TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
-
If your on the internet how do you think you can connect to some rfc1918 address 192.168.x.x ??
When you create your export you need to put in your PUBLIC IP.. ie your ISP public IP, and the port your using for openvpn would have to be forwarded to pfsense IP.
-
@johnpoz said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
When you create your export you need to put in your PUBLIC IP.. ie your ISP public IP, and the port your using for openvpn would have to be forwarded to pfsense IP.
-
BTW "box" is not a good term for your router ;)
Normally box wold refer to a end device, computer, iot, dvr, etc. Not a router doing nat ;)... Maybe if you would of called it your ISP box ;)
-
@johnpoz said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
When you create your export you need to put in your PUBLIC IP.. ie your ISP public IP, and the port your using for openvpn would have to be forwarded to pfsense IP.
Thank you for the reply : what is isp public ip, is it the public ip ?
Could you tell me how to do that please ?So sorry in france we call the router that give us internet : box.
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
in france we call the router that give us internet : box.
I'm using the same "box" (Livebox pro from Orange) as my up-stream "ISP router".
I set it's LAN IP to 192.168.10.1/24, handing over to pfSense an rfc1918 address like 192.168.**10.**9
192.168.10.9 is my pfSense WAN IP - this means that "Block private networks and loopback addresses" shouldn't be checked on the pfSense WAN interface settings page.
This is a typical router-after-router setup, quiet commn these days.To make the VPN work : you have to add a NAT rule in your "ISP BOX/router" the VPN port, probably 1194 to the connected device called "pfSense", like :
Your real WAN IP is https://whatismyipaddress.com/fr/mon-ip
-
hello Gertjan,
Thank you for the reply.
I just add a nat rule to my free box but nothing change.
And if i understand i can connect to my local network because i don't use the good ip ?
in my configuration i've got : 192.168.0.50 1194 udp should i modify it and add my private ip ?Here you can find the client configuration :
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote 192.168.0.50 1194 udp
auth-user-pass
ca pfSense-UDP4-1194-ca.crt
tls-auth pfSense-UDP4-1194-tls.key 1
remote-cert-tls serverand my free nat
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
remote 192.168.0.50 1194 udp
That is a private IP and you can not talk to it from the internet.. What is your public IP?? Search whats my IP in google for gosh sake..
-
@joedoe said in TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity):
remote 192.168.0.50 1194 udp
Is this apart of the config of a client, that lives some where on the net ?
In that case, it should be your WAN IP : this one : https://whatismyipaddress.com/fr/mon-ipYour FreeBox seems well NATted to me.
This rule is needed of course, because by default, every incoming connection from "the world" will be blocked by default by any ISP-router (firewall) (your FreeBox).Now, incoming connections from anywhere (== the world or WAN) on port 1194, protocol UDP, will be directed to the IP used by pfSense, port 1194. If on pfSense the VPN is running, and you used the pfSense VPN Wizard, a rule on the WAN interface of pfSense has been created that looks like this :
-
Problem solved.
I 'm so sorry to be so stupid i was focus on my local network and forgot the client configuration and change the ip --'
I put my public ip and all work fine now.Thank a lot all for your help.
Have a great day (i't my bithday today :p = 30yo)
