IOS 12.4.1 error connecting on pfsense OpenVPN setup server

seramis

Hi below is the logs where i cannot connect to my own pfsense OpenVPN server using my iPhone.
-Do i need a static IP from ISP?
-I tried turning off my modem firewall still no luck.

Can anyone help? TIA

2019-09-18 15:35:05 1

2019-09-18 15:35:05 ----- OpenVPN Start -----
OpenVPN core 3.git::728733ae ios arm64 64-bit PT_PROXY built on Aug 15 2019 06:21:05

2019-09-18 15:35:05 OpenVPN core 3.git::728733ae ios arm64 64-bit PT_PROXY built on Aug 15 2019 06:21:05

2019-09-18 15:35:05 Frame=512/2048/512 mssfix-ctrl=1250

2019-09-18 15:35:05 UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
3 [ncp-ciphers] [AES-128-GCM]
5 [tls-client]

2019-09-18 15:35:05 EVENT: RESOLVE

2019-09-18 15:35:05 Contacting [192.168.1.2]:1194/UDP via UDP

2019-09-18 15:35:05 EVENT: WAIT

2019-09-18 15:35:05 Connecting to [192.168.1.2]:1194 (192.168.1.2) via UDPv4

2019-09-18 15:35:15 Server poll timeout, trying next remote entry...

2019-09-18 15:35:15 EVENT: RECONNECTING

2019-09-18 15:35:15 EVENT: RESOLVE

2019-09-18 15:35:15 Contacting [192.168.1.2]:1194/UDP via UDP

2019-09-18 15:35:15 EVENT: WAIT

2019-09-18 15:35:15 Connecting to [192.168.1.2]:1194 (192.168.1.2) via UDPv4

2019-09-18 15:35:25 Server poll timeout, trying next remote entry...

2019-09-18 15:35:25 EVENT: RECONNECTING

2019-09-18 15:35:25 EVENT: RESOLVE

2019-09-18 15:35:25 Contacting [192.168.1.2]:1194/UDP via UDP

2019-09-18 15:35:25 EVENT: WAIT

2019-09-18 15:35:25 Connecting to [192.168.1.2]:1194 (192.168.1.2) via UDPv4

2019-09-18 15:35:35 EVENT: CONNECTION_TIMEOUT [ERR]

2019-09-18 15:35:35 Raw stats on disconnect:
BYTES_OUT : 1566
PACKETS_OUT : 29
CONNECTION_TIMEOUT : 1
N_RECONNECT : 2

2019-09-18 15:35:35 Performance stats on disconnect:
CPU usage (microseconds): 63054
Network bytes per CPU second: 24835
Tunnel bytes per CPU second: 0

2019-09-18 15:35:35 EVENT: DISCONNECTED

2019-09-18 15:35:35 Raw stats on disconnect:
BYTES_OUT : 1566
PACKETS_OUT : 29
CONNECTION_TIMEOUT : 1
N_RECONNECT : 2

2019-09-18 15:35:35 Performance stats on disconnect:
CPU usage (microseconds): 65490
Network bytes per CPU second: 23912
Tunnel bytes per CPU second: 0

viragomann

@seramis said in IOS 12.4.1 error connecting on pfsense OpenVPN setup server:

-Do i need a static IP from ISP?

You only need an IP which is accessible on UDP 1194, as your server is set to use.
If you have a dynamic IP you must use a dynDNS service.

@seramis said in IOS 12.4.1 error connecting on pfsense OpenVPN setup server:

-I tried turning off my modem firewall still no luck.

So there is a modem in front of pfSense? Is it in router mode or is it possible set it into bridge mode?
If it is in router mode, have you forwarded UDP 1194 to the pfSense WAN IP?

You have to provide some details about your setup.

seramis

@viragomann Hi thank you for your response

I have modem came from the ISP, i turned off its firewall and IP is 192.168.1.1/24
i'm not sure how to forward UDP 1194 to pfsense WAN IP?

my PFsense LAN is 192.168.1.5/24
my PFsense LAN is 192.168.1.230/24

i already tried dynDNS service from "no IP" which gives me d3skt0p2019.ddns.net 110.54.240.157

OpenVPN tunnel network is 192.168.50.0/24

NogBadTheBad

@seramis

Ideally you should put your ISP modem into modem/bridge mode if you can.

Double NAT can be a right pain in the backside.

viragomann

So does your modem have no possibility to set it into bridge mode?

If not, you have to forward the VPN packets on it. How to do that, depends on the specific device. Since you did not mention, nobody can tell you how to do that.

Also the configuration of the OpenVPN depends on you setup. Do you use pfSense as a router in your LAN or is it in the LAN with other devices which you are trying to access over the VPN?

seramis

@viragomann just tried port forwarding but still no luck
https://www.cfos.de/en-us/cfos-personal-net/port-forwarding/huawei-b315s-936.htm

My PFsense is in the LAN with other devices which i am trying to access over the VPN, my DHCP and DNS role is done by the ISP modem

@NogBadTheBad ill try that Sir thank you

viragomann

The "NAT settings" may be the option to use for this, not "virtual server".

Marci

@seramis said in IOS 12.4.1 error connecting on pfsense OpenVPN setup server:

2019-09-18 15:35:05 EVENT: RESOLVE
2019-09-18 15:35:05 Contacting [192.168.1.2]:1194/UDP via UDP

You need to connect to your public IP. In the log it shows that you are connecting to 192.168.1.2, which is your local IP within your network. This is not reachable from the outside.

You need to change this either to a static IP which has been assigned to you by your ISP or (recommended option) use a DynamicDNS service (e.g. freemyip.com).