Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ERR_TUNNEL_CONNECTION_FAILED

    OpenVPN
    2
    2
    69
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Conger1892
      last edited by

      Hello Netgate Forum,

      I have an issue with my pfSense firewall.

      Situation: A colleague and I have been connecting remotely to our system via OpenVPN for over a year, and it has always worked. It was configured once, and each of us has our own OpenVPN configuration, which has always worked 100%. However, we are currently experiencing the issue "ERR_TUNNEL_CONNECTION_FAILED."

      I can access the firewall and other servers via the IP address, but no longer via DNS resolution.

      He had this problem one week before me.

      Do you have any idea what might be causing this? I'm slowly running out of ideas.

      What I've done so far:

      Checked logs
      DNS resolution on pfSense works (via Ping, etc.)
      Performed DNS flush on the Windows machine
      Thanks for your help.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Conger1892
        last edited by

        @Conger1892 said in ERR_TUNNEL_CONNECTION_FAILED:

        I can access the firewall and other servers via the IP address

        So .... fire up a text editor and open the 'ovpn' file you've imported into your OpenVPN client app, and replace the host name that it is using, for the current WAN IP you use to connect the OpenVPN to the OpenVPN.
        Import this edited file.
        Use it ... and now it connects !?

        I presume that the somewhat vague error shown "ERR_TUNNEL_CONNECTION_FAILED." measn that the tunnel couldn't create, because the IP (the host name it was using) didn't point anymore to your WAN IP (pfSEnse work) but to 'some one else'.
        So, by now you get it : the host name you were using in the OpenVPN client app config wasn't 'actual' anymore.
        So, its the "DynDNS" WAN IP updater process that stopped doing its thing.

        That would leave lines with errors in the (system, I guess ?) logs.

        I can access the firewall and other servers via the IP address

        Also : this means you have a VPN access, and you can access your pfSense directly using it's WAN IP ?
        Great that you could use that solution.
        A pure catastrophe from a point of security ...

        , but no longer via DNS resolution.

        What you wrote there, for me, is the origin of your your issue.
        Who or what makes that the host name, after resolving, point to your WAN IP ?
        You would say : My dyndns supplier.
        Then me : And who informs your dyndns that an (your WAN) IP change happened ?
        You would say : my pfSense.
        Then me : Who learned this trick you your pfSense, who set it up ?
        You : Me !
        I would say : Great, I'm talking to the right person then. Did you start a renewal manually of your DynDNS, and checked what happened ? The DynDNS host name changed ? or not ?
        If you want details - the ones that will bring you to the source of the issue, check this one :
        0d68dbcd-d58f-493e-aa46-7f04adb96e0a-image.png
        and renew again.

        Btw : my phrases are based upon what your words told me.
        I could be totally wrong of course, so please add more details.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.