OpenVPN Server. TLS Nogotiation Failed. (Client not receiving any Bytes)
-
Hello,
I have tried many guides over the months to get OpenVPN server workign on PFSense.
I have what i belive to be a accurate setup. However when i try to connect to the server i get a TLS Nogotiation timeout error.
In the server logs i can see the client tried to connect, but the server was not able to give a response.
Note i currently have a OpenVPN client setup on my server thats permanently connected to Specific machines on my network. as such i have the following rules:
Floating Rule:
I have the following alies to suport this:
Log:
Mar 29 11:53:38 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:53:38 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:51:18 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:51:18 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:49:38 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:49:38 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:48:17 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:48:17 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:47:07 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:47:07 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:46:01 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:46:01 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:44:56 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:44:56 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:43:51 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:43:51 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:42:46 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:42:46 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:35:42 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:35:42 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:34:02 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:34:02 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:32:41 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:32:41 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:31:31 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:31:31 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:30:28 openvpn 15097 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:30:28 openvpn 15097 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:29:14 openvpn 15097 Initialization Sequence Completed Mar 29 11:29:14 openvpn 15097 UDPv6 link remote: [AF_UNSPEC] Mar 29 11:29:14 openvpn 15097 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 29 11:29:14 openvpn 15097 setsockopt(IPV6_V6ONLY=0) Mar 29 11:29:14 openvpn 15097 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mar 29 11:29:14 openvpn 15097 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.253.1 255.255.255.0 init Mar 29 11:29:14 openvpn 15097 /sbin/ifconfig ovpns2 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.0 up Mar 29 11:29:14 openvpn 15097 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 11:29:14 openvpn 15097 TUN/TAP device /dev/tun2 opened Mar 29 11:29:14 openvpn 15097 TUN/TAP device ovpns2 exists previously, keep at program end Mar 29 11:29:14 openvpn 15097 Initializing OpenSSL support for engine 'cryptodev' Mar 29 11:29:14 openvpn 15097 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 11:29:14 openvpn 15029 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 11:29:14 openvpn 15029 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 11:29:14 openvpn 59629 SIGTERM[hard,] received, process exiting Mar 29 11:29:14 openvpn 59629 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.253.1 255.255.255.0 init Mar 29 11:29:14 openvpn 59629 event_wait : Interrupted system call (code=4) Mar 29 11:28:16 openvpn 59629 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:28:16 openvpn 59629 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:27:11 openvpn 59629 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:27:11 openvpn 59629 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:24:14 openvpn 59629 Initialization Sequence Completed Mar 29 11:24:14 openvpn 59629 UDPv6 link remote: [AF_UNSPEC] Mar 29 11:24:14 openvpn 59629 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 29 11:24:14 openvpn 59629 setsockopt(IPV6_V6ONLY=0) Mar 29 11:24:14 openvpn 59629 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mar 29 11:24:14 openvpn 59629 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.253.1 255.255.255.0 init Mar 29 11:24:14 openvpn 59629 /sbin/ifconfig ovpns2 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.0 up Mar 29 11:24:14 openvpn 59629 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 11:24:14 openvpn 59629 TUN/TAP device /dev/tun2 opened Mar 29 11:24:14 openvpn 59629 TUN/TAP device ovpns2 exists previously, keep at program end Mar 29 11:24:14 openvpn 59629 Initializing OpenSSL support for engine 'cryptodev' Mar 29 11:24:14 openvpn 59629 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 11:24:14 openvpn 59288 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 11:24:14 openvpn 59288 