Cannot Connect to VPN
-
Hi Forum.
I have a little issue - that I cannot see my mistake somewhere:
I have setup my new XG7100-1U - and all internal networks works fine - but I do have an issue regarding OpenVPNWhen testing my new Configuration - I Only used an internal IP - And I did not have any issues with connectin from my old existing LAN to the WAN IP of the Netgate
Now I configured and setup my PFsense - and every portforward etc are actually working as intended.
But When I'm testing my VPN - it will not connect to the PFsense.
My Laptop is connected through 3G Router - so I'm comming from a public IP. - and here is where something goes wrong.
My VPN server --> https://ibb.co/DKkbBQH ( When I testet this connection - it was working fine on internal LAN during the setup process.
In my OpenVPN GUI - I'm getting these log:Sat Aug 10 08:53:15 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019 Sat Aug 10 08:53:15 2019 Windows version 6.2 (Windows 8 or greater) 64bit Sat Aug 10 08:53:15 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10 Enter Management Password: Sat Aug 10 08:53:16 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:53:16 2019 UDP link local (bound): [AF_INET][undef]:1194 Sat Aug 10 08:53:16 2019 UDP link remote: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:54:16 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Aug 10 08:54:16 2019 TLS Error: TLS handshake failed Sat Aug 10 08:54:16 2019 SIGUSR1[soft,tls-error] received, process restarting Sat Aug 10 08:54:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:54:21 2019 UDP link local (bound): [AF_INET][undef]:1194 Sat Aug 10 08:54:21 2019 UDP link remote: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:55:21 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Aug 10 08:55:21 2019 TLS Error: TLS handshake failed Sat Aug 10 08:55:21 2019 SIGUSR1[soft,tls-error] received, process restarting Sat Aug 10 08:55:26 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:55:26 2019 UDP link local (bound): [AF_INET][undef]:1194 Sat Aug 10 08:55:26 2019 UDP link remote: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:56:26 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Aug 10 08:56:26 2019 TLS Error: TLS handshake failed Sat Aug 10 08:56:26 2019 SIGUSR1[soft,tls-error] received, process restarting Sat Aug 10 08:56:31 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.103.38.98:10094 Sat Aug 10 08:56:31 2019 UDP link local (bound): [AF_INET][undef]:1194 Sat Aug 10 08:56:31 2019 UDP link remote: [AF_INET]5.103.38.98:10094
I've have deleted all Certificates and recreate those afterwards - to make sure nothing was wong with the certificates.
I've deleted and recreated the firewall rule --> https://ibb.co/V33WyRn
a little more detailed: https://ibb.co/tzh5Dc4But cannot get connection through the VPN - and I cannot see where it goes wrong. My Service says its OK and up and running: https://ibb.co/yWJH4Kh
And my logfile from OpenVPN only shows:
Aug 10 08:58:48 openvpn 95626 MANAGEMENT: CMD 'quit' Aug 10 08:58:48 openvpn 95626 MANAGEMENT: Client disconnected Aug 10 08:58:48 openvpn 53719 MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock Aug 10 08:58:48 openvpn 53719 MANAGEMENT: CMD 'status 2' Aug 10 08:58:48 openvpn 53719 MANAGEMENT: CMD 'quit' Aug 10 08:58:48 openvpn 53719 MANAGEMENT: Client disconnected Aug 10 08:58:52 openvpn 95626 tls-crypt unwrap error: packet authentication failed Aug 10 08:58:52 openvpn 95626 TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194 Aug 10 08:59:00 openvpn 95626 tls-crypt unwrap error: packet authentication failed Aug 10 08:59:00 openvpn 95626 TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194 Aug 10 08:59:16 openvpn 95626 tls-crypt unwrap error: packet authentication failed Aug 10 08:59:16 openvpn 95626 TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194 Aug 10 08:59:49 openvpn 95626 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock Aug 10 08:59:50 openvpn 95626 MANAGEMENT: CMD 'status 2' Aug 10 08:59:50 openvpn 95626 MANAGEMENT: CMD 'quit' Aug 10 08:59:50 openvpn 95626 MANAGEMENT: Client disconnected Aug 10 08:59:50 openvpn 53719 MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock Aug 10 08:59:50 openvpn 53719 MANAGEMENT: CMD 'status 2' Aug 10 08:59:50 openvpn 53719 MANAGEMENT: CMD 'quit' Aug 10 08:59:50 openvpn 53719 MANAGEMENT: Client disconnected Aug 10 09:00:52 openvpn 95626 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock Aug 10 09:00:52 openvpn 95626 MANAGEMENT: CMD 'status 2' Aug 10 09:00:52 openvpn 95626 MANAGEMENT: CMD 'quit' Aug 10 09:00:52 openvpn 95626 MANAGEMENT: Client disconnected Aug 10 09:00:52 openvpn 53719 MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock Aug 10 09:00:52 openvpn 53719 MANAGEMENT: CMD 'status 2' Aug 10 09:00:52 openvpn 53719 MANAGEMENT: CMD 'quit' Aug 10 09:00:52 openvpn 53719 MANAGEMENT: Client disconnected Aug 10 09:01:54 openvpn 95626 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock Aug 10 09:01:54 openvpn 95626 MANAGEMENT: CMD 'status 2' Aug 10 09:01:54 openvpn 95626 MANAGEMENT: CMD 'quit' Aug 10 09:01:54 openvpn 95626 MANAGEMENT: Client disconnected Aug 10 09:01:54 openvpn 53719 MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock Aug 10 09:01:55 openvpn 53719 MANAGEMENT: CMD 'status 2' Aug 10 09:01:55 openvpn 53719 MANAGEMENT: CMD 'quit' Aug 10 09:01:55 openvpn 53719 MANAGEMENT: Client disconnected
My ovpn file looks like this:
dev tun persist-tun persist-key cipher AES-256-CBC ncp-disable auth SHA512 tls-client client resolv-retry infinite remote 5.103.38.98 10094 udp verify-x509-name "OpenVPN Server" name auth-user-pass Webmeup/auth.cfg remote-cert-tls server auth-nocache
My OpenVPN GUI is version 2.4.7-1607-Win10
Can anyone see I made a mistake somewhere - or could point me in the rigth direction -
i can tell you that right now port 10094 is filtered, the port is blocked by firewall or other network obstacle or nothing is listening there
-
@Udbytossen said in Cannot Connect to VPN:
Aug 10 08:58:52 openvpn 95626 tls-crypt unwrap error: packet authentication failed
You have tls key mismatch or your settings for tls auth and encryption mismatch?
You didn't post up your server config.. so hard to tell for sure.
-
Well - Found the error
For getting it working internal in test - I forced the Gateway on the VPN Server.
I removed this and everything is working now -
@Udbytossen said in Cannot Connect to VPN:
TLS Error: tls-crypt unwrapping failed from [AF_INET]109.57.149.202:1194
Something hitting your box from that 109 address where the TLS didn't auth..
Your IP having a /29 mask doesn't have anything to do with listening on the correct address.
Also not sure why your having your clients source port be 1194?