Handshake failed



  • Hi there!  :)

    I am rather new in the server/pfsense/openvpn world. I've read a lot about it and followed a tuto for my first install.
    The drawing of the installation is this one:

    I have followed all instructions, started over 3 times, but I still have the below error when I am trying to connect with my remote laptop:

    Mon Feb 05 21:05:00 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
    Mon Feb 05 21:05:00 2018 Windows version 6.1 (Windows 7) 64bit
    Mon Feb 05 21:05:00 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
    Mon Feb 05 21:05:14 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.xx.xx:2294
    Mon Feb 05 21:05:14 2018 UDP link local (bound): [AF_INET][undef]:0
    Mon Feb 05 21:05:14 2018 UDP link remote: [AF_INET]192.168.xx.xx:2294
    Mon Feb 05 21:06:14 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mon Feb 05 21:06:14 2018 TLS Error: TLS handshake failed

    I have opened the port 2294 on my box as well althought I dont think it has any effect on a VPN…
    In top of that information from the client, I have set the verbose to 6 on my server and took the whole log:
    (Sorry, this is a bit long, but not sure to know which part could be relevant or not...)

    Feb 6 20:39:02 openvpn 79048 Current Parameter Settings:
    Feb 6 20:39:02 openvpn 79048 config = '/var/etc/openvpn/server1.conf'
    Feb 6 20:39:02 openvpn 79048 mode = 1
    Feb 6 20:39:02 openvpn 79048 show_ciphers = DISABLED
    Feb 6 20:39:02 openvpn 79048 show_digests = DISABLED
    Feb 6 20:39:02 openvpn 79048 show_engines = DISABLED
    Feb 6 20:39:02 openvpn 79048 genkey = DISABLED
    Feb 6 20:39:02 openvpn 79048 key_pass_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 show_tls_ciphers = DISABLED
    Feb 6 20:39:02 openvpn 79048 connect_retry_max = 0
    Feb 6 20:39:02 openvpn 79048 Connection profiles [0]:
    Feb 6 20:39:02 openvpn 79048 proto = udp4
    Feb 6 20:39:02 openvpn 79048 local = '10.0.0.2'
    Feb 6 20:39:02 openvpn 79048 local_port = '2294'
    Feb 6 20:39:02 openvpn 79048 remote = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 remote_port = '1194'
    Feb 6 20:39:02 openvpn 79048 remote_float = ENABLED
    Feb 6 20:39:02 openvpn 79048 bind_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 bind_local = ENABLED
    Feb 6 20:39:02 openvpn 79048 bind_ipv6_only = DISABLED
    Feb 6 20:39:02 openvpn 79048 connect_retry_seconds = 5
    Feb 6 20:39:02 openvpn 79048 connect_timeout = 120
    Feb 6 20:39:02 openvpn 79048 socks_proxy_server = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 socks_proxy_port = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 tun_mtu = 1500
    Feb 6 20:39:02 openvpn 79048 tun_mtu_defined = ENABLED
    Feb 6 20:39:02 openvpn 79048 link_mtu = 1500
    Feb 6 20:39:02 openvpn 79048 link_mtu_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 tun_mtu_extra = 0
    Feb 6 20:39:02 openvpn 79048 tun_mtu_extra_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 mtu_discover_type = -1
    Feb 6 20:39:02 openvpn 79048 fragment = 0
    Feb 6 20:39:02 openvpn 79048 mssfix = 1450
    Feb 6 20:39:02 openvpn 79048 explicit_exit_notification = 0
    Feb 6 20:39:02 openvpn 79048 Connection profiles END
    Feb 6 20:39:02 openvpn 79048 remote_random = DISABLED
    Feb 6 20:39:02 openvpn 79048 ipchange = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 dev = 'ovpns1'
    Feb 6 20:39:02 openvpn 79048 dev_type = 'tun'
    Feb 6 20:39:02 openvpn 79048 dev_node = '/dev/tun1'
