4. Cannot Connect to VPN

Cannot Connect to VPN

  • U

    Hi Forum.
    I have a little issue - that I cannot see my mistake somewhere:
    I have setup my new XG7100-1U - and all internal networks works fine - but I do have an issue regarding OpenVPN

    When testing my new Configuration - I Only used an internal IP - And I did not have any issues with connectin from my old existing LAN to the WAN IP of the Netgate

    Now I configured and setup my PFsense - and every portforward etc are actually working as intended.
    But When I'm testing my VPN - it will not connect to the PFsense.
    My Laptop is connected through 3G Router - so I'm comming from a public IP. - and here is where something goes wrong.
    My VPN server --> https://ibb.co/DKkbBQH ( When I testet this connection - it was working fine on internal LAN during the setup process.
    In my OpenVPN GUI - I'm getting these log:

    Sat Aug 10 08:53:15 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Sat Aug 10 08:53:15 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Aug 10 08:53:15 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Management Password:
Sat Aug 10 08:53:16 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:53:16 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:53:16 2019 UDP link remote: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:54:16 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Aug 10 08:54:16 2019 TLS Error: TLS handshake failed
Sat Aug 10 08:54:16 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Aug 10 08:54:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:54:21 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:54:21 2019 UDP link remote: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:55:21 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Aug 10 08:55:21 2019 TLS Error: TLS handshake failed
Sat Aug 10 08:55:21 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Aug 10 08:55:26 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:55:26 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:55:26 2019 UDP link remote: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:56:26 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Aug 10 08:56:26 2019 TLS Error: TLS handshake failed
Sat Aug 10 08:56:26 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Aug 10 08:56:31 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094
Sat Aug 10 08:56:31 2019 UDP link local (bound): [AF_INET][undef]:1194
Sat Aug 10 08:56:31 2019 UDP link remote: [AF_INET]5.103.38.98:10094

    I've have deleted all Certificates and recreate those afterwards - to make sure nothing was wong with the certificates.
    I've deleted and recreated the firewall rule --> https://ibb.co/V33WyRn
    a little more detailed: https://ibb.co/tzh5Dc4

    But cannot get connection through the VPN - and I cannot see where it goes wrong. My Service says its OK and up and running: https://ibb.co/yWJH4Kh

    And my logfile from OpenVPN only shows:

    Aug 10 08:58:48	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 08:58:48	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 08:58:48	openvpn	53719	MANAGEMENT: Client disconnected
Aug 10 08:58:52	openvpn	95626	tls-crypt unwrap error: packet authentication failed
Aug 10 08:58:52	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Aug 10 08:59:00	openvpn	95626	tls-crypt unwrap error: packet authentication failed
Aug 10 08:59:00	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Aug 10 08:59:16	openvpn	95626	tls-crypt unwrap error: packet authentication failed
Aug 10 08:59:16	openvpn	95626	TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Aug 10 08:59:49	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Aug 10 08:59:50	openvpn	95626	MANAGEMENT: CMD 'status 2'
Aug 10 08:59:50	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 08:59:50	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 08:59:50	openvpn	53719	MANAGEMENT: Client disconnected
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: CMD 'status 2'
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 09:00:52	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 09:00:52	openvpn	53719	MANAGEMENT: Client disconnected
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: CMD 'status 2'
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: CMD 'quit'
Aug 10 09:01:54	openvpn	95626	MANAGEMENT: Client disconnected
Aug 10 09:01:54	openvpn	53719	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Aug 10 09:01:55	openvpn	53719	MANAGEMENT: CMD 'status 2'
Aug 10 09:01:55	openvpn	53719	MANAGEMENT: CMD 'quit'
Aug 10 09:01:55	openvpn	53719	MANAGEMENT: Client disconnected

    My ovpn file looks like this:

    dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA512
tls-client
client
resolv-retry infinite
remote 5.103.38.98 10094 udp
verify-x509-name "OpenVPN Server" name
auth-user-pass Webmeup/auth.cfg
remote-cert-tls server
auth-nocache

    My OpenVPN GUI is version 2.4.7-1607-Win10
    Can anyone see I made a mistake somewhere - or could point me in the rigth direction

    0
  • LAYER 8

    i can tell you that right now port 10094 is filtered, the port is blocked by firewall or other network obstacle or nothing is listening there

    0
  • LAYER 8 Global Moderator

    @Udbytossen said in Cannot Connect to VPN:

    Aug 10 08:58:52 openvpn 95626 tls-crypt unwrap error: packet authentication failed

    You have tls key mismatch or your settings for tls auth and encryption mismatch?

    You didn't post up your server config.. so hard to tell for sure.

    0
  • U

    Well - Found the error

    For getting it working internal in test - I forced the Gateway on the VPN Server.
    I removed this and everything is working now

    0
  • LAYER 8 Global Moderator

    @Udbytossen said in Cannot Connect to VPN:

    TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194

    Something hitting your box from that 109 address where the TLS didn't auth..

    Your IP having a /29 mask doesn't have anything to do with listening on the correct address.

    Also not sure why your having your clients source port be 1194?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy