Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot Connect to VPN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      Udbytossen
      last edited by

      Hi Forum.
      I have a little issue - that I cannot see my mistake somewhere:
      I have setup my new XG7100-1U - and all internal networks works fine - but I do have an issue regarding OpenVPN

      When testing my new Configuration - I Only used an internal IP - And I did not have any issues with connectin from my old existing LAN to the WAN IP of the Netgate

      Now I configured and setup my PFsense - and every portforward etc are actually working as intended.
      But When I'm testing my VPN - it will not connect to the PFsense.
      My Laptop is connected through 3G Router - so I'm comming from a public IP. - and here is where something goes wrong.
      My VPN server --> https://ibb.co/DKkbBQH ( When I testet this connection - it was working fine on internal LAN during the setup process.
      In my OpenVPN GUI - I'm getting these log:

      Sat Aug 10 08:53:15 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Sat Aug 10 08:53:15 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Aug 10 08:53:15 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Management Password:
Sat Aug 10 08:53:16 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:53:16 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:53:16 2019 UDP link remote: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:54:16 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Aug 10 08:54:16 2019 TLS Error: TLS handshake failed
Sat Aug 10 08:54:16 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Aug 10 08:54:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:54:21 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:54:21 2019 UDP link remote: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:55:21 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Aug 10 08:55:21 2019 TLS Error: TLS handshake failed
Sat Aug 10 08:55:21 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Aug 10 08:55:26 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:55:26 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:55:26 2019 UDP link remote: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:56:26 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Aug 10 08:56:26 2019 TLS Error: TLS handshake failed
Sat Aug 10 08:56:26 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Aug 10 08:56:31 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:56:31 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:56:31 2019 UDP link remote: [AF_INET]5.103.38.98:10094

      I've have deleted all Certificates and recreate those afterwards - to make sure nothing was wong with the certificates.
      I've deleted and recreated the firewall rule --> https://ibb.co/V33WyRn
      a little more detailed: https://ibb.co/tzh5Dc4

      But cannot get connection through the VPN - and I cannot see where it goes wrong. My Service says its OK and up and running: https://ibb.co/yWJH4Kh

      And my logfile from OpenVPN only shows:

      Aug 10 08:58:48	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 08:58:48	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: Client disconnected
Aug 10 08:58:52	openvpn	95626	tls-crypt unwrap error: packet authentication failed
Aug 10 08:58:52	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Aug 10 08:59:00	openvpn	95626	tls-crypt unwrap error: packet authentication failed
Aug 10 08:59:00	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Aug 10 08:59:16	openvpn	95626	tls-crypt unwrap error: packet authentication failed
Aug 10 08:59:16	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Aug 10 08:59:49	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Aug 10 08:59:50	openvpn	95626	MANAGEMENT: CMD 'status 2'
Aug 10 08:59:50	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 08:59:50	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: Client disconnected
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: CMD 'status 2'
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: Client disconnected
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: CMD 'status 2'
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 09:01:54	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 09:01:55	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 09:01:55	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 09:01:55	openvpn	53719	MANAGEMENT: Client disconnected

      My ovpn file looks like this:

      dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA512
tls-client
client
resolv-retry infinite
remote 5.103.38.98 10094 udp
verify-x509-name "OpenVPN Server" name
auth-user-pass Webmeup/auth.cfg
remote-cert-tls server
auth-nocache

      My OpenVPN GUI is version 2.4.7-1607-Win10
      Can anyone see I made a mistake somewhere - or could point me in the rigth direction

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        i can tell you that right now port 10094 is filtered, the port is blocked by firewall or other network obstacle or nothing is listening there

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          @Udbytossen said in Cannot Connect to VPN:

          Aug 10 08:58:52 openvpn 95626 tls-crypt unwrap error: packet authentication failed

          You have tls key mismatch or your settings for tls auth and encryption mismatch?

          You didn't post up your server config.. so hard to tell for sure.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • U
            Udbytossen
            last edited by Udbytossen

            Well - Found the error

            For getting it working internal in test - I forced the Gateway on the VPN Server.
            I removed this and everything is working now

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              @Udbytossen said in Cannot Connect to VPN:

              TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194

              Something hitting your box from that 109 address where the TLS didn't auth..

              Your IP having a /29 mask doesn't have anything to do with listening on the correct address.

              Also not sure why your having your clients source port be 1194?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.