• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

TLS Error in OpenVPN

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 432 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bagagine
    last edited by Jun 15, 2023, 5:18 PM

    I configured the OpenVPN client to site on my pfSense and it was working normally, but this week I started having problems with some clients.
    I have two internet links. The two were dynamic IP, but this week one of them was changed to public IP. The link that was changed is exactly the WAN interface that OpenVPN is configured on. After this change, most of my clients continued to connect normally, but some started showing the following errors:
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed

    In addition, NAT rules that were created on top of the same WAN interface work for some external clients that access my internal service desk, but for other clients it does not work.

    Is there any action to be taken in pfSense to remedy this instability? Any tables to be cleaned or recreated? I'm a beginner and would like some help if possible. Thanks!

    Sorry for my English, I'm using Google.

    V 1 Reply Last reply Jun 15, 2023, 5:58 PM Reply Quote 0
    • V
      viragomann @bagagine
      last edited by Jun 15, 2023, 5:58 PM

      @bagagine
      Is your OpenVPN server configured to listen on both IPv4 and IPv6 and could it be that now only IPv6 is working, because you lost the public IPv4?

      Your issue sounds like that.

      B 1 Reply Last reply Jun 15, 2023, 6:26 PM Reply Quote 0
      • B
        bagagine @viragomann
        last edited by Jun 15, 2023, 6:26 PM

        @viragomann

        It is configured to listen only IPv4 and the Public IP I get is IPv4. I checked the configuration to confirm that I was listening to IPv6, but it isn't.

        V 1 Reply Last reply Jun 15, 2023, 6:35 PM Reply Quote 0
        • V
          viragomann @bagagine
          last edited by Jun 15, 2023, 6:35 PM

          @bagagine
          Are the failing users or the succeeding relatable to a certain ISP?

          Mostly the error they get means, that the client cannot reach the server.
          So you can investigate with traceroute, how far you get from the client. Or enable logging in the firewall rule on the server and check then, if you can see the users connection attempt, or even by sniffing the traffic on WAN.

          B 1 Reply Last reply Jun 15, 2023, 7:01 PM Reply Quote 0
          • B
            bagagine @viragomann
            last edited by Jun 15, 2023, 7:01 PM

            @viragomann
            Yes, the failed and successful users are related to the same ISP. This is giving me no way out as OpenVPN clients are generated with the same settings for connecting to the server. Some connect and some don't, giving this TLS error.

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received