Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [HELP] Cannot Connect to OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vinjave
      last edited by

      Good afternoon guys! (GMT+8)  I need your help regarding my OpenVPN setup on Hyper-V.

      I've managed to create an OpenVPN server but my client cannot connect to the server with the error below in OpenVPN GUI.

      Fri Mar 14 13:49:00 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Mar 14 13:49:05 2014 Control Channel Authentication: using 'ovpn-udp-20212-aurotech_svr-tls.key' as a OpenVPN static key file
Fri Mar 14 13:49:05 2014 UDPv4 link local (bound): [undef]
Fri Mar 14 13:49:05 2014 UDPv4 link remote: [AF_INET]xxx.81.165.138:20212
Fri Mar 14 13:50:05 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Mar 14 13:50:05 2014 TLS Error: TLS handshake failed
Fri Mar 14 13:50:05 2014 SIGUSR1[soft,tls-error] received, process restarting
Fri Mar 14 13:50:07 2014 UDPv4 link local (bound): [undef]
Fri Mar 14 13:50:07 2014 UDPv4 link remote: [AF_INET]xxx.81.165.138:20212

      OpenVPN log on server:

      Mar 14 13:08:02 ovpn openvpn[15886]: event_wait : Interrupted system call (code=4)
Mar 14 13:08:02 ovpn openvpn[15886]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1542 10.10.10.1 10.10.10.2 init
Mar 14 13:08:02 ovpn openvpn[15886]: SIGTERM[hard,] received, process exiting
Mar 14 13:08:03 ovpn openvpn[70121]: OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Sep 15 2013
Mar 14 13:08:03 ovpn openvpn[70121]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 14 13:08:03 ovpn openvpn[70121]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Mar 14 13:08:03 ovpn openvpn[70121]: TUN/TAP device ovpns1 exists previously, keep at program end
Mar 14 13:08:03 ovpn openvpn[70121]: TUN/TAP device /dev/tun1 opened
Mar 14 13:08:03 ovpn openvpn[70121]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Mar 14 13:08:03 ovpn openvpn[70121]: /sbin/ifconfig ovpns1 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.255 up
Mar 14 13:08:03 ovpn openvpn[70121]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1542 10.10.10.1 10.10.10.2 init
Mar 14 13:08:03 ovpn openvpn[71193]: UDPv4 link local (bound): [AF_INET]xxx.81.165.138:20212
Mar 14 13:08:03 ovpn openvpn[71193]: UDPv4 link remote: [undef]
Mar 14 13:08:03 ovpn openvpn[71193]: Initialization Sequence Completed

      In this error, it says that my netmask is 255.255.255.255 but I put 10.10.10.0/24 in the Tunnel network.

      What am I doing wrong?

      I'm using Radius on Windows Server 2008 R2 with auth to AD. I've also tried local access but no luck.

      I have 2 vswitches connected to external network, vSwitch1 for all VMs and vSwitch2 for OpenVPN. Basically, OpenVPN is both connected to this vSwitches. OpenVPN LAN on vSwitch1 and WAN is connected on vSwitch2.

      I have v2.1 installed which I downloaded from https://forum.pfsense.org/index.php/topic,56565.msg364122.html#msg364122.

      Also, I am having errors in my screen:

      calcru: runtime went backwards from 63557 usec to 32502 usec for pid 0 (kernel)

      Kindly help me. TIA

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        The client log messages just mean that it got no response - usually that means the connect packet from client was never received at the server. Make sure you test from a client that is out in the real internet, otherwise you have to mess with NAT reflection stuff to connect from inside your own network. Make sure you have a firewall rule on WAN that allows connection to the port you have chosen (20212) for the OpenVPN server.
        You can also add a rule to allow ICMP on WAN, then ping the public IP from the client. Then at least you know that data can get across the internet from client to pfSense public IP. Then do packet capture on pfSense WAN port 20212 and see if anything arrives when the client is trying to connect.
        OpenVPN divides the tunnel network into /30 pieces itself. So you will see the server looking like it is .1 and talking to .2, then you will see the first client get .6 and seem to be talking to .5 at the server end. That should all be OK - OpenVPN handles all that underneath.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • V
          vinjave
          last edited by

          Thanks for your reply phil.

          I'm getting the same error messages using my mobile hotspot. And yes, I already created a WAN rule to allow traffic to port 20212.

          I created a WAN rule to allow ICMP on pfSense server and starting to troubleshoot the issue. Can't ping the server from the internet though.

          Will post back for updates.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.