS Error: TLS handshake failed Sun Dec 24 14:01:41 2017 us=157558 49.195.119.219 SIGUSR1[soft,tls-error] received, client-instance restarting Sun Dec 24 14:01:59 2017 us=511561 MULTI: multi_create_instance called Sun Dec 24 14:01:59 2017 us=511680 49.195.119.219 Re-using SSL/TLS context Sun Dec 24 14:01:59 2017 us=511823 49.195.119.219 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ] Sun Dec 24 14:01:59 2017 us=511859 49.195.119.219 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Sun Dec 24 14:01:59 2017 us=511956 49.195.119.219 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' Sun Dec 24 14:01:59 2017 us=511987 49.195.119.219 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' Sun Dec 24 14:01:59 2017 us=512175 49.195.119.219 TLS: Initial packet from [AF_INET6]::ffff:49.195.119.219:34541 (via ::ffff:103.93.68.221%pppoe0), sid=97e62bfd a53e7ebb Sun Dec 24 14:02:59 2017 us=628338 49.195.119.219 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sun Dec 24 14:02:59 2017 us=628418 49.195.119.219 TLS Error: TLS handshake failed Sun Dec 24 14:02:59 2017 us=628568 49.195.119.219 SIGUSR1[soft,tls-error] received, client-instance restarting [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
-
"Is there anything special that needs to be done to support both OpenVPN client and server?"
No I run that sort of setup my self.. Its clickity clickity done..
Did you run through the wizard?? This looks completely borked
Could not determine IPv4/IPv6 protocol. Using AF_INET6
us=887735 UDPv6 link local (bound): [AF_INET6][undef]:1194
-
Yes I did use the wizard!
Found the problem, it was the Protocol setting in the VPN Server. Was set to 'UDP IPv4 and IPv6 on all interfaces (multihome)' so I changed it to 'UDP on IPv4 only' and it all worked.
Thanks for you assistance and have a great Christmas.
Greg