Can connect with OpenVPN on LAN but not WAN (TLS handshake failed)



  • I am having a strange problem. I have a pfSense firewall/router as my LAN gateway device. I set up OpenVPN on it using the wizard and installed a client certificate on my Windows 8.1 laptop. Now, when my laptop is on my LAN behind the pfSense firewall, I can connect to the VPN. However, when my laptop is anywhere else on the WAN (public Internet), I am unable to connect and get the error "TLS handshake failed." I thought it might be the firewall rule that the wizard set up but don't see anything wrong with rule. On the other hand, I'm not exactly an expert with rule-creation. So, does anyone have any tips regarding how to troubleshoot this problem?



    1. Is the OpenVPN server listening on WAN?
    2. Is the WAN IP a public IP? or a private IP hidden behind some ISP internal network?
    3. Is there a rule on WAN that allows traffic from the internet to WAN address + OepnVPN listening port?

    Post some screen shots of the OpenVPN server settings and WAN rules.

    Coming from LAN, you are subject to rules on LAN, which are likely to let you reach WAN IP.
    Coming from LAN, routing will be able to reach WAN IP even if it is a private IP.
    So with both problems (2) and (3) above you will still be able to connect OpenVPN client from LAN.



  • Thanks for your suggestions. I now understand the problem. It turns out that the main location where I have been attempting to use the OpenVPN client is a network behind a NAT firewall that blocks the default OpenVPN port (1194). I am able connect as a client from other public locations. I am going to try reconfiguring pfSense to serve OpenVPN on an alternate port. Hopefully, that will solve the problem.


Log in to reply