OpenVPN Server. TLS Nogotiation Failed. (Client not receiving any Bytes)



  • Hello,

    I have tried many guides over the months to get OpenVPN server workign on PFSense.

    I have what i belive to be a accurate setup. However when i try to connect to the server i get a TLS Nogotiation timeout error.

    In the server logs i can see the client tried to connect, but the server was not able to give a response.

    Note i currently have a OpenVPN client setup on my server thats permanently connected to Specific machines on my network. as such i have the following rules:

    4d65d902-c3a5-432d-b484-5b24cd7fdb0e-image.png

    Floating Rule:

    097dec52-c21b-4650-9e4f-f73ed4bbef52-image.png

    I have the following alies to suport this:

    84d784af-2c8e-4d17-a892-3ff2091c436d-image.png

    Log:

    Mar 29 11:53:38	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:53:38	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:51:18	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:51:18	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:49:38	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:49:38	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:48:17	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:48:17	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:47:07	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:47:07	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:46:01	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:46:01	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:44:56	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:44:56	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:43:51	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:43:51	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:42:46	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:42:46	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:35:42	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:35:42	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:34:02	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:34:02	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:32:41	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:32:41	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:31:31	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:31:31	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:30:28	openvpn	15097	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:30:28	openvpn	15097	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:29:14	openvpn	15097	Initialization Sequence Completed
    Mar 29 11:29:14	openvpn	15097	UDPv6 link remote: [AF_UNSPEC]
    Mar 29 11:29:14	openvpn	15097	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 29 11:29:14	openvpn	15097	setsockopt(IPV6_V6ONLY=0)
    Mar 29 11:29:14	openvpn	15097	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mar 29 11:29:14	openvpn	15097	/usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.253.1 255.255.255.0 init
    Mar 29 11:29:14	openvpn	15097	/sbin/ifconfig ovpns2 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.0 up
    Mar 29 11:29:14	openvpn	15097	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 11:29:14	openvpn	15097	TUN/TAP device /dev/tun2 opened
    Mar 29 11:29:14	openvpn	15097	TUN/TAP device ovpns2 exists previously, keep at program end
    Mar 29 11:29:14	openvpn	15097	Initializing OpenSSL support for engine 'cryptodev'
    Mar 29 11:29:14	openvpn	15097	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 11:29:14	openvpn	15029	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 11:29:14	openvpn	15029	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 11:29:14	openvpn	59629	SIGTERM[hard,] received, process exiting
    Mar 29 11:29:14	openvpn	59629	/usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.253.1 255.255.255.0 init
    Mar 29 11:29:14	openvpn	59629	event_wait : Interrupted system call (code=4)
    Mar 29 11:28:16	openvpn	59629	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:28:16	openvpn	59629	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:27:11	openvpn	59629	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:27:11	openvpn	59629	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:24:14	openvpn	59629	Initialization Sequence Completed
    Mar 29 11:24:14	openvpn	59629	UDPv6 link remote: [AF_UNSPEC]
    Mar 29 11:24:14	openvpn	59629	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 29 11:24:14	openvpn	59629	setsockopt(IPV6_V6ONLY=0)
    Mar 29 11:24:14	openvpn	59629	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mar 29 11:24:14	openvpn	59629	/usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.253.1 255.255.255.0 init
    Mar 29 11:24:14	openvpn	59629	/sbin/ifconfig ovpns2 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.0 up
    Mar 29 11:24:14	openvpn	59629	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 11:24:14	openvpn	59629	TUN/TAP device /dev/tun2 opened
    Mar 29 11:24:14	openvpn	59629	TUN/TAP device ovpns2 exists previously, keep at program end
    Mar 29 11:24:14	openvpn	59629	Initializing OpenSSL support for engine 'cryptodev'
    Mar 29 11:24:14	openvpn	59629	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 11:24:14	openvpn	59288	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 11:24:14	openvpn	59288	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 11:24:14	openvpn	80038	SIGTERM[hard,] received, process exiting
    Mar 29 11:24:14	openvpn	80038	/usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.253.1 255.255.255.0 init
    Mar 29 11:24:14	openvpn	80038	event_wait : Interrupted system call (code=4)
    Mar 29 11:24:01	openvpn	80038	Initialization Sequence Completed
    Mar 29 11:24:01	openvpn	80038	UDPv6 link remote: [AF_UNSPEC]
    Mar 29 11:24:01	openvpn	80038	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 29 11:24:01	openvpn	80038	setsockopt(IPV6_V6ONLY=0)
    Mar 29 11:24:01	openvpn	80038	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mar 29 11:24:01	openvpn	80038	/usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.253.1 255.255.255.0 init
    Mar 29 11:24:01	openvpn	80038	/sbin/ifconfig ovpns2 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.0 up
    Mar 29 11:24:01	openvpn	80038	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 11:24:01	openvpn	80038	TUN/TAP device /dev/tun2 opened
    Mar 29 11:24:01	openvpn	80038	TUN/TAP device ovpns2 exists previously, keep at program end
    Mar 29 11:24:01	openvpn	80038	Initializing OpenSSL support for engine 'cryptodev'
