Issues with OpenVPN



  • Hi

    I have some issues with OpenVPN , i have test much configuration of OpenVPN remote access with TLS/ssl ans user auth. But not working

    I duplicate the configuration of firewall who OpenVPN IS work perfectly but the same issue

    I open a request but non one have help md


  • Netgate Administrator

    I assume you mean this one:
    https://forum.netgate.com/topic/149179/openvpn-remonte-access-througth-dynamic-ip

    What exactly is the server behind? What is the wifi box?

    Telneting to the port should show nothing as that tests TCP and this is UDP. Where were you testing from? If it was some external IP then something else is responding there.

    Steve



  • @stephenw10

    Thanks you for your reply

    Well , the wifi box is like a router , we have a sim card , i insert this sim card in this router , the router work lika a access point with Dynamic IP

    I can't identify the error , i test my configuration with a static IP public (with Cisco router) and with the same configuration with a an author Pfsense , but It's not working


  • Netgate Administrator

    The celluar router device gives you a public IP? They often do not.



  • @stephenw10

    yes , 165.51.232.XXX this is the ip

    my pfsense have 3 network card : 1 for lan and 2 for wan (one is plugged and one no)



  • log file of openvpn client

    Wed Dec 25 09:10:55 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]165.51.232.17:1194
    Wed Dec 25 09:10:55 2019 UDP link local (bound): [AF_INET][undef]:1194
    Wed Dec 25 09:10:55 2019 UDP link remote: [AF_INET]165.51.232.17:1194
    Wed Dec 25 09:11:56 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Dec 25 09:11:56 2019 TLS Error: TLS handshake failed
    Wed Dec 25 09:11:56 2019 SIGUSR1[soft,tls-error] received, process restarting
    Wed Dec 25 09:12:01 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]165.51.232.17:1194
    Wed Dec 25 09:12:01 2019 UDP link local (bound): [AF_INET][undef]:1194
    Wed Dec 25 09:12:01 2019 UDP link remote: [AF_INET]165.51.232.17:1194
    


  • The .ovpn user config

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-ciphers AES-128-GCM
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote 165.51.232.17 1194 udp
    verify-x509-name "ovpn.local.com" name
    auth-user-pass
    pkcs12 pfSense-UDP4-1194-ychtourou.p12
    tls-auth pfSense-UDP4-1194-ychtourou-tls.key 1
    remote-cert-tls server
    comp-lzo yes
    remote 165.51.232.17 1194 udp
    


  • 7.PNG 6.PNG 5.PNG 4.PNG 3.PNG 2.PNG 1.PNG


  • LAYER 8 Rebel Alliance

    Did you forward the OpenVPN server port from this Wifi Box to pfSense WAN?

    -Rico



  • Running OVPN-Konfig
    Maybe Google Translator is your friend here but just follow the screenshots. They are more of less self explaining.
    A must have is the installation of the openvpn-client-export package from the package manager which eases a lot the generation of the client installation file !


  • Netgate Administrator

    Yes, that 165.x.x.x public IP does not appear in the routing table so you are behind the NAT of that cellular router. You will need a port forward in place for that in the cellular router if you cannot pass the public IP to pfSense directly.
    You can see on the WAN firewall rules that 0 packets and states have been passed by the UDP 1194 rules. No traffic from the client is reaching pfSense currently.

    Steve


Log in to reply