Help

marayamma

when i connect to client open vpn ,i have this problem ?

divsys

Is your pfsense router the client or the server or both in this connection?

Your log file shows the start of a connection attempt, what happens after 5-10 mins, does the connection complete, do you get an error message?

A little more information about your setup would be helpful.

marayamma

this is my client configuration in windows,
the server vpn –>pfsense


divsys

Ok, what I'm getting from your logs & config is a scenario like:

Win7 machine running OpenVPN client –> 10.0.2.15 Pfsense OpenVPN server

Now, the first thing that strikes me is that you normally wouldn't have the Client try to access the Server over a private network address.  Usually, the OpenVPN server running on pfsense would listen on the WAN interface and the client would try and reach it through the public IP (or dynamic DNS) address of the router.  This type of setup is often referred to as a Road-Warrior setup, you want a laptop or other device to get inside access from outside the network controlled by pfsense.

Is this the type of setup you're trying to implement?

If not, a description or picture of what you're trying to do would help.

marayamma

the server vpn is running with this adresse 192.168.56.107  (in machine virtual)
-the client open vpn is in windows
the server and client are in the same computer personnel
i have a connection betwenn machine virtual and windows

divsys

Ok,

Just to be clear (I'm guessing we're fighting a little bit of language barrier):

The pfsense OpenVpn server is running as a virtual machine and has a WAN address of 192.168.56.107?

Both the server and Windows PC are connected to the same physical network?

Can you post the configuration page of the pfsense OpenVpn server?

marayamma

LAN of pfsense:192.168.56.107
WAN of pfsense DHCP
this is configuartion of server open vpn

divsys

Well we're getting closer to a picture of your setup  :)

Your pfsense OpenVpn server is listening on its WAN interface at Port 1194 for OpenVpn clients,  that's good.

The server will use the IP addresses in the "Tunnel Network" range to create the needed connections.  I noticed you blacked out that field from your configs.  That doesn't really matter as no one other than OpenVpn can see or use those addresses.  What does matter is that you should make sure that range doesn't conflict with anything else on your network.
You can make up the addresses as you like, use 10.199.99.0/24 or anything else as long as it doesn't get used anywhere else.

The second thing to note is your client must try to connect to the WAN address of your OpenVPN server.  Go to "Status->Interfaces" and check the WAN address listed.
That address should appear on the client's config line that starts with "remote", for example:

"remote 192.168.56.75 1194"

DON'T use an address from the "Tunnel Network", that's only for internal negotiations between the Server and Client.

The last thing to watch out for is you need a rule to allow WAN UDP traffic on Port 1194.
Firewall->Rules->WAN->add

-pass
-WAN
-IPv4
-UDP
-any
-WAN address
-OpenVpn

Save

When your client tries to connect should be able to see the attempt under "Status->System Logs->OpenVpn"

I've got to head out right now, but keep at it and let us know if it works (or not).

marayamma

I have this 2 error please what can do???

Fri May 02 12:30:15 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 02 12:30:15 2014 TLS Error: TLS handshake failed

johnpoz

Well its seem pretty clear from the error "check your network connectivity"

I think your confused to what IP to use, and so am I because not exactly sure what your trying to do.. Why would you need or want to vpn to a vm on your same PC?  What type of networking are you using for your vms?  Bridged, Nated, Host only?

What is the IP address of your PC actual interface?

example

C:>ipconfig                                       
Windows IP Configuration

Ethernet adapter Local:

Connection-specific DNS Suffix  . : local.lan   
  IPv4 Address. . . . . . . . . . . : 192.168.1.100
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.253

C:>

What is the interfaces of your pfsense vm - see attached dashboard interfaces widget.  Keep in mind you only need to block out say last couple of octets of Public IPs..  anything that starts with 10.x.x.x, 192.168.x.x, 172.16-31.x.x is private IP space (rfc1918) and is not routable on the public internet and we are all using the same addresses so does not matter if they are shown.

when you connect to pfsense you are using 192.168.56.107, I have to assume that is your lan IP?  And you stated it was - so what is the WAN??  You said this is VM on same PC, so have to assume its on the same network your PC is on?  What is that?  That is the address you would want to connect to for openvpen.

marayamma

in VM i have pfsense with to carte network :
lan 192.168.56.107 network prive
wan DHCP NAT


marayamma

is that i  install the client of another PC????

johnpoz

Do your showing a public IP there 197.130.x.x how do you think your going to talk to 10.0.2.15.. How exactly are you talking to 192.168.56.107?

Where are you VM interfaces on this PC?  What VM software are you running exactly?

What exactly are you trying to accomplish here?  Are you trying to run your PC behind the VM pfsense connected to your internet for a firewall between your PC and the internet?  If so that does not have anything to do with a vpn connection.. It wouldn't be needed from your pc to pfsense.