    Mar 29 11:24:01	openvpn	80038	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 11:24:01	openvpn	79817	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 11:24:01	openvpn	79817	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 11:24:01	openvpn	74561	SIGTERM[hard,] received, process exiting
    Mar 29 11:24:01	openvpn	74561	/usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.11.1 255.255.255.0 init
    Mar 29 11:24:01	openvpn	74561	event_wait : Interrupted system call (code=4)
    Mar 29 11:23:46	openvpn	74561	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:23:46	openvpn	74561	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:21:26	openvpn	74561	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:21:26	openvpn	74561	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:20:07	openvpn	74561	Initialization Sequence Completed
    Mar 29 11:20:07	openvpn	74561	UDPv6 link remote: [AF_UNSPEC]
    Mar 29 11:20:07	openvpn	74561	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 29 11:20:07	openvpn	74561	setsockopt(IPV6_V6ONLY=0)
    Mar 29 11:20:07	openvpn	74561	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mar 29 11:20:07	openvpn	74561	/usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.11.1 255.255.255.0 init
    Mar 29 11:20:07	openvpn	74561	/sbin/ifconfig ovpns2 192.168.11.1 192.168.11.2 mtu 1500 netmask 255.255.255.0 up
    Mar 29 11:20:07	openvpn	74561	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 11:20:07	openvpn	74561	TUN/TAP device /dev/tun2 opened
    Mar 29 11:20:07	openvpn	74561	TUN/TAP device ovpns2 exists previously, keep at program end
    Mar 29 11:20:07	openvpn	74561	Initializing OpenSSL support for engine 'cryptodev'
    Mar 29 11:20:07	openvpn	74561	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 11:20:07	openvpn	74494	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 11:20:07	openvpn	74494	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 11:20:07	openvpn	41234	SIGTERM[hard,] received, process exiting
    Mar 29 11:20:07	openvpn	41234	/usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.11.1 255.255.255.0 init
    Mar 29 11:20:07	openvpn	41234	event_wait : Interrupted system call (code=4)
    Mar 29 11:19:45	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:19:45	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:18:24	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:18:24	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:17:14	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:17:14	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:16:09	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:16:09	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:15:03	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:15:03	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:13:58	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:13:58	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:12:54	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:12:54	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:07:40	openvpn	41234	185.69.144.179 TLS Error: TLS handshake failed
    Mar 29 11:07:40	openvpn	41234	185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 29 11:57:11	openvpn	66294	Initialization Sequence Completed
    Mar 29 11:57:11	openvpn	66294	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.69.10.6 10.69.10.5 init
    Mar 29 11:57:11	openvpn	66294	/sbin/ifconfig ovpnc1 10.69.10.6 10.69.10.5 mtu 1500 netmask 255.255.255.255 up
    Mar 29 11:57:11	openvpn	66294	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 11:57:11	openvpn	66294	TUN/TAP device /dev/tun1 opened
    Mar 29 11:57:11	openvpn	66294	TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 29 11:57:10	openvpn	66294	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.48.10.6 10.48.10.5 init
    Mar 29 11:57:10	openvpn	66294	NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
    Mar 29 11:57:10	openvpn	66294	Preserving previous TUN/TAP instance: ovpnc1
    Mar 29 11:57:09	openvpn	66294	[884e53224c54e17a961e0b5dc1fd62b7] Peer Connection Initiated with [AF_INET]89.238.139.54:1198
    Mar 29 11:57:09	openvpn	66294	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mar 29 11:57:09	openvpn	66294	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 29 11:57:09	openvpn	66294	UDPv4 link remote: [AF_INET]89.238.139.54:1198
    Mar 29 11:57:09	openvpn	66294	UDPv4 link local (bound): [AF_INET]82.70.29.78:0
    Mar 29 11:57:09	openvpn	66294	TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.54:1198
    Mar 29 11:57:09	openvpn	66294	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 11:56:59	openvpn	66294	SIGUSR1[soft,ping-restart] received, process restarting
    Mar 29 11:56:59	openvpn	66294	[884e53224c54e17a961e0b5dc1fd62b7] Inactivity timeout (--ping-restart), restarting
    Mar 29 10:57:14	openvpn	66294	Initialization Sequence Completed
    Mar 29 10:57:14	openvpn	66294	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.48.10.6 10.48.10.5 init
    Mar 29 10:57:14	openvpn	66294	/sbin/ifconfig ovpnc1 10.48.10.6 10.48.10.5 mtu 1500 netmask 255.255.255.255 up
    Mar 29 10:57:14	openvpn	66294	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 10:57:14	openvpn	66294	TUN/TAP device /dev/tun1 opened
    Mar 29 10:57:14	openvpn	66294	TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 29 10:57:13	openvpn	66294	[884e53224c54e17a961e0b5dc1fd62b7] Peer Connection Initiated with [AF_INET]89.238.139.54:1198
    Mar 29 10:57:13	openvpn	66294	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mar 29 10:57:13	openvpn	66294	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 29 10:57:12	openvpn	66294	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 29 10:57:12	openvpn	66294	UDPv4 link remote: [AF_INET]89.238.139.54:1198
    Mar 29 10:57:12	openvpn	66294	UDPv4 link local (bound): [AF_INET]82.70.29.78:0
    Mar 29 10:57:12	openvpn	66294	TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.54:1198
    Mar 29 10:57:12	openvpn	66294	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 10:57:12	openvpn	66200	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 10:57:12	openvpn	66200	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 10:57:12	openvpn	66200	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Mar 29 10:57:12	openvpn	83331	SIGTERM[hard,] received, process exiting
    Mar 29 10:57:12	openvpn	83331	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.7.11.6 10.7.11.5 init
    Mar 29 10:57:12	openvpn	83331	event_wait : Interrupted system call (code=4)
