Issues with OpenVPN
-
Hi
I have some issues with OpenVPN , i have test much configuration of OpenVPN remote access with TLS/ssl ans user auth. But not working
I duplicate the configuration of firewall who OpenVPN IS work perfectly but the same issue
I open a request but non one have help md
-
I assume you mean this one:
https://forum.netgate.com/topic/149179/openvpn-remonte-access-througth-dynamic-ipWhat exactly is the server behind? What is the wifi box?
Telneting to the port should show nothing as that tests TCP and this is UDP. Where were you testing from? If it was some external IP then something else is responding there.
Steve
-
Thanks you for your reply
Well , the wifi box is like a router , we have a sim card , i insert this sim card in this router , the router work lika a access point with Dynamic IP
I can't identify the error , i test my configuration with a static IP public (with Cisco router) and with the same configuration with a an author Pfsense , but It's not working
-
The celluar router device gives you a public IP? They often do not.
-
yes , 165.51.232.XXX this is the ip
my pfsense have 3 network card : 1 for lan and 2 for wan (one is plugged and one no)
-
log file of openvpn client
Wed Dec 25 09:10:55 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]165.51.232.17:1194 Wed Dec 25 09:10:55 2019 UDP link local (bound): [AF_INET][undef]:1194 Wed Dec 25 09:10:55 2019 UDP link remote: [AF_INET]165.51.232.17:1194 Wed Dec 25 09:11:56 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Dec 25 09:11:56 2019 TLS Error: TLS handshake failed Wed Dec 25 09:11:56 2019 SIGUSR1[soft,tls-error] received, process restarting Wed Dec 25 09:12:01 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]165.51.232.17:1194 Wed Dec 25 09:12:01 2019 UDP link local (bound): [AF_INET][undef]:1194 Wed Dec 25 09:12:01 2019 UDP link remote: [AF_INET]165.51.232.17:1194
-
The .ovpn user config
dev tun persist-tun persist-key cipher AES-256-CBC ncp-ciphers AES-128-GCM auth SHA1 tls-client client resolv-retry infinite remote 165.51.232.17 1194 udp verify-x509-name "ovpn.local.com" name auth-user-pass pkcs12 pfSense-UDP4-1194-ychtourou.p12 tls-auth pfSense-UDP4-1194-ychtourou-tls.key 1 remote-cert-tls server comp-lzo yes remote 165.51.232.17 1194 udp
-
-
Did you forward the OpenVPN server port from this Wifi Box to pfSense WAN?
-Rico
-
Running OVPN-Konfig
Maybe Google Translator is your friend here but just follow the screenshots. They are more of less self explaining.
A must have is the installation of the openvpn-client-export package from the package manager which eases a lot the generation of the client installation file ! -
Yes, that 165.x.x.x public IP does not appear in the routing table so you are behind the NAT of that cellular router. You will need a port forward in place for that in the cellular router if you cannot pass the public IP to pfSense directly.
You can see on the WAN firewall rules that 0 packets and states have been passed by the UDP 1194 rules. No traffic from the client is reaching pfSense currently.Steve