OpenVPN is not working with some users

yefersoncm

Hi everybody, due to the coronavirus hazard the company have been implementing home working and I use Open VPN in my pfsense to connect clients, and since yesterday some users are getting an error and can not connect to the office network, we are more than 20 users and anly 4 (2 using W7 and 2 using W10) are getting this error.

This is the error:

Mon Apr 06 09:45:22 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 06 09:45:22 2020 TLS Error: TLS handshake failed

Im using pfsense 2.4.4 and no change made.

Thanks in advace for your help.

YannTKO

This message could appear if the server is not reachable.

yefersoncm

I know, but I'm reaching the server and more than 16 people are reaching the server, and the users are connected to internet.

Rico

That error is really generic and mostly connectivity related, as the message says.
Could be routing/peering issue between the Users ISP and the ISP you have on the server side. Are the 4 users with this error all using the same ISP?
How does a traceroute look from a working and not working client?

-Rico

yefersoncm

@Rico Hi, so far they have the same ISP, the thing is that is the same ISP that I have in the server side. Personally I have a different ISP and I can connect to the Office using openVPN.

yefersoncm

@Rico I have other users well connected with the same ISP of the clients that are having problems

Rico

Did you traceroute a working Client VS non-working client and check if there is any difference?
Also sniff pfSense WAN and see if traffic of a non-working client even hit pfSense.

-Rico

yefersoncm

@Rico I am not a pro user of pfsense, could you please let me know how to sniff the wan?

And no, non trafic from non-working users is hiting pfsense, non at all.

YannTKO

How many clients do you allowed in your server's settings ?

Rico

Diagnostics > Packet Capture
https://docs.netgate.com/pfsense/en/latest/book/packetcapture/packet-captures-from-the-webgui.html

-Rico

yefersoncm

@YannTKO I do not remember if this number were asked when I did the configuration but that was not a problem before because they were working without problems until yesterday.

Rico

Also see and work through this guide: https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html

-Rico

yefersoncm

Hi guys, I talkied with the ISP of this users and they confirm that the configuration changed and they are having this type of problems, we have to wait for them to fix it, thanks a lot for your help.