    Mar 29 10:57:12	openvpn	41234	Initialization Sequence Completed
    Mar 29 10:57:12	openvpn	41234	UDPv6 link remote: [AF_UNSPEC]
    Mar 29 10:57:12	openvpn	41234	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 29 10:57:12	openvpn	41234	setsockopt(IPV6_V6ONLY=0)
    Mar 29 10:57:12	openvpn	41234	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mar 29 10:57:12	openvpn	41234	/usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.11.1 255.255.255.0 init
    Mar 29 10:57:12	openvpn	41234	/sbin/ifconfig ovpns2 192.168.11.1 192.168.11.2 mtu 1500 netmask 255.255.255.0 up
    Mar 29 10:57:12	openvpn	41234	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 10:57:12	openvpn	41234	TUN/TAP device /dev/tun2 opened
    Mar 29 10:57:12	openvpn	41234	TUN/TAP device ovpns2 exists previously, keep at program end
    Mar 29 10:57:12	openvpn	41234	Initializing OpenSSL support for engine 'cryptodev'
    Mar 29 10:57:12	openvpn	41234	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 10:57:12	openvpn	41182	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 10:57:12	openvpn	41182	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 10:57:12	openvpn	63112	SIGTERM[hard,] received, process exiting
    Mar 29 10:57:12	openvpn	63112	/usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.11.1 255.255.255.0 init
    Mar 29 10:57:12	openvpn	63112	event_wait : Interrupted system call (code=4)
    Mar 29 10:57:08	openvpn	83331	Initialization Sequence Completed
    Mar 29 10:57:08	openvpn	83331	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.7.11.6 10.7.11.5 init
    Mar 29 10:57:08	openvpn	83331	/sbin/ifconfig ovpnc1 10.7.11.6 10.7.11.5 mtu 1500 netmask 255.255.255.255 up
    Mar 29 10:57:08	openvpn	83331	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 10:57:08	openvpn	83331	ioctl(TUNSIFMODE): Device busy (errno=16)
    Mar 29 10:57:08	openvpn	83331	TUN/TAP device /dev/tun1 opened
    Mar 29 10:57:08	openvpn	83331	TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 29 10:57:07	openvpn	83331	[83323e5e3bd4e86998d11ad59158d48c] Peer Connection Initiated with [AF_INET]89.238.139.12:1198
    Mar 29 10:57:07	openvpn	83331	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mar 29 10:57:07	openvpn	83331	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 29 10:57:07	openvpn	83331	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 29 10:57:07	openvpn	83331	UDPv4 link remote: [AF_INET]89.238.139.12:1198
    Mar 29 10:57:07	openvpn	83331	UDPv4 link local (bound): [AF_INET]82.70.29.78:0
    Mar 29 10:57:07	openvpn	83331	TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.12:1198
    Mar 29 10:57:02	openvpn	83331	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 10:57:02	openvpn	83279	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 10:57:02	openvpn	83279	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 10:57:02	openvpn	83279	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Mar 29 10:57:02	openvpn	63112	Initialization Sequence Completed
    Mar 29 10:57:02	openvpn	63112	UDPv6 link remote: [AF_UNSPEC]
    Mar 29 10:57:02	openvpn	63112	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 29 10:57:02	openvpn	63112	setsockopt(IPV6_V6ONLY=0)
    Mar 29 10:57:02	openvpn	63112	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    Mar 29 10:57:02	openvpn	63112	/usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.11.1 255.255.255.0 init
    Mar 29 10:57:02	openvpn	63112	/sbin/ifconfig ovpns2 192.168.11.1 192.168.11.2 mtu 1500 netmask 255.255.255.0 up
    Mar 29 10:57:02	openvpn	63112	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 29 10:57:02	openvpn	63112	ioctl(TUNSIFMODE): Device busy (errno=16)
    Mar 29 10:57:02	openvpn	63112	TUN/TAP device /dev/tun2 opened
    Mar 29 10:57:02	openvpn	63112	TUN/TAP device ovpns2 exists previously, keep at program end
    Mar 29 10:57:02	openvpn	63112	Initializing OpenSSL support for engine 'cryptodev'
    Mar 29 10:57:02	openvpn	63112	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 29 10:57:02	openvpn	62156	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 29 10:57:02	openvpn	62156	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 29 09:24:47	openvpn	84602	TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:185.200.118.71:38578 (via ::ffff:192.168.10.1%pppoe0)
    Mar 28 21:57:18	openvpn	84602	TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:185.200.118.49:43946 (via ::ffff:192.168.10.1%pppoe0)
    Mar 28 20:31:45	openvpn	9152	Initialization Sequence Completed
    Mar 28 20:31:45	openvpn	9152	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.49.11.6 10.49.11.5 init
    Mar 28 20:31:45	openvpn	9152	/sbin/ifconfig ovpnc1 10.49.11.6 10.49.11.5 mtu 1500 netmask 255.255.255.255 up
    Mar 28 20:31:45	openvpn	9152	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 28 20:31:45	openvpn	9152	TUN/TAP device /dev/tun1 opened
    Mar 28 20:31:45	openvpn	9152	TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 28 20:31:44	openvpn	9152	[9a22916cae0eb521061461199488dc36] Peer Connection Initiated with [AF_INET]89.238.139.58:1198
    Mar 28 20:31:44	openvpn	9152	WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mar 28 20:31:44	openvpn	9152	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 28 20:31:44	openvpn	9152	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 28 20:31:44	openvpn	9152	UDPv4 link remote: [AF_INET]89.238.139.58:1198
    Mar 28 20:31:44	openvpn	9152	UDPv4 link local (bound): [AF_INET]82.70.29.78:0
    Mar 28 20:31:44	openvpn	9152	TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.58:1198
    Mar 28 20:31:44	openvpn	9152	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 28 20:31:44	openvpn	9065	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Mar 28 20:31:44	openvpn	9065	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Mar 28 20:31:44	openvpn	9065	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Mar 28 20:31:44	openvpn	75177	SIGTERM[hard,] received, process exiting
    Mar 28 20:31:44	openvpn	75177	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.73.10.10 10.73.10.9 init
    Mar 28 20:31:44	openvpn	75177	event_wait : Interrupted system call (code=4)
    Mar 28 20:31:44	openvpn	84602	Initialization Sequence Completed
    Mar 28 20:31:44	openvpn	84602	UDPv6 link remote: [AF_UNSPEC]
    Mar 28 20:31:44	openvpn	84602	UDPv6 link local (bound): [AF_INET6][undef]:1194
    Mar 28 20:31:44	openvpn	84602	setsockopt(IPV6_V6ONLY=0)
    Mar 28 20:31:44	openvpn	84602	Could not determine IPv4/IPv6 protocol. Using AF_INET6
    

