Migrating vpn to WAN2

frog

Hi I am in the process of replacing our internet connection. We are doing a gradual change and so have connected the new internet line to WAN2. I was hoping I could just copy the openvpn settings changing the vpn subnet from 192.168.254/24 to 192.168.253/24 and udp port to 1195 from 1194 .

Then modifying the vpn config with the new ip and port. but the system sits trying to check the freeradius username. Any ideas?

Thanks

Mon Nov 13 10:29:12 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 13 10:29:12 2023 TLS Error: TLS handshake failed
Mon Nov 13 10:29:12 2023 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 13 10:29:52 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]195.224.152.82:1195
Mon Nov 13 10:29:52 2023 UDPv4 link local: (not bound)
Mon Nov 13 10:29:52 2023 UDPv4 link remote: [AF_INET]195.224.152.82:1195
Mon Nov 13 10:30:52 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 13 10:30:52 2023 TLS Error: TLS handshake failed
Mon Nov 13 10:30:52 2023 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 13 10:32:12 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]195.224.152.82:1195
Mon Nov 13 10:32:12 2023 UDPv4 link local: (not bound)
Mon Nov 13 10:32:12 2023 UDPv4 link remote: [AF_INET]195.224.152.82:1195
Mon Nov 13 10:33:12 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 13 10:33:12 2023 TLS Error: TLS handshake failed
Mon Nov 13 10:33:12 2023 SIGUSR1[soft,tls-error] received, process restarting

viragomann

@frog
Seems to be a client log showing failing connection attempts.

So I'm wondering if you are running the client on this firewall or a server and the log is from another client trying to connect.

frog

@viragomann yes that is the client side log.

viragomann

@frog
So you're running the server on pfSense and the client is not able to access it.

Basically there is no need to add an additional OpenVPN server to listen on the other WAN. If the server is listening on the WAN IP or even on localhost you can simply forward the port from the second WAN to the IP and port the server is listening.
And also, if you do forwarding or use add a second server, in both cases you could use the same port on both WANs.

Anyway to solve your issue check the server log and look for connection attempts or check if your firewall rule, which is allowing the access, gets even hit.

If it isn't sniff the traffic on the new WAN to see if OpenVPN packets are even arriving there.

frog

found the issue, I had copied to wan rule and selected wan2 but forgot to change the destination from Wan Address to WAN2 Address. All working now.

Thx all.