connexion failed
-
Hi,
I'm trying to configure my first openvpn tunnel with pfsense.
The provider (hosting the openvpn server) send me configuration informations :
- client
dev tun
proto tcp
remote x.x.x.x x
ca /path/to/ca.crt
cert /path/to/certificate.crt
key /path/to/key.key
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
I have installed CA cert and client auth certificate (with the private key). I have correctly paste the TLS key.
The status is : reconnecting; connection-reset
(no local/remote adresse or vip).I can reach the server (with the tcp port) and I can see in the firewall entries accepted (from my wan adress to server address).
I have tried to change TLS keydir direction and compression options.
I can see this openvpn log entry :
TLS Warning: no data channel send key available
(I can't send all logs because it is refused by antispam netgate forum !)Someone could help me ??
Thank you very much.
- client
-
@lesquestionsdetoto said in connexion failed:
TLS Warning: no data channel send key available
I Try to add other logs :
Connection reset, restarting [0]
event_wait returned 1
SSL state (connect): SSLv3/TLS write client hello
SSL state (connect): before SSL initialization
TCPv4_CLIENT WRITE [86] to [AF_INET]159.8.125.210:1094: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=063e1719 eb6ce7c6 tls_hmac=d19f1fd1 78e1f527 e1f6774d 693845a3 d2b9b8de d0470183 ccaa8c79 a07c68e2 6741d27b 33095c47 2d9242ec 3f8835a8 1c83531f d8b2cc6f 526a4ab6 5b47a566 pid=[ #1 / time = (1632516791) 2021-09-24 2
event_wait returned 1
TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3febe9f7 1fc9fa59, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
TLS: tls_process: timeout set to 2
ACK reliable_send_timeout 2 [1] 0
Reliable -> TCP/UDP
ENCRYPT TO: d19f1fd1 78e1f527 e1f6774d 693845a3 d2b9b8de d0470183 ccaa8c79 a07c68e[more...]
ENCRYPT HMAC: d19f1fd1 78e1f527 e1f6774d 693845a3 d2b9b8de d0470183 ccaa8c79 a07c68e[more...]
write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
TLS: Initial Handshake, sid=063e1719 eb6ce7c6 -
@lesquestionsdetoto Hi, any idea ?