Cannot Connect to VPN



  • Hi Forum.
    I have a little issue - that I cannot see my mistake somewhere:
    I have setup my new XG7100-1U - and all internal networks works fine - but I do have an issue regarding OpenVPN

    When testing my new Configuration - I Only used an internal IP - And I did not have any issues with connectin from my old existing LAN to the WAN IP of the Netgate

    Now I configured and setup my PFsense - and every portforward etc are actually working as intended.
    But When I'm testing my VPN - it will not connect to the PFsense.
    My Laptop is connected through 3G Router - so I'm comming from a public IP. - and here is where something goes wrong.
    My VPN server --> https://ibb.co/DKkbBQH ( When I testet this connection - it was working fine on internal LAN during the setup process.
    In my OpenVPN GUI - I'm getting these log:

    Sat Aug 10 08:53:15 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
    Sat Aug 10 08:53:15 2019 Windows version 6.2 (Windows 8 or greater) 64bit
    Sat Aug 10 08:53:15 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
    Enter Management Password:
    Sat Aug 10 08:53:16 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:53:16 2019 UDP link local (bound): [AF_INET][undef]:1194
    Sat Aug 10 08:53:16 2019 UDP link remote: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:54:16 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Aug 10 08:54:16 2019 TLS Error: TLS handshake failed
    Sat Aug 10 08:54:16 2019 SIGUSR1[soft,tls-error] received, process restarting
    Sat Aug 10 08:54:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:54:21 2019 UDP link local (bound): [AF_INET][undef]:1194
    Sat Aug 10 08:54:21 2019 UDP link remote: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:55:21 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Aug 10 08:55:21 2019 TLS Error: TLS handshake failed
    Sat Aug 10 08:55:21 2019 SIGUSR1[soft,tls-error] received, process restarting
    Sat Aug 10 08:55:26 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:55:26 2019 UDP link local (bound): [AF_INET][undef]:1194
    Sat Aug 10 08:55:26 2019 UDP link remote: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:56:26 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Aug 10 08:56:26 2019 TLS Error: TLS handshake failed
    Sat Aug 10 08:56:26 2019 SIGUSR1[soft,tls-error] received, process restarting
    Sat Aug 10 08:56:31 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
    Sat Aug 10 08:56:31 2019 UDP link local (bound): [AF_INET][undef]:1194
    Sat Aug 10 08:56:31 2019 UDP link remote: [AF_INET]5.103.38.98:10094
    

    I've have deleted all Certificates and recreate those afterwards - to make sure nothing was wong with the certificates.
    I've deleted and recreated the firewall rule --> https://ibb.co/V33WyRn
    a little more detailed: https://ibb.co/tzh5Dc4

    But cannot get connection through the VPN - and I cannot see where it goes wrong. My Service says its OK and up and running: https://ibb.co/yWJH4Kh

    And my logfile from OpenVPN only shows:

    Aug 10 08:58:48	openvpn	95626	MANAGEMENT: CMD 'quit'
    Aug 10 08:58:48	openvpn	95626	MANAGEMENT: Client disconnected
    Aug 10 08:58:48	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
    Aug 10 08:58:48	openvpn	53719	MANAGEMENT: CMD 'status 2'
    Aug 10 08:58:48	openvpn	53719	MANAGEMENT: CMD 'quit'
    Aug 10 08:58:48	openvpn	53719	MANAGEMENT: Client disconnected
    Aug 10 08:58:52	openvpn	95626	tls-crypt unwrap error: packet authentication failed
    Aug 10 08:58:52	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
    Aug 10 08:59:00	openvpn	95626	tls-crypt unwrap error: packet authentication failed
    Aug 10 08:59:00	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
    Aug 10 08:59:16	openvpn	95626	tls-crypt unwrap error: packet authentication failed
    Aug 10 08:59:16	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
    Aug 10 08:59:49	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 10 08:59:50	openvpn	95626	MANAGEMENT: CMD 'status 2'
    Aug 10 08:59:50	openvpn	95626	MANAGEMENT: CMD 'quit'
    Aug 10 08:59:50	openvpn	95626	MANAGEMENT: Client disconnected
    Aug 10 08:59:50	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
    Aug 10 08:59:50	openvpn	53719	MANAGEMENT: CMD 'status 2'
    Aug 10 08:59:50	openvpn	53719	MANAGEMENT: CMD 'quit'
    Aug 10 08:59:50	openvpn	53719	MANAGEMENT: Client disconnected
    Aug 10 09:00:52	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 10 09:00:52	openvpn	95626	MANAGEMENT: CMD 'status 2'
    Aug 10 09:00:52	openvpn	95626	MANAGEMENT: CMD 'quit'
    Aug 10 09:00:52	openvpn	95626	MANAGEMENT: Client disconnected
    Aug 10 09:00:52	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
    Aug 10 09:00:52	openvpn	53719	MANAGEMENT: CMD 'status 2'
    Aug 10 09:00:52	openvpn	53719	MANAGEMENT: CMD 'quit'
    Aug 10 09:00:52	openvpn	53719	MANAGEMENT: Client disconnected
    Aug 10 09:01:54	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 10 09:01:54	openvpn	95626	MANAGEMENT: CMD 'status 2'
    Aug 10 09:01:54	openvpn	95626	MANAGEMENT: CMD 'quit'
    Aug 10 09:01:54	openvpn	95626	MANAGEMENT: Client disconnected
    Aug 10 09:01:54	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
    Aug 10 09:01:55	openvpn	53719	MANAGEMENT: CMD 'status 2'
    Aug 10 09:01:55	openvpn	53719	MANAGEMENT: CMD 'quit'
    Aug 10 09:01:55	openvpn	53719	MANAGEMENT: Client disconnected
    

    My ovpn file looks like this:

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-disable
    auth SHA512
    tls-client
    client
    resolv-retry infinite
    remote 5.103.38.98 10094 udp
    verify-x509-name "OpenVPN Server" name
    auth-user-pass Webmeup/auth.cfg
    remote-cert-tls server
    auth-nocache
    

    My OpenVPN GUI is version 2.4.7-1607-Win10
    Can anyone see I made a mistake somewhere - or could point me in the rigth direction


  • LAYER 8

    i can tell you that right now port 10094 is filtered, the port is blocked by firewall or other network obstacle or nothing is listening there


  • LAYER 8 Global Moderator

    @Udbytossen said in Cannot Connect to VPN:

    Aug 10 08:58:52 openvpn 95626 tls-crypt unwrap error: packet authentication failed

    You have tls key mismatch or your settings for tls auth and encryption mismatch?

    You didn't post up your server config.. so hard to tell for sure.



  • Well - Found the error

    For getting it working internal in test - I forced the Gateway on the VPN Server.
    I removed this and everything is working now


  • LAYER 8 Global Moderator

    @Udbytossen said in Cannot Connect to VPN:

    TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194

    Something hitting your box from that 109 address where the TLS didn't auth..

    Your IP having a /29 mask doesn't have anything to do with listening on the correct address.

    Also not sure why your having your clients source port be 1194?


Log in to reply