    Feb 6 20:39:02 openvpn 79048 lladdr = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 topology = 3
    Feb 6 20:39:02 openvpn 79048 ifconfig_local = '10.2.2.1'
    Feb 6 20:39:02 openvpn 79048 ifconfig_remote_netmask = '255.255.255.0'
    Feb 6 20:39:02 openvpn 79048 ifconfig_noexec = DISABLED
    Feb 6 20:39:02 openvpn 79048 ifconfig_nowarn = DISABLED
    Feb 6 20:39:02 openvpn 79048 ifconfig_ipv6_local = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 ifconfig_ipv6_netbits = 0
    Feb 6 20:39:02 openvpn 79048 ifconfig_ipv6_remote = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 shaper = 0
    Feb 6 20:39:02 openvpn 79048 mtu_test = 0
    Feb 6 20:39:02 openvpn 79048 mlock = DISABLED
    Feb 6 20:39:02 openvpn 79048 keepalive_ping = 10
    Feb 6 20:39:02 openvpn 79048 keepalive_timeout = 60
    Feb 6 20:39:02 openvpn 79048 inactivity_timeout = 0
    Feb 6 20:39:02 openvpn 79048 ping_send_timeout = 10
    Feb 6 20:39:02 openvpn 79048 ping_rec_timeout = 120
    Feb 6 20:39:02 openvpn 79048 ping_rec_timeout_action = 2
    Feb 6 20:39:02 openvpn 79048 ping_timer_remote = ENABLED
    Feb 6 20:39:02 openvpn 79048 remap_sigusr1 = 0
    Feb 6 20:39:02 openvpn 79048 persist_tun = ENABLED
    Feb 6 20:39:02 openvpn 79048 persist_local_ip = DISABLED
    Feb 6 20:39:02 openvpn 79048 persist_remote_ip = ENABLED
    Feb 6 20:39:02 openvpn 79048 persist_key = ENABLED
    Feb 6 20:39:02 openvpn 79048 passtos = DISABLED
    Feb 6 20:39:02 openvpn 79048 resolve_retry_seconds = 1000000000
    Feb 6 20:39:02 openvpn 79048 resolve_in_advance = DISABLED
    Feb 6 20:39:02 openvpn 79048 username = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 groupname = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 chroot_dir = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 cd_dir = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 writepid = '/var/run/openvpn_server1.pid'
    Feb 6 20:39:02 openvpn 79048 up_script = '/usr/local/sbin/ovpn-linkup'
    Feb 6 20:39:02 openvpn 79048 down_script = '/usr/local/sbin/ovpn-linkdown'
    Feb 6 20:39:02 openvpn 79048 down_pre = DISABLED
    Feb 6 20:39:02 openvpn 79048 up_restart = DISABLED
    Feb 6 20:39:02 openvpn 79048 up_delay = DISABLED
    Feb 6 20:39:02 openvpn 79048 daemon = ENABLED
    Feb 6 20:39:02 openvpn 79048 inetd = 0
    Feb 6 20:39:02 openvpn 79048 log = DISABLED
    Feb 6 20:39:02 openvpn 79048 suppress_timestamps = DISABLED
    Feb 6 20:39:02 openvpn 79048 machine_readable_output = DISABLED
    Feb 6 20:39:02 openvpn 79048 nice = 0
    Feb 6 20:39:02 openvpn 79048 verbosity = 6
    Feb 6 20:39:02 openvpn 79048 mute = 0
    Feb 6 20:39:02 openvpn 79048 gremlin = 0
    Feb 6 20:39:02 openvpn 79048 status_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 status_file_version = 1
    Feb 6 20:39:02 openvpn 79048 status_file_update_freq = 60
    Feb 6 20:39:02 openvpn 79048 occ = ENABLED
    Feb 6 20:39:02 openvpn 79048 rcvbuf = 0
    Feb 6 20:39:02 openvpn 79048 sndbuf = 0
    Feb 6 20:39:02 openvpn 79048 sockflags = 0
    Feb 6 20:39:02 openvpn 79048 fast_io = DISABLED
    Feb 6 20:39:02 openvpn 79048 comp.alg = 0
    Feb 6 20:39:02 openvpn 79048 comp.flags = 0
    Feb 6 20:39:02 openvpn 79048 route_script = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 route_default_gateway = '10.2.2.2'
    Feb 6 20:39:02 openvpn 79048 route_default_metric = 0
    Feb 6 20:39:02 openvpn 79048 route_noexec = DISABLED
    Feb 6 20:39:02 openvpn 79048 route_delay = 0
    Feb 6 20:39:02 openvpn 79048 route_delay_window = 30
    Feb 6 20:39:02 openvpn 79048 route_delay_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 route_nopull = DISABLED
