Re: OpenVPN on pfSense - Installation guide for (Windows) Dummies :-) (road-warrior)



  • I am going crazy. I see a successful firewall log stating that my client was not blocked, but the VPN doesn't work.

    I am pretty sure I followed the guide 100%. Not sure what is going on here…

    Sun Jul 12 00:51:16 2009 Restart pause, 2 second(s)
    Sun Jul 12 00:51:18 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sun Jul 12 00:51:18 2009 Re-using SSL/TLS context
    Sun Jul 12 00:51:18 2009 LZO compression initialized
    Sun Jul 12 00:51:18 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Jul 12 00:51:18 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sun Jul 12 00:51:18 2009 Local Options hash (VER=V4): '41690919'
    Sun Jul 12 00:51:18 2009 Expected Remote Options hash (VER=V4): '530fdded'
    Sun Jul 12 00:51:18 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sun Jul 12 00:51:18 2009 UDPv4 link local: [undef]
    Sun Jul 12 00:51:18 2009 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
    [12:52:16 AM] joekonkus: Sun Jul 12 00:52:19 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sun Jul 12 00:52:19 2009 TLS Error: TLS handshake failed
    Sun Jul 12 00:52:19 2009 TCP/UDP: Closing socket
    Sun Jul 12 00:52:19 2009 SIGUSR1[soft,tls-error] received, process restarting

    Any ideas?



  • About the same happened to me once as well. The workaround that fixed it for me was: set as protocol the other (if you're on UDP set TCP and vice versa), save the config and change it back. I'm Not sure why this is happening. I suspect a problem with the underlying version of OpenVPN.



  • Thanks for the suggestion. I tried it, it didn't work :(



  • The log you posted is from the client or the server?
    If from the client: What does the server log show?



  • The server shows nothing. Just these two entries.

    Jul 12 21:41:45 openvpn[37390]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
    Jul 12 21:41:14 openvpn[37058]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008

    However,I do see port 1194 show up as "pass" in the firewall log.

    I did not think to check my system log. I see this.

    Jul 13 20:17:11 kernel: pid 35465 (openvpn), uid 0: exited on signal 10 (core dumped)



  • Seems like your OpenVPN instance crashed.

    Could it be that you missconfigured something and thus the instance cannot start correctly?

    Can you post your config of OpenVPN?



  • Would you like a screenshot? It looks exactly how the guide instructed, but who knows, maybe not.

    I blanked out the certs.



  • I'm getting the same error, and so far as I've read and understand, all is config'd properly…  This is with internal CA, until I can get the import of cacert.org's keys to succeed...


Log in to reply