no connexion from client on internet to lan connected at pfsense



  • hi,
    i'm new but i read the doc!!

    here is what i get when trying to connect to my lan :

    debug: Disconnected.
    debug: openvpn: /usr/sbin/openvpn
    debug: Support for TUN/TAP found (compiled into kernel or kernel module already loaded).
    debug: No default interface found, using "lo".
    debug: No IP for default interface found, using "127.0.0.1".
    info: Trying to connect to server "192.168.1.254" with ...
    debug: Setting DNS_UPDATE "NO".
    debug: Starting Openvpn management handler...
    debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
    debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
    debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: file '/root/.kde/share/apps/kvpnc/openvpn_privatekey__home_Informatique_pfSense_pfSense-UDP4-1195-trazom-config.pem' is group or others accessible
    info: Send username...
    debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: file '/root/.kde/share/apps/kvpnc/openvpn_tlsauth__home_Informatique_pfSense_pfSense-UDP4-1195-trazom-config.pem' is group or others accessible
    debug: [openvpn] Sat Dec 22 09:17:34 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 30 2018
    info: Send password...
    debug: [openvpn] Sat Dec 22 09:17:34 2018 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
    debug: [openvpn]
    debug: [openvpn] Sat Dec 22 09:17:34 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    debug: [openvpn] Sat Dec 22 09:17:34 2018 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
    debug: [openvpn] Sat Dec 22 09:17:34 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.254:1195
    debug: [openvpn] Sat Dec 22 09:17:34 2018 Attempting to establish TCP connection with [AF_INET]192.168.1.254:1195 [nonblock]
    debug: [openvpn]
    debug: [openvpn] Sat Dec 22 09:19:34 2018 TCP: connect to [AF_INET]192.168.1.254:1195 failed: Connection timed out
    debug: [openvpn] Sat Dec 22 09:19:34 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting
    debug: [openvpn]
    error: Connection has been timed out. Terminate.
    debug: There is a reason to stop connecting, terminating "openvpn" process.
    debug: Disconnect requested
    debug: Disconnect requested, status connecting
    debug: Killing process while connecting.
    success: Successful connect try canceled.
    debug: Disconnected.

    i don't understand :

    debug: [openvpn] Sat Dec 22 09:17:34 2018 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables

    can you help me please?


  • Netgate Administrator

    @trazom said in no connexion from client on internet to lan connected at pfsense:

    debug: [openvpn] Sat Dec 22 09:17:34 2018 Attempting to establish TCP connection with [AF_INET]192.168.1.254:1195 [nonblock]
    debug: [openvpn]
    debug: [openvpn] Sat Dec 22 09:19:34 2018 TCP: connect to [AF_INET]192.168.1.254:1195 failed: Connection timed out

    That's the key part of this log.

    Where are you connecting from? It's trying to connect to 192.168.1.254 so would have to be on that same private subnet to connect to that.
    I suspect your pfSense box is behind another router and you have used the client export wizard to create that config with the 'Host Name Resolution' set to Interface IP address. You will need to have that set to a real external IP or a hostname that resolves to it.

    Steve


Log in to reply