    Feb 6 20:39:02 openvpn 79048 route_gateway_via_dhcp = DISABLED
    Feb 6 20:39:02 openvpn 79048 allow_pull_fqdn = DISABLED
    Feb 6 20:39:02 openvpn 79048 management_addr = '/var/etc/openvpn/server1.sock'
    Feb 6 20:39:02 openvpn 79048 management_port = 'unix'
    Feb 6 20:39:02 openvpn 79048 management_user_pass = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 management_log_history_cache = 250
    Feb 6 20:39:02 openvpn 79048 management_echo_buffer_size = 100
    Feb 6 20:39:02 openvpn 79048 management_write_peer_info_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 management_client_user = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 management_client_group = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 management_flags = 256
    Feb 6 20:39:02 openvpn 79048 shared_secret_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 key_direction = 1
    Feb 6 20:39:02 openvpn 79048 ciphername = 'AES-128-CBC'
    Feb 6 20:39:02 openvpn 79048 ncp_enabled = ENABLED
    Feb 6 20:39:02 openvpn 79048 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
    Feb 6 20:39:02 openvpn 79048 authname = 'SHA1'
    Feb 6 20:39:02 openvpn 79048 prng_hash = 'SHA1'
    Feb 6 20:39:02 openvpn 79048 prng_nonce_secret_len = 16
    Feb 6 20:39:02 openvpn 79048 keysize = 0
    Feb 6 20:39:02 openvpn 79048 engine = DISABLED
    Feb 6 20:39:02 openvpn 79048 replay = ENABLED
    Feb 6 20:39:02 openvpn 79048 mute_replay_warnings = DISABLED
    Feb 6 20:39:02 openvpn 79048 replay_window = 64
    Feb 6 20:39:02 openvpn 79048 replay_time = 15
    Feb 6 20:39:02 openvpn 79048 packet_id_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 use_iv = ENABLED
    Feb 6 20:39:02 openvpn 79048 test_crypto = DISABLED
    Feb 6 20:39:02 openvpn 79048 tls_server = ENABLED
    Feb 6 20:39:02 openvpn 79048 tls_client = DISABLED
    Feb 6 20:39:02 openvpn 79048 key_method = 2
    Feb 6 20:39:02 openvpn 79048 ca_file = '/var/etc/openvpn/server1.ca'
    Feb 6 20:39:02 openvpn 79048 ca_path = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 dh_file = '/etc/dh-parameters.1024'
    Feb 6 20:39:02 openvpn 79048 cert_file = '/var/etc/openvpn/server1.cert'
    Feb 6 20:39:02 openvpn 79048 extra_certs_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 priv_key_file = '/var/etc/openvpn/server1.key'
    Feb 6 20:39:02 openvpn 79048 pkcs12_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 cipher_list = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 tls_verify = '/usr/local/sbin/ovpn_auth_verify tls 'Certif+Serveur+PFSense' 1'
    Feb 6 20:39:02 openvpn 79048 tls_export_cert = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 verify_x509_type = 0
    Feb 6 20:39:02 openvpn 79048 verify_x509_name = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 crl_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 ns_cert_type = 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_ku _= 0
    Feb 6 20:39:02 openvpn 79048 remote_cert_eku = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 ssl_flags = 4
    Feb 6 20:39:02 openvpn 79048 tls_timeout = 2
    Feb 6 20:39:02 openvpn 79048 renegotiate_bytes = -1
    Feb 6 20:39:02 openvpn 79048 renegotiate_packets = 0
    Feb 6 20:39:02 openvpn 79048 renegotiate_seconds = 3600
    Feb 6 20:39:02 openvpn 79048 handshake_window = 60
    Feb 6 20:39:02 openvpn 79048 transition_window = 3600
    Feb 6 20:39:02 openvpn 79048 single_session = DISABLED
    Feb 6 20:39:02 openvpn 79048 push_peer_info = DISABLED
