Openvpn connection timeout from certain external ip address

sbob990

I am trying to connect to business network via open vpn.
Connection has been working fine the last 2 years.
I set up my new laptop last week while connected to my phone hotspot. I may have entered my password incorrectly, not sure but it wouldn't connect.

Got home and without changing any settings it connected straight away.
Tried connecting to my wife's phone hotspot and again connected right away.

It seems my phones IP has possibly been blacklisted somehow, but I don't know where to look. I have checked system logs for firewall and openvpn but see nothing related to a connection from my phone.

PFsense was configured by a third party who I cannot seem to get in contact with.
Has anyone any idea what could be blocking my phones IP from connecting.

Thanks

Gertjan

@sbob990

What do you use ? this : OpenVPN Connect for ... ?
It has a log page. What does it show ?

The IPv4 your OpenVPN client uses is the one that leads to the pfSense WAN interface, right ?

If you have access to the pfSense - OpenVPN side, connect to your OpenVPN server while sitting in front of it using your "my new laptop last week while connected to my phone hotspot".

As soon as the connection comes into the pfSense WAN interface :

You'll see see the counters (marked green) going up. Refresh the pfSense dashboard screen if needed.
If these counters don't change : the OpenVPN traffic never reached pfSense, which means you have to check the equipment in front of your pfSense.

Check also the pfSense OpenVPN server log for any messages.

sbob990

Yes using the Open VPN Connect app on both mobile and laptop.
Here is the log from my phone.

[Jul 15, 2024, 15:06:15] ----- OpenVPN Start -----

[Jul 15, 2024, 15:06:15] EVENT: CORE_THREAD_ACTIVE

[Jul 15, 2024, 15:06:15] OpenVPN core 3.8.5connectQA3(3.git::11d19f67:RelWithDebInfo) android arm64 64-bit PT_PROXY

[Jul 15, 2024, 15:06:15] Frame=512/2112/512 mssfix-ctrl=1250

[Jul 15, 2024, 15:06:15] NOTE: This configuration contains options that were not used:

[Jul 15, 2024, 15:06:15] Unsupported option (ignored)

[Jul 15, 2024, 15:06:15] 0 [persist-tun]

[Jul 15, 2024, 15:06:15] 1 [persist-key]

[Jul 15, 2024, 15:06:15] 2 [ncp-ciphers] [AES-256-GCM:AES-128-GCM]

[Jul 15, 2024, 15:06:15] 3 [resolv-retry] [infinite]

[Jul 15, 2024, 15:06:15] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:06:15] EVENT: RESOLVE

[Jul 15, 2024, 15:06:15] EVENT: WAIT

[Jul 15, 2024, 15:06:15] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:06:25] Server poll timeout, trying next remote entry...

[Jul 15, 2024, 15:06:25] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:06:25] EVENT: RECONNECTING

[Jul 15, 2024, 15:06:25] EVENT: WAIT

[Jul 15, 2024, 15:06:25] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:06:35] Server poll timeout, trying next remote entry...

[Jul 15, 2024, 15:06:35] EVENT: RECONNECTING

[Jul 15, 2024, 15:06:35] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:06:35] EVENT: WAIT

[Jul 15, 2024, 15:06:35] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:06:45] Server poll timeout, trying next remote entry...

[Jul 15, 2024, 15:06:45] EVENT: RECONNECTING

[Jul 15, 2024, 15:06:45] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:06:45] EVENT: WAIT

[Jul 15, 2024, 15:06:45] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:06:55] Server poll timeout, trying next remote entry...

[Jul 15, 2024, 15:06:55] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:06:55] EVENT: RECONNECTING

[Jul 15, 2024, 15:06:55] EVENT: WAIT

[Jul 15, 2024, 15:06:55] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:07:05] Server poll timeout, trying next remote entry...

[Jul 15, 2024, 15:07:05] EVENT: RECONNECTING

[Jul 15, 2024, 15:07:05] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:07:05] EVENT: WAIT

[Jul 15, 2024, 15:07:05] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:07:15] EVENT: PAUSE

[Jul 15, 2024, 15:10:13] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:10:13] EVENT: RESUME

[Jul 15, 2024, 15:10:13] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 15:10:13] EVENT: RECONNECTING

[Jul 15, 2024, 15:10:13] EVENT: WAIT

[Jul 15, 2024, 15:10:23] Server poll timeout, trying next remote entry...

[Jul 15, 2024, 15:10:23] EVENT: RECONNECTING

[Jul 15, 2024, 15:10:23] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 15:10:23] EVENT: WAIT

[Jul 15, 2024, 15:10:23] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4.

I will check pfsense when I am back on site next and see if there is another appliance blocking the traffic.

Gertjan

@sbob990

Seems like the client couldn't reach [...]:1194.

sbob990

Yes I seems my IP is being blocked somehow but I didn't see any other appliances plugged in the last time I checked. Is there a method of blacklisting an IP in pfsense or is it definitely something on the network blocking it?

