TCP: connect to [AF_INET]192.168.1.86:1194 failed: Unknown error

do1 · Apr 10, 2024, 11:43 AM

Hi,
Please I am trying to setup a remote access to an openvpn server I am running at home. I followed the wizard and was able to suceesfully deploy the server.

However, I am only able to access the system when I am using the same broadband network. I haven't added any rules yet too. It's a learning curve for me.

Please can someone assists me.
I appreciate

jcostilla1974 · Oct 13, 2024, 2:55 PM

@do1 said in TCP: connect to [AF_INET]192.168.1.86:1194 failed: Unknown error:

Reply

Hi ! I have the same problem ! Maybe you need to configure port forwarding on the provider's router? My IP is 181.xxx.xxx.xxx and it is not the same as the WAN interface (192.168.246.xxx).

johnpoz · Oct 1, 2024, 12:08 AM

@do1 where are you trying to connect to 192.168.1.86 from - cuz you sure are not going to do that over the internet..

Is that your pfsense wan IP? If so your behind a nat and would have to forward on the device in front of pfsense to pfsense wan IP.. And your client would need to use whatever your actual public IP is..

makazo · Oct 11, 2024, 7:22 PM

@johnpoz Hello,
I also have this problem. I have a network of 10-15 computers. I can connect to all the computers in the places and run openvpn.

I transferred the VPN configuration file that I exported via pfsense to my home computer. I entered my username and password. I cannot connect to our central pfsense network.

TCP: connect to [AF_INET]192.xxx.x.xxx:1194 failed: Unknown error

jcostilla1974 · Oct 13, 2024, 2:55 PM

@jcostilla1974 I solved it. On the provider's router, you have to configure port forwarding. I solved it. On the provider's router, you have to configure port forwarding. Then, change the local IP address to the public one in the configuration file.

makazo · Oct 14, 2024, 3:35 PM

@jcostilla1974 Can you explain in detail how you solved it? pls

Gertjan · Oct 16, 2024, 6:20 AM

@makazo

He discovered that you can not use RFC1918 or addresses like "192.168.1.1" on the Internet.
"192.168.1.1" is only for local usage.
"192.168.1.1" will never get routed by the Internet infrastructure - your ISP etc.
"192.168.1.1" is used as one of your LAN IPv4s, and I also use it, and a couple of billions others. So, when, you use "192.168.1.1" to connect to, you want to connect to who ? ^^

"192.168.1.1" is just an example here, you could use any RFC1918.

So, from the outside, you have connect to your WAN IPv4, the one that your ISP gave you.
On the WAN interface, the OpenVPN server should be listening for incoming connections. The correct port (ie 1194 UDP) should have a firewall that permits this connection as 'incoming' on WAN.

@makazo said in TCP: connect to [AF_INET]192.168.1.86:1194 failed: Unknown error:

pfsense to my home computer

If your home computer is attached to the pfSense LAN, why do you need a VPN ?
Or do you bring your home computer as a homeless computer : you bring it along with you like a phone, tablet etc ?

makazo · Oct 16, 2024, 10:02 AM

@Gertjan First of all, thank you for your answer. How do I open port 1194 from the modem and create a rule in the firewall for this?

There is a pfsense device in a different location and I want to connect to that device with openvpn in addition to the remote desktop connection.

I understand that for this, port 1194 needs to be open and the ISP provider needs to have a fixed IP

Shouldn't it connect automatically after doing these?

thank you gertjan

johnpoz · Oct 16, 2024, 10:05 AM

@makazo said in TCP: connect to [AF_INET]192.168.1.86:1194 failed: Unknown error:

ISP provider needs to have a fixed IP

Doesn't really have to be "fixed" you can always reference a fqdn that points to whatever their IP might be, when it changes this fqdn will update to point to the different IP.. There are plenty of places that support free dynamic dns where some fqdn points to a specific IP, and the devices keeps this fqdn updated to its IP, and when it changes, etc.

At this remote site your wanting to access, you need to make sure the port your wanting to use 1194 for example is open or forwarded to pfsense wan IP where its openvpn is listening.

Gertjan · Oct 16, 2024, 1:35 PM

@makazo said in TCP: connect to [AF_INET]192.168.1.86:1194 failed: Unknown error:

How do I open port 1194 from the modem and create a rule in the firewall for this?

When you set up the OpenVPN server on pfSense : use the pfSEnse VPN Wizard, and this will be proposed into the guided setup.

If not, as you've set up manually your server, not complicated neither :
The WAN interface has normally no rules what so ever, so the default "Block all" applies.
You've seen this state before : it was there when you installed pfSense.

For a "port 1194, protocol UDP, VPN server" to be reached from the outside (== the Internet) you ahve to ..... (roll the drums) open (== pass) port 1194, protocol UDP on the WAN interface.

Example : this is what half the planet is using right now :