    Feb 6 20:39:02 openvpn 79048 tls_exit = DISABLED
    Feb 6 20:39:02 openvpn 79048 tls_auth_file = '/var/etc/openvpn/server1.tls-auth'
    Feb 6 20:39:02 openvpn 79048 tls_crypt_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 server_network = 10.2.2.0
    Feb 6 20:39:02 openvpn 79048 server_netmask = 255.255.255.0
    Feb 6 20:39:02 openvpn 79048 server_network_ipv6 = ::
    Feb 6 20:39:02 openvpn 79048 server_netbits_ipv6 = 0
    Feb 6 20:39:02 openvpn 79048 server_bridge_ip = 0.0.0.0
    Feb 6 20:39:02 openvpn 79048 server_bridge_netmask = 0.0.0.0
    Feb 6 20:39:02 openvpn 79048 server_bridge_pool_start = 0.0.0.0
    Feb 6 20:39:02 openvpn 79048 server_bridge_pool_end = 0.0.0.0
    Feb 6 20:39:02 openvpn 79048 push_entry = 'redirect-gateway def1'
    Feb 6 20:39:02 openvpn 79048 push_entry = 'route-gateway 10.2.2.1'
    Feb 6 20:39:02 openvpn 79048 push_entry = 'topology subnet'
    Feb 6 20:39:02 openvpn 79048 push_entry = 'ping 10'
    Feb 6 20:39:02 openvpn 79048 push_entry = 'ping-restart 60'
    Feb 6 20:39:02 openvpn 79048 ifconfig_pool_defined = ENABLED
    Feb 6 20:39:02 openvpn 79048 ifconfig_pool_start = 10.2.2.2
    Feb 6 20:39:02 openvpn 79048 ifconfig_pool_end = 10.2.2.253
    Feb 6 20:39:02 openvpn 79048 ifconfig_pool_netmask = 255.255.255.0
    Feb 6 20:39:02 openvpn 79048 ifconfig_pool_persist_filename = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 ifconfig_pool_persist_refresh_freq = 600
    Feb 6 20:39:02 openvpn 79048 ifconfig_ipv6_pool_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 ifconfig_ipv6_pool_base = ::
    Feb 6 20:39:02 openvpn 79048 ifconfig_ipv6_pool_netbits = 0
    Feb 6 20:39:02 openvpn 79048 n_bcast_buf = 256
    Feb 6 20:39:02 openvpn 79048 tcp_queue_limit = 64
    Feb 6 20:39:02 openvpn 79048 real_hash_size = 256
    Feb 6 20:39:02 openvpn 79048 virtual_hash_size = 256
    Feb 6 20:39:02 openvpn 79048 client_connect_script = '/usr/local/sbin/openvpn.attributes.sh'
    Feb 6 20:39:02 openvpn 79048 learn_address_script = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 client_disconnect_script = '/usr/local/sbin/openvpn.attributes.sh'
    Feb 6 20:39:02 openvpn 79048 client_config_dir = '/var/etc/openvpn-csc/server1'
    Feb 6 20:39:02 openvpn 79048 ccd_exclusive = DISABLED
    Feb 6 20:39:02 openvpn 79048 tmp_dir = '/tmp'
    Feb 6 20:39:02 openvpn 79048 push_ifconfig_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 push_ifconfig_local = 0.0.0.0
    Feb 6 20:39:02 openvpn 79048 push_ifconfig_remote_netmask = 0.0.0.0
    Feb 6 20:39:02 openvpn 79048 push_ifconfig_ipv6_defined = DISABLED
    Feb 6 20:39:02 openvpn 79048 push_ifconfig_ipv6_local = ::/0
    Feb 6 20:39:02 openvpn 79048 push_ifconfig_ipv6_remote = ::
    Feb 6 20:39:02 openvpn 79048 enable_c2c = ENABLED
    Feb 6 20:39:02 openvpn 79048 duplicate_cn = DISABLED
    Feb 6 20:39:02 openvpn 79048 cf_max = 0
    Feb 6 20:39:02 openvpn 79048 cf_per = 0
    Feb 6 20:39:02 openvpn 79048 max_clients = 3
    Feb 6 20:39:02 openvpn 79048 max_routes_per_client = 256
    Feb 6 20:39:02 openvpn 79048 auth_user_pass_verify_script = '/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 2294'
    Feb 6 20:39:02 openvpn 79048 auth_user_pass_verify_script_via_file = DISABLED
    Feb 6 20:39:02 openvpn 79048 auth_token_generate = DISABLED
    Feb 6 20:39:02 openvpn 79048 auth_token_lifetime = 0
    Feb 6 20:39:02 openvpn 79048 port_share_host = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 port_share_port = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 client = DISABLED
