Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN is not working with some users

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 3 Posters 828 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yefersoncm
      last edited by

      Hi everybody, due to the coronavirus hazard the company have been implementing home working and I use Open VPN in my pfsense to connect clients, and since yesterday some users are getting an error and can not connect to the office network, we are more than 20 users and anly 4 (2 using W7 and 2 using W10) are getting this error.

      This is the error:

      Mon Apr 06 09:45:22 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Mon Apr 06 09:45:22 2020 TLS Error: TLS handshake failed

      Im using pfsense 2.4.4 and no change made.

      Thanks in advace for your help.

      1 Reply Last reply Reply Quote 0
      • Y
        YannTKO
        last edited by

        This message could appear if the server is not reachable.

        Netgate SG-3100 23.09.1
        Unifi UAP: 1x FlexHD + 2x nanoHD + 1x AC-IW | Unifi USW: 1x16-PoE Gen2 + 4x US-8-60W | Cloudkey Gen2 Plus
        1 x NUC8i7BEH 32Go - ESXI 8 (Pfsense + many VM)

        1 Reply Last reply Reply Quote 0
        • Y
          yefersoncm
          last edited by

          I know, but I'm reaching the server and more than 16 people are reaching the server, and the users are connected to internet.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by Rico

            That error is really generic and mostly connectivity related, as the message says.
            Could be routing/peering issue between the Users ISP and the ISP you have on the server side. Are the 4 users with this error all using the same ISP?
            How does a traceroute look from a working and not working client?

            -Rico

            Y 2 Replies Last reply Reply Quote 1
            • Y
              yefersoncm @Rico
              last edited by

              @Rico Hi, so far they have the same ISP, the thing is that is the same ISP that I have in the server side. Personally I have a different ISP and I can connect to the Office using openVPN.

              1 Reply Last reply Reply Quote 0
              • Y
                yefersoncm @Rico
                last edited by

                @Rico I have other users well connected with the same ISP of the clients that are having problems

                1 Reply Last reply Reply Quote 0
                • RicoR
                  Rico LAYER 8 Rebel Alliance
                  last edited by Rico

                  Did you traceroute a working Client VS non-working client and check if there is any difference?
                  Also sniff pfSense WAN and see if traffic of a non-working client even hit pfSense.

                  -Rico

                  Y 1 Reply Last reply Reply Quote 0
                  • Y
                    yefersoncm @Rico
                    last edited by

                    @Rico I am not a pro user of pfsense, could you please let me know how to sniff the wan?

                    And no, non trafic from non-working users is hiting pfsense, non at all.

                    1 Reply Last reply Reply Quote 0
                    • Y
                      YannTKO
                      last edited by

                      How many clients do you allowed in your server's settings ?

                      Netgate SG-3100 23.09.1
                      Unifi UAP: 1x FlexHD + 2x nanoHD + 1x AC-IW | Unifi USW: 1x16-PoE Gen2 + 4x US-8-60W | Cloudkey Gen2 Plus
                      1 x NUC8i7BEH 32Go - ESXI 8 (Pfsense + many VM)

                      Y 1 Reply Last reply Reply Quote 0
                      • RicoR
                        Rico LAYER 8 Rebel Alliance
                        last edited by Rico

                        Diagnostics > Packet Capture
                        https://docs.netgate.com/pfsense/en/latest/book/packetcapture/packet-captures-from-the-webgui.html

                        -Rico

                        1 Reply Last reply Reply Quote 0
                        • Y
                          yefersoncm @YannTKO
                          last edited by

                          @YannTKO I do not remember if this number were asked when I did the configuration but that was not a problem before because they were working without problems until yesterday.

                          1 Reply Last reply Reply Quote 0
                          • RicoR
                            Rico LAYER 8 Rebel Alliance
                            last edited by

                            Also see and work through this guide: https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html

                            -Rico

                            1 Reply Last reply Reply Quote 0
                            • Y
                              yefersoncm
                              last edited by

                              Hi guys, I talkied with the ISP of this users and they confirm that the configuration changed and they are having this type of problems, we have to wait for them to fix it, thanks a lot for your help.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.