OPENVPN client problem

ninocuenco · May 22, 2020, 5:34 AM

Hello guys im new in setting-up open vpn with pfsense if the computer is connected to lan i can connect with the vpn but if the laptop is connected to wireless its always failed in connecting into the server

this is my client log

Fri May 22 10:18:56 2020 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Fri May 22 10:18:56 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Fri May 22 10:18:56 2020 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Fri May 22 10:19:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:19:03 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:19:03 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:20:03 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:20:03 2020 TLS Error: TLS handshake failed
Fri May 22 10:20:03 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:20:08 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:20:08 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:20:08 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:21:08 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:21:08 2020 TLS Error: TLS handshake failed
Fri May 22 10:21:08 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:21:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:21:13 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:21:13 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:22:13 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:22:13 2020 TLS Error: TLS handshake failed
Fri May 22 10:22:13 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:22:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:22:18 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:22:18 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:23:18 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:23:18 2020 TLS Error: TLS handshake failed
Fri May 22 10:23:18 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:23:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:23:23 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:23:23 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:24:23 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:24:23 2020 TLS Error: TLS handshake failed
Fri May 22 10:24:23 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:24:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:24:33 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:24:33 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:25:33 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:25:33 2020 TLS Error: TLS handshake failed
Fri May 22 10:25:33 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:25:53 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:25:53 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:25:53 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:26:54 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:26:54 2020 TLS Error: TLS handshake failed
Fri May 22 10:26:54 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:27:34 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:27:34 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:27:34 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:28:34 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:28:34 2020 TLS Error: TLS handshake failed
Fri May 22 10:28:34 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:29:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:29:55 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:29:55 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:30:56 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:30:56 2020 TLS Error: TLS handshake failed
Fri May 22 10:30:56 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:33:36 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:33:36 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:33:36 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:34:36 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:34:36 2020 TLS Error: TLS handshake failed
Fri May 22 10:34:36 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:39:36 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:39:36 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:39:36 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:40:36 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:40:36 2020 TLS Error: TLS handshake failed
Fri May 22 10:40:36 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri May 22 10:45:36 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.7:1194
Fri May 22 10:45:36 2020 UDP link local (bound): [AF_INET][undef]:1194
Fri May 22 10:45:36 2020 UDP link remote: [AF_INET]192.168.1.7:1194
Fri May 22 10:46:36 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 22 10:46:36 2020 TLS Error: TLS handshake failed
Fri May 22 10:46:36 2020 SIGUSR1[soft,tls-error] received, process restarting

this is my server log

May 21 16:26:47 openvpn 18585 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10
May 21 16:26:47 openvpn 18731 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 21 16:26:47 openvpn 18731 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
May 21 16:26:47 openvpn 18731 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
May 21 16:26:47 openvpn 18731 TUN/TAP device ovpns1 exists previously, keep at program end
May 21 16:26:47 openvpn 18731 TUN/TAP device /dev/tun1 opened
May 21 16:26:47 openvpn 18731 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
May 21 16:26:47 openvpn 18731 /sbin/ifconfig ovpns1 10.0.1.1 10.0.1.2 mtu 1500 netmask 255.255.255.0 up
May 21 16:26:47 openvpn 18731 /usr/local/sbin/ovpn-linkup ovpns1 1500 1557 10.0.1.1 255.255.255.0 init
May 21 16:26:47 openvpn 18731 UDPv4 link local (bound): [AF_INET]192.168.1.7:1194
May 21 16:26:47 openvpn 18731 UDPv4 link remote: [undef]
May 21 16:26:47 openvpn 18731 Initialization Sequence Completed
May 21 16:27:39 openvpn user 'adminonins' authenticated
May 21 16:27:39 openvpn 18731 192.168.1.6:1194 [adminonins] Peer Connection Initiated with [AF_INET]192.168.1.6:1194
May 21 16:27:39 openvpn 18731 adminonins/192.168.1.6:1194 MULTI_sva: pool returned IPv4=10.0.1.2, IPv6=(Not enabled)
May 21 16:27:41 openvpn 18731 adminonins/192.168.1.6:1194 send_push_reply(): safe_cap=940
May 21 16:38:52 openvpn 18731 adminonins/192.168.1.6:1194 [adminonins] Inactivity timeout (--ping-restart), restarting
May 21 16:39:14 openvpn user 'adminonins' authenticated
May 21 16:39:14 openvpn 18731 10.0.0.43:1194 [adminonins] Peer Connection Initiated with [AF_INET]10.0.0.43:1194
May 21 16:39:14 openvpn 18731 adminonins/10.0.0.43:1194 MULTI_sva: pool returned IPv4=10.0.1.2, IPv6=(Not enabled)
May 21 16:39:15 openvpn 18731 adminonins/10.0.0.43:1194 send_push_reply(): safe_cap=940
May 21 16:41:18 openvpn user 'adminonins' authenticated
May 21 16:41:18 openvpn 18731 192.168.1.6:1194 [adminonins] Peer Connection Initiated with [AF_INET]192.168.1.6:1194
May 21 16:41:18 openvpn 18731 MULTI_sva: pool returned IPv4=10.0.1.2, IPv6=(Not enabled)
May 21 16:41:19 openvpn 18731 adminonins/192.168.1.6:1194 send_push_reply(): safe_cap=940
May 21 17:06:54 openvpn 18731 event_wait : Interrupted system call (code=4)
May 21 17:06:54 openvpn 18731 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1557 10.0.1.1 255.255.255.0 init
May 21 17:06:54 openvpn 18731 SIGTERM[hard,] received, process exiting
May 21 17:06:54 openvpn 44585 OpenVPN 2.3.17 i386-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Oct 25 2017
May 21 17:06:54 openvpn 44585 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10
May 21 17:06:54 openvpn 44655 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 21 17:06:54 openvpn 44655 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
May 21 17:06:54 openvpn 44655 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
May 21 17:06:54 openvpn 44655 TUN/TAP device ovpns1 exists previously, keep at program end
May 21 17:06:54 openvpn 44655 TUN/TAP device /dev/tun1 opened
May 21 17:06:54 openvpn 44655 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
May 21 17:06:54 openvpn 44655 /sbin/ifconfig ovpns1 10.0.1.1 10.0.1.2 mtu 1500 netmask 255.255.255.0 up
May 21 17:06:54 openvpn 44655 /usr/local/sbin/ovpn-linkup ovpns1 1500 1557 10.0.1.1 255.255.255.0 init
May 21 17:06:54 openvpn 44655 UDPv4 link local (bound): [AF_INET]192.168.1.7:1194
May 21 17:06:54 openvpn 44655 UDPv4 link remote: [undef]
May 21 17:06:54 openvpn 44655 Initialization Sequence Completed
May 21 17:07:59 openvpn user 'adminonins' authenticated
May 21 17:07:59 openvpn 44655 192.168.1.6:1194 [adminonins] Peer Connection Initiated with [AF_INET]192.168.1.6:1194
May 21 17:07:59 openvpn 44655 adminonins/192.168.1.6:1194 MULTI_sva: pool returned IPv4=10.0.1.2, IPv6=(Not enabled)
May 21 17:08:01 openvpn 44655 adminonins/192.168.1.6:1194 send_push_reply(): safe_cap=940
May 21 17:11:41 openvpn 44655 adminonins/192.168.1.6:1194 [adminonins] Inactivity timeout (--ping-restart), restarting
May 22 09:55:00 openvpn user 'adminonins' authenticated
May 22 09:55:00 openvpn 44655 192.168.1.6:1194 [adminonins] Peer Connection Initiated with [AF_INET]192.168.1.6:1194
May 22 09:55:00 openvpn 44655 adminonins/192.168.1.6:1194 MULTI_sva: pool returned IPv4=10.0.1.2, IPv6=(Not enabled)
May 22 09:55:01 openvpn 44655 adminonins/192.168.1.6:1194 send_push_reply(): safe_cap=940

