openvpn not working from local network
-
I have 2 wan interfaces. openvpn for 2 wan configured according to instructions - https://docs.netgate.com/pfsense/en/latest/multiwan/openvpn.html
I can connect to the local network from external IP addresses, for example by distributing wifi from my phone. but at the same time I can connect to openvpn from the local network. when connecting, I get an error - 127.0.0.1:54796 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 15 11:13:12 openvpn 34818 127.0.0.1:54796 TLS Error: TLS handshake failed -
No need to use OpenVPN when you device (phone) is connected to the 'pfSense' local network.
OpenVPN is only needed when you are outside, away from your network.
OpenVPN conencts to your WAN(s) - that's where the OpenVPN are listening, and when authorized, you can acces your pfSense local network(s). Firewall rules still need to grant the access, though.@serj161 said in openvpn not working from local network:
I get an error - 127.0.0.1:54796 TLS Error: TLS key negotiation
At that moment, look at the pfSense OpenVPN server log.
-
@gertjan The fact is that I need to use a tablet with a sim to bypass the territory. not everywhere there is access to the local wifi network and it is very inconvenient to disconnect and connect to the VPN every time when the wifi signal is lost. the error I indicated was taken from the OpenVPN server log - Apr 15 15:22:42 openvpn 1071 127.0.0.1:8045 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 15 15:22:42 openvpn 1071 127.0.0.1:8045 TLS Error: TLS handshake failed -
@serj161 said in openvpn not working from local network:
127.0.0.1:8045
I don't understand the context "127.0.0.1".
This means the connection comes in at 127.0.0.1 : this means the OpenVPN client runs on pfSense itself ?
Normally, a connection comes in the (a) WAN interface.I've selected :
and still don't understand the subject "openvpn not working from local network".
You've exported a opvpn config file with certificates, using OpenVPN > Client Export Utility, right ?
-
@serj161 So you use OpenVPN to bypass any GeoIP restrictions?
Or are you trying to use OpenVPN for that use case? Its not really clear what it is you are asking. -
if 2 wan connections are used, then the settings were made according to this instruction - https://docs.netgate.com/pfsense/en/latest/multiwan/openvpn.html
NAT
WAN1
WAN2
-
-
Ah, ok saw https://docs.netgate.com/pfsense/en/latest/multiwan/openvpn.html.
Using a NAT rule -> Redirecting to localhost is a thing when you use multiple WANs.
Is this so you can create a openvp client config that will use any of the available WANs ?Does it work if you set up a classic : one openvpn server on one WAN, and a second openvpn server on the other WAN ? So no need to nat to 127.0.0.1.
-
@gertjan
I use 1 VPN server, 2 remote connections are specified in the user config
-
I've set up my OpenVPN server like you :
so now it listens to 127.0.0.1:1194 UDP.
I created a NAT rule (only one, as I have just one WAN) :
that redirects to 127.0.0.1:1194
A firewall was also created, as it is part of the NAT rule :
I've tested with my phone, and I can connect just fine to my pfSense OpenServer.
@serj161 said in openvpn not working from local network:
TLS Error: TLS key negotiation failed to occur within 60 seconds
https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/
? a generic 'network not ok', like upstream router not natted ? -
@gertjan
maybe I don't have enough outbound rules, can you show the rules in the "Outbound" tab for the VPN? -
-
@gertjan
I agree, I have the same rules.
I'll try to return the default settings and configure a different vpn server for each interface. thank you for your help.