    CAn anyone help with this? if you require more information ill be happy to provide it.

    Thank you,
    b


  • LAYER 8 Rebel Alliance

    You don't need any crazy stuff like NAT or Floating Rules to run any OpenVPN Instance on your pfSense as Edge Firewall.
    Just some Firewall Rules simple as
    pfSense_OpenVPN_RAS_Firewall.png

    For Remote Access Server you can just run through the OpenVPN Wizard, it will automatically creates the Firewall Rules for your.

    -Rico



  • @Rico Thank you Rico,
    However these rules are in place for the OpenVPN Client running on the server which forces specific network IP's over a VPN connection.

    Thsi si seporate from the OpenVPN server im trying to implement. (The Pfsense OpenVPN client works fine)


  • LAYER 8 Rebel Alliance

    For a OpenVPN Client you don't need any Firewall Rules in your WAN tab.
    Sure you need them for incoming connections to your OpenVPN Server.

    -Rico



  • i have removed the spare firewall rule. i now have the following

    afac6c5c-a8a9-4ddc-a156-66a6cb226ca4-image.png

    Still no change.
    The is still no received packets from the server.


  • LAYER 8 Rebel Alliance

    Is your pfSense WAN address RFC1918?
    So there is any ISP upstream router? Did you forward your OpenVPN port from this router to pfSense?

    -Rico


Log in to reply