Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can connect with OpenVPN on LAN but not WAN (TLS handshake failed)

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grapple11
      last edited by

      I am having a strange problem. I have a pfSense firewall/router as my LAN gateway device. I set up OpenVPN on it using the wizard and installed a client certificate on my Windows 8.1 laptop. Now, when my laptop is on my LAN behind the pfSense firewall, I can connect to the VPN. However, when my laptop is anywhere else on the WAN (public Internet), I am unable to connect and get the error "TLS handshake failed." I thought it might be the firewall rule that the wizard set up but don't see anything wrong with rule. On the other hand, I'm not exactly an expert with rule-creation. So, does anyone have any tips regarding how to troubleshoot this problem?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        1. Is the OpenVPN server listening on WAN?
        2. Is the WAN IP a public IP? or a private IP hidden behind some ISP internal network?
        3. Is there a rule on WAN that allows traffic from the internet to WAN address + OepnVPN listening port?

        Post some screen shots of the OpenVPN server settings and WAN rules.

        Coming from LAN, you are subject to rules on LAN, which are likely to let you reach WAN IP.
        Coming from LAN, routing will be able to reach WAN IP even if it is a private IP.
        So with both problems (2) and (3) above you will still be able to connect OpenVPN client from LAN.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • G
          grapple11
          last edited by

          Thanks for your suggestions. I now understand the problem. It turns out that the main location where I have been attempting to use the OpenVPN client is a network behind a NAT firewall that blocks the default OpenVPN port (1194). I am able connect as a client from other public locations. I am going to try reconfiguring pfSense to serve OpenVPN on an alternate port. Hopefully, that will solve the problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.