    Feb 6 20:39:02 openvpn 79048 pull = DISABLED
    Feb 6 20:39:02 openvpn 79048 auth_user_pass_file = '[UNDEF]'
    Feb 6 20:39:02 openvpn 79048 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
    Feb 6 20:39:02 openvpn 79048 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Feb 6 20:39:02 openvpn 79118 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
    Feb 6 20:39:02 openvpn 79118 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Feb 6 20:39:02 openvpn 79118 Diffie-Hellman initialized with 1024 bit key
    Feb 6 20:39:02 openvpn 79118 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 6 20:39:02 openvpn 79118 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 6 20:39:02 openvpn 79118 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
    Feb 6 20:39:02 openvpn 79118 TUN/TAP device ovpns1 exists previously, keep at program end
    Feb 6 20:39:02 openvpn 79118 TUN/TAP device /dev/tun1 opened
    Feb 6 20:39:02 openvpn 79118 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Feb 6 20:39:02 openvpn 79118 /sbin/ifconfig ovpns1 10.2.2.1 10.2.2.2 mtu 1500 netmask 255.255.255.0 up
    Feb 6 20:39:02 openvpn 79118 /sbin/route add -net 10.2.2.0 10.2.2.2 255.255.255.0
    Feb 6 20:39:02 openvpn 79118 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 10.2.2.1 255.255.255.0 init
    Feb 6 20:39:02 openvpn 79118 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
    Feb 6 20:39:02 openvpn 79118 Socket Buffers: R=[42080->42080] S=[57344->57344]
    Feb 6 20:39:02 openvpn 79118 UDPv4 link local (bound): [AF_INET]10.0.0.2:2294
    Feb 6 20:39:02 openvpn 79118 UDPv4 link remote: [AF_UNSPEC]
    Feb 6 20:39:02 openvpn 79118 MULTI: multi_init called, r=256 v=256
    Feb 6 20:39:02 openvpn 79118 IFCONFIG POOL: base=10.2.2.2 size=252, ipv6=0
    Feb 6 20:39:02 openvpn 79118 Initialization Sequence Completed
    Feb 6 20:40:01 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:40:01 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:40:01 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:40:01 openvpn 79118 MANAGEMENT: Client disconnected
    Feb 6 20:41:03 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:41:03 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:41:03 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:41:03 openvpn 79118 MANAGEMENT: Client disconnected
    Feb 6 20:42:05 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:42:05 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:42:05 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:42:05 openvpn 79118 MANAGEMENT: Client disconnected
    Feb 6 20:43:07 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:43:07 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:43:07 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:43:07 openvpn 79118 MANAGEMENT: Client disconnected
    Feb 6 20:44:08 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:44:09 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:44:09 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:44:09 openvpn 79118 MANAGEMENT: Client disconnected
    Feb 6 20:45:10 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:45:10 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:45:11 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:45:11 openvpn 79118 MANAGEMENT: Client disconnected
    Feb 6 20:46:12 openvpn 79118 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 6 20:46:12 openvpn 79118 MANAGEMENT: CMD 'status 2'
    Feb 6 20:46:13 openvpn 79118 MANAGEMENT: CMD 'quit'
    Feb 6 20:46:13 openvpn 79118 MANAGEMENT: Client disconnected

