All of our users but one can use OpenVPN
Tommyboy last edited by
We have a Netgate 3100 with PFSense (latest version), that functions as a router/firewall for our SMB.
We have configured OpenVPN on PFSense for our domain users according to this tutorial :
Everything is working perfectly for all of our users, but one.
I cannot find out why this user can't login to our OpenVPN server. I can't see any difference with the other users.
Some data :
- Windows 10 x64 on HP laptop
- Tries to connect to our OpenVPN server. This is the error that occurs at the clients side:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
- In the OpenVPN Log on the router we see this :
TLS Error : TLS Handshake failed
TLS Error : TLS object => incoming plaintext-read error
TLS_ERROR : BIO read tls-read_plaintext error
OpenSSL : Error : 14089086:SSL routines : ssl_3_get_client_certificate verify failed
VERIFY ERROR : depth=0, error=self signed certificate: CN :ld
Things I have tried (unsuccesfully):
- firewall/anti-virus turned of on client.
- created a new PFSense OpenVPN user certificate for this user. However they will only expire in 10 years.
- try to connect via wired, wireless, 4G
- reset networking parameters on the client side via :
netsh int reset all
netsh int ip reset
netsh int ipv4 reset
netsh int ipv6 reset
netsh winhttp reset proxy
netsh winsock reset
netsh winsock reset catalog
- full uninstall + reinstall of the OpenVPN client (several times).
- reinstalled the client TAP interface
Apparently the client can make some initial connection to our OpenVPN-server, because I can see his login name (CN=ld) in the server logs. So I don't think it is a firewall issue. Also the client firewall is turned off. With the same settings, all other users can login succesfully (although they each have their own OpenVPN user certificate).
Can somebody please advice on this? I've been struggling with this too long.
Definitely looks like a cert or cert-chain problem to me.
But I'd check with another working OpenVPN User config file and this HP laptop to rule out any problem with this one client device.
Tommyboy last edited by
I was finally able to solve this issue.
There were multiple users experiencing the same issue.
It got resolved by UNchecking "OpenVPN > Client Export > Certificate Export Options > Use Microsoft Certificate Storage instead of local files.
Then "Save as default", export new installer en reinstall on client.
Don't know yet what the root cause is, but this solved the issue on alle of the clients.
Anybody here that knows what really is going on?