Here is the log from the same device connected to a different network.

[Jul 15, 2024, 17:08:24] ----- OpenVPN Start -----

[Jul 15, 2024, 17:08:24] EVENT: CORE_THREAD_ACTIVE

[Jul 15, 2024, 17:08:24] OpenVPN core 3.8.5connectQA3(3.git::11d19f67:RelWithDebInfo) android arm64 64-bit PT_PROXY

[Jul 15, 2024, 17:08:24] Frame=512/2112/512 mssfix-ctrl=1250

[Jul 15, 2024, 17:08:24] NOTE: This configuration contains options that were not used:

[Jul 15, 2024, 17:08:24] Unsupported option (ignored)

[Jul 15, 2024, 17:08:24] 0 [persist-tun]

[Jul 15, 2024, 17:08:24] 1 [persist-key]

[Jul 15, 2024, 17:08:24] 2 [ncp-ciphers] [AES-256-GCM:AES-128-GCM]

[Jul 15, 2024, 17:08:24] 3 [resolv-retry] [infinite]

[Jul 15, 2024, 17:08:24] EVENT: RESOLVE

[Jul 15, 2024, 17:08:24] Contacting ***.***.***.***:1194 via UDP

[Jul 15, 2024, 17:08:24] EVENT: WAIT

[Jul 15, 2024, 17:08:24] Connecting to [***.***.***.***]:1194 (***.***.***.***) via UDPv4

[Jul 15, 2024, 17:08:24] EVENT: CONNECTING

[Jul 15, 2024, 17:08:24] Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client

[Jul 15, 2024, 17:08:24] Creds: Username/Password

[Jul 15, 2024, 17:08:24] Sending Peer Info:
IV_VER=3.8.5connectQA3
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=net.openvpn.connect.android_3.4.2-9909
IV_SSO=webauth,openurl,crtext


[Jul 15, 2024, 17:08:24] VERIFY OK: depth=1, /C=IE/ST=Leinster/L=Carlow/O=Ds Computers/emailAddress=info@website.com/CN=internal-ca, signature: RSA-SHA256

[Jul 15, 2024, 17:08:24] VERIFY OK: depth=0, /C=IE/ST=Leinster/L=Carlow/O=Ds Computers/emailAddress=info@website.com/CN=www.website.com, signature: RSA-SHA256

[Jul 15, 2024, 17:08:24] SSL Handshake: peer certificate: CN=www.website.com, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD


[Jul 15, 2024, 17:08:24] Session is ACTIVE

[Jul 15, 2024, 17:08:24] Sending PUSH_REQUEST to server...

[Jul 15, 2024, 17:08:24] EVENT: GET_CONFIG

[Jul 15, 2024, 17:08:25] Sending PUSH_REQUEST to server...

[Jul 15, 2024, 17:08:26] OPTIONS:
0 [route] [192.168.20.0] [255.255.255.0]
1 [route] [192.168.10.0] [255.255.255.0]
2 [dhcp-option] [DOMAIN] [pfsense.home]
3 [dhcp-option] [DNS] [192.168.20.1]
4 [route-gateway] [192.168.18.1]
5 [topology] [subnet]
6 [ping] [10]
7 [ping-restart] [60]
8 [ifconfig] [192.168.18.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
11 [protocol-flags] [cc-exit] [tls-ekm] [dyn-tls-crypt]
12 [tun-mtu] [1500]
13 [block-ipv6]
14 [block-ipv4]


[Jul 15, 2024, 17:08:26] PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  key-derivation: TLS Keying Material Exporter [RFC5705]
  compress: NONE
  peer ID: 0
  control channel: tls-auth enabled
  control channel: dynamic tls-crypt enabled

[Jul 15, 2024, 17:08:26] EVENT: ASSIGN_IP

[Jul 15, 2024, 17:08:26] TunPersist: saving tun context:
Session Name: ***.***.***.***
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: ***.***.***.***
Tunnel Addresses:
  192.168.18.2/24 -> 192.168.18.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: yes
Block IPv6: yes
Add Routes:
  192.168.20.0/24
  192.168.10.0/24
Exclude Routes:
DNS Servers:
  192.168.20.1
Search Domains:
  pfsense.home


[Jul 15, 2024, 17:08:26] Connected via tun

[Jul 15, 2024, 17:08:26] EVENT: CONNECTED info='User@***.***.***.***:1194 (***.***.***.***) via /UDPv4 on tun/192.168.18.2/ gw=[192.168.18.1/] mtu=1500'

Gertjan

@sbob990

I showed you my OpenVPN firewall rule, the one that accepts 'UDP, port 1194' from 'everybody'.
Such a rule accepts OpenVPN traffic from everybody.
No 'blacklisting' is happening on pfSense. That is, you didn't tell us about that.

If you don't see the traffic counter in front of the rule going up when you connect, the traffic never arrives at the pfSense WAN NIC.

You have an upstream router ? Did you NAT that router ?

sbob990

This post is deleted!