How to block UNDEF connection



  • Hi Guys,

    I've search the forums, but didn't really come across anything similar so I'm posting my issue here:
    On one of my openVPN Tunnel Network (PfSense 2.0.1-RELEASE (i386) ), I have a connection that stays UNDEF and it is not introducing it's openVPN license. All that I can see is the Real Address and connection time.

    In the System log of the OpenVPN, I can see the fowolling about this connection:

    Aug 19 10:46:56 	openvpn[33357]: 130.204.24.XX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Aug 19 10:46:56 	openvpn[33357]: 130.204.24.XX:1194 TLS Error: TLS handshake failed
    Aug 19 10:47:00 	openvpn[33357]: 130.204.24.XX:1194 Re-using SSL/TLS context
    

    As soon as I kick it from the list it is reconnecting again and i can't even block it from the Firewall Rules.

    How can I determine the licenses of this connection or how can I block it from accessing my server?

    Regards.


  • Banned

    pfSense 2.0.1 is NOT supported and definitely is something you should NOT use at all.



  • Thanks, but right now an upgrade is not something that I can do or want to do, so if there is a way that I can investigate this uncompleted connection it will be much appreciated.


  • Banned

    Yeah, you can sure keep hunting zombies… Good luck. You are using dead buggy code with tons of vulnerabilities as your firewall. Ridiculous.


  • LAYER 8 Global Moderator

    2.0.1 is from 2011.. I would think your highest priority should be getting on current code..


  • LAYER 8 Netgate

    There are no licenses.  Bite the bullet and upgrade.  If downtime is such an issue, build an HA pair.


  • Rebel Alliance Developer Netgate

    If a connection is stuck at UNDEF that means that it's stuck before it identifies itself, either it has not or cannot send its certificate or credentials. The logs on both sides may be of more help, but generally when this is seen it's because there is poor connectivity between the client and server.

    Upgrading is important, though it may not help you with this particular case.


Log in to reply