    I am seeing some suspicious things here, like this remote_port = '1194' whereas all my config was done on port 2294, but don't see where it is coming from…

    I am on that issue since christmas but just decided to go to the source on this forum to seek for any help or advice.

    So a BIG thank you in advance for those of you who will have the kindness to read all that post!  ;)________________


  • LAYER 8 Global Moderator

    "UDP link remote: [AF_INET]192.168.xx.xx:2294"

    How exactly do you think your going to connect to a rfc1918 address remotely?

    See that public IP.. You would need to connect to that from the internet, which would need to be portforwarded to the pfsense WAN IP.




  • Diagram is cool ;)



  • Hi!
    Thanks for the feedback.  :D
    The log I attached is one my tests. I have also tried with my box public IP (something like 89.220.xx.xx) but I had the same results
    Of course I have forwarded port 2294 in my box to my pve IP, setup the iptables and created the corresponding PF rules.
    Am I right assuming that this public IP is my external box IP address ?

    Thanks for the diagram. I have not created it myself, took it from the tutorial I followed  ;)


  • LAYER 8 Global Moderator

    hehehe - so we are not even sure your setup that way ;)

    If your pfsense log never shows you making a connection attempt then the traffic is never getting there for openvpn to work..



  • I am almost sure that I followed the whole settings properly (especially since I have started over 3 times  ;D)

    The 2 points on which I have doubts are:
    -That damn public IP address to fill in PF Sense in OpenVPN section before exporting the configuration file, there is little description on that point on the tutorial, indeed at first I thought that was the IP of my proxmox in my LAN behind my box's provider, but your first remark makes totally sense, there is no way that the connection find the right path with only my internal IP address. I tried with my external IP (from my box provider) but had the same results, I also tried with other IP address without any further success….

    -Any other sub settings not related to proxmox or PFSense/openVPN: in the providers box or somewhere else? But I have already forwarded the 2294 port to my internal proxmox IP address and don't see what to do else....

    When you say "If your pfsense log never shows you making a connection attempt then the traffic is never getting there for openvpn to work.." I tend to accept it as a true statement but in this case how is it possible that my PFsense/OpenVPN records activity? (cf the big log in the first post)

    And thank you again for helping me in my crusade, I am very eager to learn and understands this network world!  :)


  • LAYER 8 Global Moderator

    There is no connection attempt in that log… That is just the thing starting up...

    This is a connection start

    Feb 15 07:01:03 openvpn 93840 208.54.xx.xx:35209 TLS: Initial packet from [AF_INET]208.54.xx.xx:35209, sid=3771c74f 2bd1f88f

    That is from my phone just a few seconds ago..

    here is the final part of the connection

    Feb 15 07:01:03 openvpn 93840 iphone/208.54.xx.xx:35209 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
    Feb 15 07:01:03 openvpn 93840 iphone/208.54.xx.xx:35209 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
    Feb 15 07:01:03 openvpn 93840 iphone/208.54.xx.xx:35209 Data Channel: using negotiated cipher 'AES-128-GCM'
    Feb 15 07:01:03 openvpn 93840 iphone/208.54.xx.xx:35209 SENT CONTROL [iphone]: 'PUSH_REPLY,route 192.168.9.0 255.255.255.0,route 192.168.2.0 255.255.255.0,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.9.253,comp-lzo adaptive,route-gateway 10.0.200.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.0.200.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)

    You need to make sure whatever port your openvpn is listening on is forwarded from whatever is holding the public IP to your pfsense wan IP..

    There is no connection to openvpn in your log..



  • Hi!

    Just wanted to inform you that I finally manage to get this OpenVPN connection working!  :)
    If it can help, the only extra thing that I did is to create an account a noip.com and filled my freshly created DNS into the OpenVPN before exporting the config file (instead of my box provider external IP), and it worked like a charm (or almost, I had another bug with TAP windows driver, but thas was not a big deal…  ;) )

    So thanks again for the help!  :)


Log in to reply