Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    connexion failed

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 1 Posters 866 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LesQuestionsDeToto
      last edited by

      Hi,

      I'm trying to configure my first openvpn tunnel with pfsense.

      The provider (hosting the openvpn server) send me configuration informations :

      • client
        dev tun
        proto tcp
        remote x.x.x.x x
        ca /path/to/ca.crt
        cert /path/to/certificate.crt
        key /path/to/key.key
        cipher AES-256-CBC
        auth SHA512
        auth-nocache
        tls-version-min 1.2
        tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
        resolv-retry infinite
        nobind
        persist-key
        persist-tun
        mute-replay-warnings
        verb 3

      I have installed CA cert and client auth certificate (with the private key). I have correctly paste the TLS key.

      The status is : reconnecting; connection-reset
      (no local/remote adresse or vip).

      I can reach the server (with the tcp port) and I can see in the firewall entries accepted (from my wan adress to server address).

      I have tried to change TLS keydir direction and compression options.

      I can see this openvpn log entry :
      TLS Warning: no data channel send key available
      (I can't send all logs because it is refused by antispam netgate forum !)

      Someone could help me ??

      Thank you very much.

      L 1 Reply Last reply Reply Quote 0
      • L
        LesQuestionsDeToto @LesQuestionsDeToto
        last edited by

        @lesquestionsdetoto said in connexion failed:

        TLS Warning: no data channel send key available

        I Try to add other logs :

        Connection reset, restarting [0]
        event_wait returned 1
        SSL state (connect): SSLv3/TLS write client hello
        SSL state (connect): before SSL initialization
        TCPv4_CLIENT WRITE [86] to [AF_INET]159.8.125.210:1094: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=063e1719 eb6ce7c6 tls_hmac=d19f1fd1 78e1f527 e1f6774d 693845a3 d2b9b8de d0470183 ccaa8c79 a07c68e2 6741d27b 33095c47 2d9242ec 3f8835a8 1c83531f d8b2cc6f 526a4ab6 5b47a566 pid=[ #1 / time = (1632516791) 2021-09-24 2
        event_wait returned 1
        TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
        TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3febe9f7 1fc9fa59, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
        TLS: tls_process: timeout set to 2
        ACK reliable_send_timeout 2 [1] 0
        Reliable -> TCP/UDP
        ENCRYPT TO: d19f1fd1 78e1f527 e1f6774d 693845a3 d2b9b8de d0470183 ccaa8c79 a07c68e[more...]
        ENCRYPT HMAC: d19f1fd1 78e1f527 e1f6774d 693845a3 d2b9b8de d0470183 ccaa8c79 a07c68e[more...]
        write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
        TLS: Initial Handshake, sid=063e1719 eb6ce7c6

        L 1 Reply Last reply Reply Quote 0
        • L
          LesQuestionsDeToto @LesQuestionsDeToto
          last edited by

          @lesquestionsdetoto Hi, any idea ?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.