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 11:24:14 openvpn 80038 SIGTERM[hard,] received, process exiting Mar 29 11:24:14 openvpn 80038 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.253.1 255.255.255.0 init Mar 29 11:24:14 openvpn 80038 event_wait : Interrupted system call (code=4) Mar 29 11:24:01 openvpn 80038 Initialization Sequence Completed Mar 29 11:24:01 openvpn 80038 UDPv6 link remote: [AF_UNSPEC] Mar 29 11:24:01 openvpn 80038 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 29 11:24:01 openvpn 80038 setsockopt(IPV6_V6ONLY=0) Mar 29 11:24:01 openvpn 80038 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mar 29 11:24:01 openvpn 80038 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.253.1 255.255.255.0 init Mar 29 11:24:01 openvpn 80038 /sbin/ifconfig ovpns2 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.0 up Mar 29 11:24:01 openvpn 80038 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 11:24:01 openvpn 80038 TUN/TAP device /dev/tun2 opened Mar 29 11:24:01 openvpn 80038 TUN/TAP device ovpns2 exists previously, keep at program end Mar 29 11:24:01 openvpn 80038 Initializing OpenSSL support for engine 'cryptodev' Mar 29 11:24:01 openvpn 80038 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 11:24:01 openvpn 79817 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 11:24:01 openvpn 79817 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 11:24:01 openvpn 74561 SIGTERM[hard,] received, process exiting Mar 29 11:24:01 openvpn 74561 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.11.1 255.255.255.0 init Mar 29 11:24:01 openvpn 74561 event_wait : Interrupted system call (code=4) Mar 29 11:23:46 openvpn 74561 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:23:46 openvpn 74561 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:21:26 openvpn 74561 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:21:26 openvpn 74561 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:20:07 openvpn 74561 Initialization Sequence Completed Mar 29 11:20:07 openvpn 74561 UDPv6 link remote: [AF_UNSPEC] Mar 29 11:20:07 openvpn 74561 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 29 11:20:07 openvpn 74561 setsockopt(IPV6_V6ONLY=0) Mar 29 11:20:07 openvpn 74561 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mar 29 11:20:07 openvpn 74561 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.11.1 255.255.255.0 init Mar 29 11:20:07 openvpn 74561 /sbin/ifconfig ovpns2 192.168.11.1 192.168.11.2 mtu 1500 netmask 255.255.255.0 up Mar 29 11:20:07 openvpn 74561 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 11:20:07 openvpn 74561 TUN/TAP device /dev/tun2 opened Mar 29 11:20:07 openvpn 74561 TUN/TAP device ovpns2 exists previously, keep at program end Mar 29 11:20:07 openvpn 74561 Initializing OpenSSL support for engine 'cryptodev' Mar 29 11:20:07 openvpn 74561 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 11:20:07 openvpn 74494 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 11:20:07 openvpn 74494 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 11:20:07 openvpn 41234 SIGTERM[hard,] received, process exiting Mar 29 11:20:07 openvpn 41234 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.11.1 255.255.255.0 init Mar 29 11:20:07 openvpn 41234 event_wait : Interrupted system call (code=4) Mar 29 11:19:45 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:19:45 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:18:24 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:18:24 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:17:14 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:17:14 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:16:09 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:16:09 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:15:03 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:15:03 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:13:58 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:13:58 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:12:54 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:12:54 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:07:40 openvpn 41234 185.69.144.179 TLS Error: TLS handshake failed Mar 29 11:07:40 openvpn 41234 185.69.144.179 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 29 11:57:11 openvpn 66294 Initialization Sequence Completed Mar 29 11:57:11 openvpn 66294 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.69.10.6 10.69.10.5 init Mar 29 11:57:11 openvpn 66294 /sbin/ifconfig ovpnc1 10.69.10.6 10.69.10.5 mtu 1500 netmask 255.255.255.255 up Mar 29 11:57:11 openvpn 66294 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 11:57:11 openvpn 66294 TUN/TAP device /dev/tun1 opened Mar 29 11:57:11 openvpn 66294 TUN/TAP device ovpnc1 exists previously, keep at program end Mar 29 11:57:10 openvpn 66294 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.48.10.6 10.48.10.5 init Mar 29 11:57:10 openvpn 66294 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. Mar 29 11:57:10 