TLS Error in OpenVPN
-
I configured the OpenVPN client to site on my pfSense and it was working normally, but this week I started having problems with some clients.
I have two internet links. The two were dynamic IP, but this week one of them was changed to public IP. The link that was changed is exactly the WAN interface that OpenVPN is configured on. After this change, most of my clients continued to connect normally, but some started showing the following errors:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failedIn addition, NAT rules that were created on top of the same WAN interface work for some external clients that access my internal service desk, but for other clients it does not work.
Is there any action to be taken in pfSense to remedy this instability? Any tables to be cleaned or recreated? I'm a beginner and would like some help if possible. Thanks!
Sorry for my English, I'm using Google.
-
@bagagine
Is your OpenVPN server configured to listen on both IPv4 and IPv6 and could it be that now only IPv6 is working, because you lost the public IPv4?Your issue sounds like that.
-
It is configured to listen only IPv4 and the Public IP I get is IPv4. I checked the configuration to confirm that I was listening to IPv6, but it isn't.
-
@bagagine
Are the failing users or the succeeding relatable to a certain ISP?Mostly the error they get means, that the client cannot reach the server.
So you can investigate with traceroute, how far you get from the client. Or enable logging in the firewall rule on the server and check then, if you can see the users connection attempt, or even by sniffing the traffic on WAN. -
@viragomann
Yes, the failed and successful users are related to the same ISP. This is giving me no way out as OpenVPN clients are generated with the same settings for connecting to the server. Some connect and some don't, giving this TLS error.