Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marayamma
      last edited by

      when i connect to client open vpn ,i have this problem ?
      vc.png
      vc.png_thumb

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        Is your pfsense router the client or the server or both in this connection?

        Your log file shows the start of a connection attempt, what happens after 5-10 mins, does the connection complete, do you get an error message?

        A little more information about your setup would be helpful.

        -jfp

        1 Reply Last reply Reply Quote 0
        • M
          marayamma
          last edited by

          this is my client configuration in windows,
          the server vpn –>pfsense

          ![configuration client sous windows.png](/public/imported_attachments/1/configuration client sous windows.png)
          ![configuration client sous windows.png_thumb](/public/imported_attachments/1/configuration client sous windows.png_thumb)

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            Ok, what I'm getting from your logs & config is a scenario like:

            Win7 machine running OpenVPN client –> 10.0.2.15 Pfsense OpenVPN server

            Now, the first thing that strikes me is that you normally wouldn't have the Client try to access the Server over a private network address.  Usually, the OpenVPN server running on pfsense would listen on the WAN interface and the client would try and reach it through the public IP (or dynamic DNS) address of the router.  This type of setup is often referred to as a Road-Warrior setup, you want a laptop or other device to get inside access from outside the network controlled by pfsense.

            Is this the type of setup you're trying to implement?

            If not, a description or picture of what you're trying to do would help.

            -jfp

            1 Reply Last reply Reply Quote 0
            • M
              marayamma
              last edited by

              the server vpn is running with this adresse 192.168.56.107  (in machine virtual)
              -the client open vpn is in windows
              the server and client are in the same computer personnel
              i have a connection betwenn machine virtual and windows

              1 Reply Last reply Reply Quote 0
              • D
                divsys
                last edited by

                Ok,

                Just to be clear (I'm guessing we're fighting a little bit of language barrier):

                The pfsense OpenVpn server is running as a virtual machine and has a WAN address of 192.168.56.107?

                Both the server and Windows PC are connected to the same physical network?

                Can you post the configuration page of the pfsense OpenVpn server?

                -jfp

                1 Reply Last reply Reply Quote 0
                • M
                  marayamma
                  last edited by

                  LAN of pfsense:192.168.56.107
                  WAN of pfsense DHCP
                  this is configuartion of server open vpn

                  1.png
                  1.png_thumb
                  2.png
                  2.png_thumb
                  3.png
                  3.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • D
                    divsys
                    last edited by

                    Well we're getting closer to a picture of your setup  :)

                    Your pfsense OpenVpn server is listening on its WAN interface at Port 1194 for OpenVpn clients,  that's good.

                    The server will use the IP addresses in the "Tunnel Network" range to create the needed connections.  I noticed you blacked out that field from your configs.  That doesn't really matter as no one other than OpenVpn can see or use those addresses.  What does matter is that you should make sure that range doesn't conflict with anything else on your network.
                    You can make up the addresses as you like, use 10.199.99.0/24 or anything else as long as it doesn't get used anywhere else.

                    The second thing to note is your client must try to connect to the WAN address of your OpenVPN server.  Go to "Status->Interfaces" and check the WAN address listed.
                    That address should appear on the client's config line that starts with "remote", for example:

                    "remote 192.168.56.75 1194"

                    DON'T use an address from the "Tunnel Network", that's only for internal negotiations between the Server and Client.

                    The last thing to watch out for is you need a rule to allow WAN UDP traffic on Port 1194.
                    Firewall->Rules->WAN->add

                    -pass
                    -WAN
                    -IPv4
                    -UDP
                    -any
                    -WAN address
                    -OpenVpn

                    Save

                    When your client tries to connect should be able to see the attempt under "Status->System Logs->OpenVpn"

                    I've got to head out right now, but keep at it and let us know if it works (or not).

                    -jfp

                    1 Reply Last reply Reply Quote 0
                    • M
                      marayamma
                      last edited by

                      I have this 2 error please what can do???

                      Fri May 02 12:30:15 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
                      Fri May 02 12:30:15 2014 TLS Error: TLS handshake failed

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Well its seem pretty clear from the error "check your network connectivity"

                        I think your confused to what IP to use, and so am I because not exactly sure what your trying to do.. Why would you need or want to vpn to a vm on your same PC?  What type of networking are you using for your vms?  Bridged, Nated, Host only?

                        What is the IP address of your PC actual interface?

                        example

                        C:>ipconfig                                       
                        Windows IP Configuration

                        Ethernet adapter Local:

                        Connection-specific DNS Suffix  . : local.lan   
                          IPv4 Address. . . . . . . . . . . : 192.168.1.100
                          Subnet Mask . . . . . . . . . . . : 255.255.255.0
                          Default Gateway . . . . . . . . . : 192.168.1.253

                        C:>

                        What is the interfaces of your pfsense vm - see attached dashboard interfaces widget.  Keep in mind you only need to block out say last couple of octets of Public IPs..  anything that starts with 10.x.x.x, 192.168.x.x, 172.16-31.x.x is private IP space (rfc1918) and is not routable on the public internet and we are all using the same addresses so does not matter if they are shown.

                        when you connect to pfsense you are using 192.168.56.107, I have to assume that is your lan IP?  And you stated it was - so what is the WAN??  You said this is VM on same PC, so have to assume its on the same network your PC is on?  What is that?  That is the address you would want to connect to for openvpen.

                        pfsenseinterfaces.png
                        pfsenseinterfaces.png_thumb

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • M
                          marayamma
                          last edited by

                          in VM i have pfsense with to carte network :
                          lan 192.168.56.107 network prive
                          wan DHCP NAT

                          ![configuration windows.png](/public/imported_attachments/1/configuration windows.png)
                          ![configuration windows.png_thumb](/public/imported_attachments/1/configuration windows.png_thumb)
                          INterface.png
                          INterface.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • M
                            marayamma
                            last edited by

                            is that i  install the client of another PC????

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              Do your showing a public IP there 197.130.x.x how do you think your going to talk to 10.0.2.15.. How exactly are you talking to 192.168.56.107?

                              Where are you VM interfaces on this PC?  What VM software are you running exactly?

                              What exactly are you trying to accomplish here?  Are you trying to run your PC behind the VM pfsense connected to your internet for a firewall between your PC and the internet?  If so that does not have anything to do with a vpn connection.. It wouldn't be needed from your pc to pfsense.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.