TLS Error: TLS key negotiation failed to occur within 60 seconds
-
I'm having some issues with my openVPN.
When trying to connect I get a timeout error, TLS handshake failed.
When Locally connecting, no problem. as soon as I go to a outside network, no dice.
The PFsense is a public IP I checked config of both the client and server both are displaying the correct port and ip information.
Server sees the requests so I don't think its a port fwd/firewall
Nov 18 14:12:24 openvpn[84509]: 207.148.131.170:54713 TLS Error: TLS handshake failed
Nov 18 14:12:24 openvpn[84509]: 207.148.131.170:54713 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 18 14:11:21 openvpn[84509]: 207.148.131.170:42124 TLS Error: TLS handshake failed
Nov 18 14:11:21 openvpn[84509]: 207.148.131.170:42124 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 18 14:10:20 openvpn[84509]: 207.148.131.170:58626 TLS Error: TLS handshake failed
Nov 18 14:10:20 openvpn[84509]: 207.148.131.170:58626 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)I checked the TLS certs and both are exact matches.
turned firewall off on the client computer
I even went as far as creating a giant hole in my firewall creating an any any all traffic rule. basically turning off the firewall.
because the router has a public IP port forwarding shouldnt be needed, but I tried making a rule for it as well - no effect
made a port forward rule to have 1194 udp go to the pfsensewe have multiple ipsec connections that are still alive no problems with those
self signed certs don't expire until 2020+
happened around the time we updated from 2.2.3 to 2.2.4, not sure but it may have happened before but this is when I noticed.
Any help would be greatly appreciated, as im banging my head with this one. if you need any more info let me know.
-
You do not need a port forward. You need a firewall rule to your WAN address. OpenVPN should be told to listen on your WAN address. Not sure what you're testing from inside.
-
that's what I meant sorry,
added firewall rule just now, there was none before that I could see before
it worked up until about a month ago, if I try and run the openvpn application from my local intranet (just for testing) it works, but not external.
-
Show us your config then. You have it wrong.
-
CLIENT
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote ..***.162 1193 udp
lport 0
auth-user-pass
ca edmescore-udp-1193-ca.crt
tls-auth edmescore-udp-1193-tls.key 1
comp-lzo yes
passtosSERVER
-
And the OpenVPN firewall rule on WAN1_SKYWAY??
-
.
-
oh, I just seen it. the rule i had 10.110.0.250 as the destination, changed it to skyway1 address and im up and going.
Thanks for your help
-
thats weird that it worked before without the firewall rule, wondering if with the update to 2.2.4 they blocked it by firewall, where it was opened before
-
Nope. Nothing from 2.2.4 to 2.2.5 would have changed that.
