Conncetion with OpenVPN 2.1 client problem
-
I have setup OpenVPN several times the in the past but never with the 2.1 client. The client tells me that my PFSense box is not an Access Server. Is there a different client I need to be installing? I got the one off of OpenVPN.net
Thanks
-
Ok note to self "there are actually two clients now" one OS client and one Access client. The Access Client does not work :)
The exchange seems to happen but it stops at :
Wed Aug 11 09:48:07 2010 us=281000 LZO compression initialized
Wed Aug 11 09:48:07 2010 us=281000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Aug 11 09:48:07 2010 us=281000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 11 09:48:07 2010 us=281000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Aug 11 09:48:07 2010 us=281000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Aug 11 09:48:07 2010 us=281000 Local Options hash (VER=V4): '69109d17'
Wed Aug 11 09:48:07 2010 us=281000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed Aug 11 09:48:07 2010 us=281000 Attempting to establish TCP connection with PFSense-Firewall-IP:443Wed Aug 11 09:48:28 2010 us=234000 TCP: connect to PFSense-Firewall-IP:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
-
Yes, be sure you download the client from under "Community Software" :-)
http://openvpn.net/index.php/open-source/downloads.html
Why is it trying to connect on TCP port 443? It should be udp/1194 unless you changed your OpenVPN server settings to listen on the other port.
-
I found the Open Source version. Thanks. I setup the firewall to run on port 443 rather than 1194. It makes it easier if you are on a network that restricts outbound traffic because almost everyone allows HTTPS.
Thanks,
-brandon
-
Then double check that you also set TCP instead of UDP. The log seems to indicate it isn't making a connection at all.
You probably need a firewall rule on WAN to allow that traffic in as well.