TLS handshake error when connecting to pfSense OpenVPN
-
I am attempting to connect to an openvpn server I created in pfSense using Tunnelblick on a Mac. When I try to connect, there is an error in the TLS handshake. I have posted the error log for both pfSense and Tunnelblick below. I am using a local CA on the pfSense server, where I generated the certificates and keys for the client. Any help would be appreciated.
pfSense openVPN log:
Jul 10 09:20:54 openvpn[12430]: 128.151.105.61:49609 TLS: Initial packet from [AF_INET]128.151.105.61:49609, sid=e76a49a2 ebdf7007
Jul 10 09:20:54 openvpn[12430]: 128.151.105.61:49609 Connection reset, restarting [0]
Jul 10 09:20:54 openvpn[12430]: 128.151.105.61:49609 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 10 09:20:54 openvpn[12430]: TCP connection established with [AF_INET]128.151.105.61:49610
Jul 10 09:20:55 openvpn[12430]: 128.151.105.61:49610 TLS: Initial packet from [AF_INET]128.151.105.61:49610, sid=87f9aad1 e0c35c73
Jul 10 09:20:55 openvpn[12430]: 128.151.105.61:49610 Connection reset, restarting [0]
Jul 10 09:20:55 openvpn[12430]: 128.151.105.61:49610 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 10 09:20:55 openvpn[12430]: TCP connection established with [AF_INET]128.151.105.61:49611
Jul 10 09:20:56 openvpn[12430]: 128.151.105.61:49611 TLS: Initial packet from [AF_INET]128.151.105.61:49611, sid=ef674901 448ac457
Jul 10 09:20:56 openvpn[12430]: 128.151.105.61:49611 Connection reset, restarting [0]
Jul 10 09:20:56 openvpn[12430]: 128.151.105.61:49611 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 10 09:20:56 openvpn[12430]: TCP connection established with [AF_INET]128.151.105.61:49612
Jul 10 09:20:57 openvpn[12430]: 128.151.105.61:49612 TLS: Initial packet from [AF_INET]128.151.105.61:49612, sid=e73730c6 71cad131
Jul 10 09:20:57 openvpn[12430]: 128.151.105.61:49612 Connection reset, restarting [0]
Jul 10 09:20:57 openvpn[12430]: 128.151.105.61:49612 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 10 09:20:58 openvpn[12430]: TCP connection established with [AF_INET]128.151.105.61:49613
Jul 10 09:20:59 openvpn[12430]: 128.151.105.61:49613 TLS: Initial packet from [AF_INET]128.151.105.61:49613, sid=f7386ec6 cd1903e6
Jul 10 09:20:59 openvpn[12430]: 128.151.105.61:49613 Connection reset, restarting [0]
Jul 10 09:20:59 openvpn[12430]: 128.151.105.61:49613 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 10 09:20:59 openvpn[12430]: TCP connection established with [AF_INET]128.151.105.61:49614
Jul 10 09:20:59 openvpn[12430]: 128.151.105.61:49614 Connection reset, restarting [0]
Jul 10 09:20:59 openvpn[12430]: 128.151.105.61:49614 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 10 09:21:24 openvpn[12430]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 10 09:21:24 openvpn[12430]: MANAGEMENT: CMD 'status 2'
Jul 10 09:21:24 openvpn[12430]: MANAGEMENT: CMD 'quit'
Jul 10 09:21:24 openvpn[12430]: MANAGEMENT: Client disconnected
Jul 10 09:22:26 openvpn[12430]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 10 09:22:26 openvpn[12430]: MANAGEMENT: CMD 'status 2'
Jul 10 09:22:26 openvpn[12430]: MANAGEMENT: CMD 'quit'
Jul 10 09:22:26 openvpn[12430]: MANAGEMENT: Client disconnected
Jul 10 09:23:30 openvpn[12430]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 10 09:23:30 openvpn[12430]: MANAGEMENT: CMD 'status 2'
Jul 10 09:23:30 openvpn[12430]: MANAGEMENT: CMD 'quit'
Jul 10 09:23:30 openvpn[12430]: MANAGEMENT: Client disconnected
Jul 10 09:24:31 openvpn[12430]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 10 09:24:31 openvpn[12430]: MANAGEMENT: CMD 'status 2'
Jul 10 09:24:32 openvpn[12430]: MANAGEMENT: CMD 'quit'
Jul 10 09:24:32 openvpn[12430]: MANAGEMENT: Client disconnected
Jul 10 09:25:33 openvpn[12430]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 10 09:25:33 openvpn[12430]: MANAGEMENT: CMD 'status 2'
Jul 10 09:25:33 openvpn[12430]: MANAGEMENT: CMD 'quit'
Jul 10 09:25:33 openvpn[12430]: MANAGEMENT: Client disconnectedTunnelblick log:
2015-07-10 09:22:14 VERIFY ERROR: depth=0, error=self signed certificate: C=US, ST=State, L=Locality, O=pfSense webConfigurator Self-Signed Certificate, emailAddress=admin@pfSense.localdomain, CN=pfSense-559a8e35a90d9
2015-07-10 09:22:14 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2015-07-10 09:22:14 TLS Error: TLS object -> incoming plaintext read error
2015-07-10 09:22:14 TLS Error: TLS handshake failed
2015-07-10 09:22:14 Fatal TLS error (check_tls_errors_co), restarting -
2015-07-10 09:22:14 VERIFY ERROR: depth=0, error=self signed certificate: C=US, ST=State, L=Locality, O=pfSense webConfigurator Self-Signed Certificate, emailAddress=admin@pfSense.localdomain, CN=pfSense-559a8e35a90d9
Verify that you use the right certificate on the pfsense server. It seems that you are using the webConfigurator certificate.
-
That was the issue, I assumed that pfSense would automatically generate a certificate for the OpenVPN server if it was the certificate authority. Thank you!