OpenVPN connection problems



  • Ok, I'm trying to form an OpenVPN connection from my DD-WRT router at home, to my pfSense router that I have with some colocated servers.

    I can go pfSense OpenVPN as client -> DD-WRT Router as Server, and get it to establish a connection that way, but trying to go the other way is driving me insane.

    I used all the same cert / keys and simply set pfsense up as the server, and then used the same client keys / certs I had used on pfsense on dd-wrt as a client.

    No mattery what options I change I get

    
    Sun Oct 16 19:17:24 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
    Sun Oct 16 19:17:24 2011 TLS Error: TLS object -> incoming plaintext read error
    Sun Oct 16 19:17:24 2011 TLS Error: TLS handshake failed
    Sun Oct 16 19:17:24 2011 SIGUSR1[soft,tls-error] received, process restarting
    
    

    I've got Enable authentication of TLS packets unchecked in the server, yet it still puts tls-server in the server config file (checked by sshing in and going to the shell).  Even if I remove that and manually restart the server through the shell though I still get the erros.  So I tried enabling the authentication of TLS packets and have the same problem (letting pfSense auto generate a shared key.

    Using the openvpn easy-rsa scripts on my computer I have no tls shared key to use in this, it should not even be tls enabled.

    Any ideas?

    EDIT:
    I tried creating a brand new CA, new Certs and everything through pfsense, and it simply results in the same problem.  Not matter what settings I try, I get TLS Errors.  I even tried letting it create TLS keys, and adding the key file to the client and it's still a no go.



  • Hi - were you able to figure out how to accomplish this? I too am trying to do this. Thanks.



  • I don't know if this will be of any help to you, I was having the exact same issues when trying to connect to pfsense from a windows openvpn client, I fixed it by changing from tap to tun and changing interface to any. I made the last change so I could test the tunnel from inside the network, it all worked fine, then I switched to my mobile broadband connection and it all worked!

    I also used the OpenVPN client export utility (you can install from packages) to export the configuration.

    Good luck.


Log in to reply