Windows 11 openVPN no go

JustSumDad 0 · Sep 7, 2022, 9:15 PM

Open VPN client failes but only on windows 11 laptop

Hi, I have a pfSense appliance for my network and use a few laptops remotely.
I have one new laptop that runs windows 11 Home
I cannot get the openvpn to connect from this laptop, it works fine from all the other windows 10 pro systems.
this is what i get back:
Wed Sep 07 13:59:22 2022 TCP/UDP: Incoming packet rejected from [AF_INET] (expected client private IP)[2] expected peer address: [AF_INET] (WAN IP of pfSense Server) (allow this incoming source address/port by removing --remote or adding --float)

Any ideas? The laptop has Kaspersky total Security on it, I tried pause protection, disabled the firewall, and confirmed the Kaspersky VPN is not in use.

I have another station (my own personal one in my shop that I use to VPN into the office) running Windows 10P and has the same Kaspersky total Security on it. I can connect easily from it and I used the same install file and credentials as a test.

Its like Windows 11 and openVPN client dont get along at all.
VER INFO:
openvpn-pfSense-UDP4-1194-USERNAME-install-2.5.2-I601-amd64.exe

Can anyone help?

Thanx

Gertjan · Sep 8, 2022, 9:06 AM

@justsumdad-0 said in Windows 11 openVPN no go:

Its like Windows 11 and openVPN client dont get along at all.
VER INFO:
openvpn-pfSense-UDP4-1194-USERNAME-install-2.5.2-I601-amd64.exe
Can anyone help?

Basicly, the OpenVPN 'amd64' binary comes from here.

If OpenVPN-client 2.5.2 would work with Windows 11, then the user support forum would get slammed by the millions ... I didn't check, as I stay away from "11" fro now.
You should have a look ;)

While you're looking for such a possibuility, I'll put my bets on the Antivirus you've mentioned.

Wed Sep 07 13:59:22 2022 TCP/UDP: Incoming packet rejected from [AF_INET] (expected client private IP)[2] expected peer address: [AF_INET] (WAN IP of pfSense Server) (allow this incoming source address/port by removing --remote or adding --float)

This is a OpenVPN server log line, from pfSense, right ?
You are connecting from what to where ?
Maybe you should do what is suggested : connect from WAN (Internet).

JustSumDad · Sep 8, 2022, 4:52 PM

@gertjan
I found that it has something to do with windows 11 and maybe wifi metered connections, IDK.
I have never had this before, I usually connect to our guest network and vpn in no problem.
I also tried teathering to my cell ph but noticed different errors so I tried useing our backup ISP hard wired and it worked!
So when I setup a wifi connection to our backup ISP it also worked, no idea why it wont go when cell wifi teathered tho. Maybe something to do with it switching to a metered connection? I did not test that, just thought of it as I was typeing now.

when on the cell wifi teather I got this error from the client:

2022-09-08 08:36:56 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-09-08 08:36:56 TLS Error: TLS handshake failed

Regardless, the user can connect from their home now I belive, they are unlikely to cell hotspot connect.

Bob.Dig · Sep 8, 2022, 4:59 PM

@justsumdad Why are you not using the current version of OpenVPN for Windows I would ask.

JustSumDad · Sep 8, 2022, 6:02 PM

@bob-dig
this is the version distributed by the most current version of pfSense software.