no connexion from client on internet to lan connected at pfsense

trazom

hi,
i'm new but i read the doc!!

here is what i get when trying to connect to my lan :

debug: Disconnected.
debug: openvpn: /usr/sbin/openvpn
debug: Support for TUN/TAP found (compiled into kernel or kernel module already loaded).
debug: No default interface found, using "lo".
debug: No IP for default interface found, using "127.0.0.1".
info: Trying to connect to server "192.168.1.254" with ...
debug: Setting DNS_UPDATE "NO".
debug: Starting Openvpn management handler...
debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: file '/root/.kde/share/apps/kvpnc/openvpn_privatekey__home_Informatique_pfSense_pfSense-UDP4-1195-trazom-config.pem' is group or others accessible
info: Send username...
debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: file '/root/.kde/share/apps/kvpnc/openvpn_tlsauth__home_Informatique_pfSense_pfSense-UDP4-1195-trazom-config.pem' is group or others accessible
debug: [openvpn] Sat Dec 22 09:17:34 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 30 2018
info: Send password...
debug: [openvpn] Sat Dec 22 09:17:34 2018 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
debug: [openvpn]
debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
debug: [openvpn] Sat Dec 22 09:17:34 2018 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
debug: [openvpn] Sat Dec 22 09:17:34 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.254:1195
debug: [openvpn] Sat Dec 22 09:17:34 2018 Attempting to establish TCP connection with [AF_INET]192.168.1.254:1195 [nonblock]
debug: [openvpn]
debug: [openvpn] Sat Dec 22 09:19:34 2018 TCP: connect to [AF_INET]192.168.1.254:1195 failed: Connection timed out
debug: [openvpn] Sat Dec 22 09:19:34 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting
debug: [openvpn]
error: Connection has been timed out. Terminate.
debug: There is a reason to stop connecting, terminating "openvpn" process.
debug: Disconnect requested
debug: Disconnect requested, status connecting
debug: Killing process while connecting.
success: Successful connect try canceled.
debug: Disconnected.

i don't understand :

debug: [openvpn] Sat Dec 22 09:17:34 2018 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables

can you help me please?

stephenw10

@trazom said in no connexion from client on internet to lan connected at pfsense:

debug: [openvpn] Sat Dec 22 09:17:34 2018 Attempting to establish TCP connection with [AF_INET]192.168.1.254:1195 [nonblock]
debug: [openvpn]
debug: [openvpn] Sat Dec 22 09:19:34 2018 TCP: connect to [AF_INET]192.168.1.254:1195 failed: Connection timed out

That's the key part of this log.

Where are you connecting from? It's trying to connect to 192.168.1.254 so would have to be on that same private subnet to connect to that.
I suspect your pfSense box is behind another router and you have used the client export wizard to create that config with the 'Host Name Resolution' set to Interface IP address. You will need to have that set to a real external IP or a hostname that resolves to it.

Steve