openvpn 66294 Preserving previous TUN/TAP instance: ovpnc1 Mar 29 11:57:09 openvpn 66294 [884e53224c54e17a961e0b5dc1fd62b7] Peer Connection Initiated with [AF_INET]89.238.139.54:1198 Mar 29 11:57:09 openvpn 66294 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC' Mar 29 11:57:09 openvpn 66294 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542' Mar 29 11:57:09 openvpn 66294 UDPv4 link remote: [AF_INET]89.238.139.54:1198 Mar 29 11:57:09 openvpn 66294 UDPv4 link local (bound): [AF_INET]82.70.29.78:0 Mar 29 11:57:09 openvpn 66294 TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.54:1198 Mar 29 11:57:09 openvpn 66294 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 11:56:59 openvpn 66294 SIGUSR1[soft,ping-restart] received, process restarting Mar 29 11:56:59 openvpn 66294 [884e53224c54e17a961e0b5dc1fd62b7] Inactivity timeout (--ping-restart), restarting Mar 29 10:57:14 openvpn 66294 Initialization Sequence Completed Mar 29 10:57:14 openvpn 66294 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.48.10.6 10.48.10.5 init Mar 29 10:57:14 openvpn 66294 /sbin/ifconfig ovpnc1 10.48.10.6 10.48.10.5 mtu 1500 netmask 255.255.255.255 up Mar 29 10:57:14 openvpn 66294 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 10:57:14 openvpn 66294 TUN/TAP device /dev/tun1 opened Mar 29 10:57:14 openvpn 66294 TUN/TAP device ovpnc1 exists previously, keep at program end Mar 29 10:57:13 openvpn 66294 [884e53224c54e17a961e0b5dc1fd62b7] Peer Connection Initiated with [AF_INET]89.238.139.54:1198 Mar 29 10:57:13 openvpn 66294 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC' Mar 29 10:57:13 openvpn 66294 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542' Mar 29 10:57:12 openvpn 66294 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mar 29 10:57:12 openvpn 66294 UDPv4 link remote: [AF_INET]89.238.139.54:1198 Mar 29 10:57:12 openvpn 66294 UDPv4 link local (bound): [AF_INET]82.70.29.78:0 Mar 29 10:57:12 openvpn 66294 TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.54:1198 Mar 29 10:57:12 openvpn 66294 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 10:57:12 openvpn 66200 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 10:57:12 openvpn 66200 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 10:57:12 openvpn 66200 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Mar 29 10:57:12 openvpn 83331 SIGTERM[hard,] received, process exiting Mar 29 10:57:12 openvpn 83331 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.7.11.6 10.7.11.5 init Mar 29 10:57:12 openvpn 83331 event_wait : Interrupted system call (code=4) Mar 29 10:57:12 openvpn 41234 Initialization Sequence Completed Mar 29 10:57:12 openvpn 41234 UDPv6 link remote: [AF_UNSPEC] Mar 29 10:57:12 openvpn 41234 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 29 10:57:12 openvpn 41234 setsockopt(IPV6_V6ONLY=0) Mar 29 10:57:12 openvpn 41234 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mar 29 10:57:12 openvpn 41234 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.11.1 255.255.255.0 init Mar 29 10:57:12 openvpn 41234 /sbin/ifconfig ovpns2 192.168.11.1 192.168.11.2 mtu 1500 netmask 255.255.255.0 up Mar 29 10:57:12 openvpn 41234 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 10:57:12 openvpn 41234 TUN/TAP device /dev/tun2 opened Mar 29 10:57:12 openvpn 41234 TUN/TAP device ovpns2 exists previously, keep at program end Mar 29 10:57:12 openvpn 41234 Initializing OpenSSL support for engine 'cryptodev' Mar 29 10:57:12 openvpn 41234 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 10:57:12 openvpn 41182 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 10:57:12 openvpn 41182 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 10:57:12 openvpn 63112 SIGTERM[hard,] received, process exiting Mar 29 10:57:12 openvpn 63112 /usr/local/sbin/ovpn-linkdown ovpns2 1500 1621 192.168.11.1 255.255.255.0 init Mar 29 10:57:12 openvpn 63112 event_wait : Interrupted system call (code=4) Mar 29 10:57:08 openvpn 83331 Initialization Sequence Completed Mar 29 10:57:08 openvpn 83331 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.7.11.6 10.7.11.5 init Mar 29 10:57:08 openvpn 83331 /sbin/ifconfig ovpnc1 10.7.11.6 10.7.11.5 mtu 1500 netmask 255.255.255.255 up Mar 29 10:57:08 openvpn 83331 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 10:57:08 openvpn 83331 ioctl(TUNSIFMODE): Device busy (errno=16) Mar 29 10:57:08 openvpn 83331 TUN/TAP device /dev/tun1 opened Mar 29 10:57:08 openvpn 83331 TUN/TAP device ovpnc1 exists previously, keep at program end Mar 29 10:57:07 openvpn 83331 [83323e5e3bd4e86998d11ad59158d48c] Peer Connection Initiated with [AF_INET]89.238.139.12:1198 Mar 29 10:57:07 openvpn 83331 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC' Mar 29 10:57:07 openvpn 83331 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542' Mar 29 10:57:07 openvpn 83331 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mar 29 10:57:07 openvpn 83331 UDPv4 link remote: [AF_INET]89.238.139.12:1198 Mar 29 10:57:07 openvpn 83331 UDPv4 link local (bound): [AF_INET]82.70.29.78:0 Mar 29 10:57:07 openvpn 83331 TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.12:1198 Mar 29 10:57:02 openvpn 83331 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 10:57:02 openvpn 83279 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 10:57:02 openvpn 83279 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 10:57:02 openvpn 83279 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Mar 29 10:57:02 openvpn 63112 Initialization Sequence Completed Mar 29 10:57:02 openvpn 63112 UDPv6 link remote: [AF_UNSPEC] Mar 29 10:57:02 openvpn 63112 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 29 10:57:02 openvpn 63112 setsockopt(IPV6_V6ONLY=0) Mar 29 10:57:02 openvpn 63112 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mar 29 10:57:02 openvpn 63112 /usr/local/sbin/ovpn-linkup ovpns2 1500 1621 192.168.11.1 255.255.255.0 init Mar 29 10:57:02 openvpn 63112 /sbin/ifconfig ovpns2 192.168.11.1 192.168.11.2 mtu 1500 netmask 255.255.255.0 up Mar 29 10:57:02 openvpn 63112 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 29 10:57:02 openvpn 63112 ioctl(TUNSIFMODE): Device busy (errno=16) Mar 29 10:57:02 openvpn 63112 TUN/TAP device /dev/tun2 opened Mar 29 10:57:02 openvpn 63112 TUN/TAP device ovpns2 exists previously, keep at program end Mar 29 10:57:02 openvpn 63112 Initializing OpenSSL support for engine 'cryptodev' Mar 29 10:57:02 openvpn 63112 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 29 10:57:02 openvpn 62156 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 29 10:57:02 openvpn 62156 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 29 09:24:47 openvpn 84602 TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:185.200.118.71:38578 (via ::ffff:192.168.10.1%pppoe0) Mar 28 21:57:18 openvpn 84602 TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:185.200.118.49:43946 (via ::ffff:192.168.10.1%pppoe0) Mar 28 20:31:45 openvpn 9152 Initialization Sequence Completed Mar 28 20:31:45 openvpn 9152 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.49.11.6 10.49.11.5 init Mar 28 20:31:45 openvpn 9152 /sbin/ifconfig ovpnc1 10.49.11.6 10.49.11.5 mtu 1500 netmask 255.255.255.255 up Mar 28 20:31:45 openvpn 9152 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 28 20:31:45 openvpn 9152 TUN/TAP device /dev/tun1 opened Mar 28 20:31:45 openvpn 9152 TUN/TAP device ovpnc1 exists previously, keep at program end Mar 28 20:31:44 openvpn 9152 [9a22916cae0eb521061461199488dc36] Peer Connection Initiated with [AF_INET]89.238.139.58:1198 Mar 28 20:31:44 openvpn 9152 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC' Mar 28 20:31:44 openvpn 9152 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542' Mar 28 20:31:44 openvpn 9152 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mar 28 20:31:44 openvpn 9152 UDPv4 link remote: [AF_INET]89.238.139.58:1198 Mar 28 20:31:44 openvpn 9152 UDPv4 link local (bound): [AF_INET]82.70.29.78:0 Mar 28 20:31:44 openvpn 9152 TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.139.58:1198 Mar 28 20:31:44 openvpn 9152 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 28 20:31:44 openvpn 9065 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Mar 28 20:31:44 openvpn 9065 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Mar 28 20:31:44 openvpn 9065 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Mar 28 20:31:44 openvpn 75177 SIGTERM[hard,] received, process exiting Mar 28 20:31:44 openvpn 75177 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 10.73.10.10 10.73.10.9 init Mar 28 20:31:44 openvpn 75177 event_wait : Interrupted system call (code=4) Mar 28 20:31:44 openvpn 84602 Initialization Sequence Completed Mar 28 20:31:44 openvpn 84602 UDPv6 link remote: [AF_UNSPEC] Mar 28 20:31:44 openvpn 84602 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mar 28 20:31:44 openvpn 84602 setsockopt(IPV6_V6ONLY=0) Mar 28 20:31:44 openvpn 84602 Could not determine IPv4/IPv6 protocol. Using AF_INET6
CAn anyone help with this? if you require more information ill be happy to provide it.
Thank you,
b -
You don't need any crazy stuff like NAT or Floating Rules to run any OpenVPN Instance on your pfSense as Edge Firewall.
Just some Firewall Rules simple as
For Remote Access Server you can just run through the OpenVPN Wizard, it will automatically creates the Firewall Rules for your.
-Rico
-
@Rico Thank you Rico,
However these rules are in place for the OpenVPN Client running on the server which forces specific network IP's over a VPN connection.Thsi si seporate from the OpenVPN server im trying to implement. (The Pfsense OpenVPN client works fine)
-
For a OpenVPN Client you don't need any Firewall Rules in your WAN tab.
Sure you need them for incoming connections to your OpenVPN Server.-Rico
-
i have removed the spare firewall rule. i now have the following
Still no change.
The is still no received packets from the server. -
Is your pfSense WAN address RFC1918?
So there is any ISP upstream router? Did you forward your OpenVPN port from this router to pfSense?-Rico