this is my client config

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 192.168.1.7 1194 udp
auth-user-pass
ca MEMCOM-udp-1194-ca.crt
tls-auth MEMCOM-udp-1194-tls.key 1
remote-cert-tls server
redirect-gateway def1

this is my WAN rules

this is may open vpn rules

if iam connected using lan to another network i can connect.but i i used wifi connection tls error happened.and im unable to connect. but with the same credential if i used wifi of the localnetwork i can succcessfully connect hope that somebody could help me i tried different steps found in different forum but i cant fixed it on my own.please help i will really appreciate your time in helping me

Rico · May 22, 2020, 7:38 AM

You need to connect to your public WAN IP. So in your client config replace
remote 192.168.1.7 1194 udp
with your public IP.

-Rico

ninocuenco · May 22, 2020, 8:18 AM

@Rico hello thank you for your reply appreciate your time however when i change it to the public ip address still i cannot connect hope you can help me

Rico · May 22, 2020, 8:21 AM

What is upstream to your WAN interface?
If it is another router you need to forward the OpenVPN port to the pfSense WAN IP.

-Rico

ninocuenco · May 22, 2020, 8:21 AM

This post is deleted!

ninocuenco · May 22, 2020, 8:25 AM

@Rico

when i telnet the public ip the command prompt reply is "could not open connection to the host on port 1194
: connect failed"

Gertjan · May 22, 2020, 8:32 AM

@ninocuenco said in OPENVPN client problem:

i can connect with the vpn but if the laptop is connected to wireless its always failed in connecting into the server

Connecting from where ?
Can you describe you network ? => Ok, saw it : pfSense is a router behind your ISP ? router.
What is your WAN IP ? => Ok, 192.168.1.7
What is your LAN network ? pfSense IP ? => Ok, 10.0.0.1
Do you have an upstream router ? => Yes !!!! your real WAN IP is aviable in front of that router.
Who is 192.168.1.6 ? => Ok, some device on the WAN side of pfSense, connected to your upstream ISP ? router.

edit :

Ask "adminonins" : he is logged in !

Btw : telnet uses the TCP protocol and OpenVPN is using the UDP protocol. So that will be a fail. That's ok and normal.

ninocuenco · May 22, 2020, 8:32 AM

@Gertjan hi. appreciate your time when i connect with the same network through lan i can connect. i have modem its connected to the pfsense 2.3.5 from pfsense i created open vpn tunnel network 10.0.1.0/24 and local network 10.0.0.0/24 i dont have upstream router. im adminonins i can connect to vpn if im in the same network however if im outside its failed

Gertjan · May 22, 2020, 8:38 AM

@ninocuenco said in OPENVPN client problem:

pfsense 2.3.5

Warning : you are using an very ancient version of OpenVPN server ...
Please, don't do that.
Live is already hard without these kind of issues.
No one remembers the connection details from back then.
Use at least pfSense 2.4.5 .... then https://www.youtube.com/watch?v=jQHqPq7ftz4 will take 5 minutes of your time => Done.

@ninocuenco said in OPENVPN client problem:

i dont have upstream router.

So your WAN IP = 192.168.1.7 which is a non routable IP on the Internet is your WAN "Internet IP" ?
192.168.1.7 is RFC1918 is not an Internet IP.

But .... true : you should normally be able to connect from 192.168.1.6 to 192.168.1.7 (WAN IP pfSense).

Btw : strange you use a modem and your pfSebnse WAN IP is RFC1918 ....
We need more details.

ninocuenco · May 22, 2020, 8:36 AM

@Gertjan ok sir i will thank you very much i will