i have some problems connecting to openvpn server with pfsense.
For my tests i got 2 network interfaces both on my pfsense openvpn server and my windows 10 openvpn client.
On my pfsense i have 1 network interface on WAN configure with DHCP :
-WAN 192.168.0.28/24
-LAN interface static 192.168.10.10/24
On my Windows 10 client :
-WAN DHCP 192.168.0.30/24
-LAN interface static 192.168.10.15/24
The first time i tryed to use udp but i had "tls key negotiation failed to occur within 60 seconds tls handshake failed" so i tryed to connect with tcp but i got this error :
My OpenVPN configuration is :
Server mode Remote Access (SSL/TLS + User Auth)
Backend for authentication Local Database
Protocol TCP
Device mode tun
Interface WAN
Local port 1194
Description VPN
TLS authentication Enable authentication of TLS packets
Key ...
Peer Certificate Authority OpenVPN CA
Server certificate ServerCertificate (Server: Yes, CA: OpenVPN CA, In Use)
DH Parameter length 2048
Encryption Algorithm AES-256-CBC(256 bit key, 128 bit block)
Auth digest algorithm SHA1(160-bit)
Hardware Crypto No Hardware Crypto Acceleration
Certificate Depth One(Client+Server)
IPv4 Tunnel Network 192.168.15.0/24
IPv4 Local network 192.168.10.0/24
Concurrent connections 5
Compression No Preference
Dynamic IP Allow connected client to retain their connections if their IP address changes
Address Pool Provide a virtual adapter IP address to clients
DNS Server enable Provide a DNS server list to clients
DNS Server 1 8.8.8.8
Force DNS cache update Run "net stop dnscache" ...
My Client configuration is :
client
dev tun
proto tcp
remote 192.168.0.28 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca OpenVPN+CA.crt
cert UserCertificate.crt
key UserCertificate.key
cipher AES-256-CBC
verb 5
I created the certificate authority and the server/user certificate :
Then i had some firewall and NAT rules :
I checked firewall on pfsense it's seems like the port 1194 is open :
The firewall on my windows client is down too.
Thanks in advance !
EDIT 20:42 :
I searched for log on the server and client, i feel like i don't get any logs on the server after the failing login, i just get logs when i start/restart the service
this is my logs on the server :
Apr 7 18:34:54 openvpn 13595 OpenVPN 2.3.14 i386-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Feb 15 2017
Apr 7 18:34:54 openvpn 13595 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Apr 7 18:34:54 openvpn 13883 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 7 18:34:54 openvpn 13883 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Apr 7 18:34:54 openvpn 13883 TUN/TAP device ovpns1 exists previously, keep at program end
Apr 7 18:34:54 openvpn 13883 TUN/TAP device /dev/tun1 opened
Apr 7 18:34:54 openvpn 13883 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Apr 7 18:34:54 openvpn 13883 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 7 18:34:54 openvpn 13883 /sbin/ifconfig ovpns1 192.168.15.1 192.168.15.2 mtu 1500 netmask 255.255.255.0 up
Apr 7 18:34:54 openvpn 13883 /usr/local/sbin/ovpn-linkup ovpns1 1500 1559 192.168.15.1 255.255.255.0 init
Apr 7 18:34:54 openvpn 13883 Listening for incoming TCP connection on [AF_INET]192.168.0.25:1194
Apr 7 18:34:54 openvpn 13883 TCPv4_SERVER link local (bound): [AF_INET]192.168.0.25:1194
Apr 7 18:34:54 openvpn 13883 TCPv4_SERVER link remote: [undef]
Apr 7 18:34:54 openvpn 13883 Initialization Sequence Completed
logs on the client :
Sat Apr 07 20:31:33 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Sat Apr 07 20:31:33 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 07 20:31:33 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Enter Management Password:
Sat Apr 07 20:31:33 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 07 20:31:33 2018 Need hold release from management interface, waiting...
Sat Apr 07 20:31:33 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'state on'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'log all on'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'echo all on'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'bytecount 5'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'hold off'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'hold release'
Sat Apr 07 20:31:33 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Apr 07 20:31:33 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.28:1194
Sat Apr 07 20:31:33 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 07 20:31:33 2018 Attempting to establish TCP connection with [AF_INET]192.168.0.28:1194 [nonblock]
Sat Apr 07 20:31:33 2018 MANAGEMENT: >STATE:1523125893,TCP_CONNECT,,,,,,
Sat Apr 07 20:33:34 2018 TCP: connect to [AF_INET]192.168.0.28:1194 failed: Unknown error
Sat Apr 07 20:33:34 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sat Apr 07 20:33:34 2018 MANAGEMENT: >STATE:1523126014,RECONNECTING,init_instance,,,,,
Sat Apr 07 20:33:34 2018 Restart pause, 5 second(s)
Sat Apr 07 20:33:39 2018 SIGTERM[hard,init_instance] received, process exiting
Sat Apr 07 20:33:39 2018 MANAGEMENT: >STATE:1523126019,EXITING,init_instance,,,,,
My OpenVPN configuration is :
Server mode Remote Access (SSL/TLS + User Auth)
Backend for authentication Local Database
Protocol TCP
Device mode tun
Interface WAN
Local port 1194
Description VPN
TLS authentication Enable authentication of TLS packets
Key ...
Peer Certificate Authority OpenVPN CA
Server certificate ServerCertificate (Server: Yes, CA: OpenVPN CA, In Use)
DH Parameter length 2048
Encryption Algorithm AES-256-CBC(256 bit key, 128 bit block)
Auth digest algorithm SHA1(160-bit)
Hardware Crypto No Hardware Crypto Acceleration
Certificate Depth One(Client+Server)
IPv4 Tunnel Network 192.168.15.0/24
IPv4 Local network 192.168.10.0/24
Concurrent connections 5
Compression No Preference
Dynamic IP Allow connected client to retain their connections if their IP address changes
Address Pool Provide a virtual adapter IP address to clients
DNS Server enable Provide a DNS server list to clients
DNS Server 1 8.8.8.8
Force DNS cache update Run "net stop dnscache" ...
My Client configuration is :
client
dev tun
proto tcp
remote 192.168.0.28 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca OpenVPN+CA.crt
cert UserCertificate.crt
key UserCertificate.key
cipher AES-256-CBC
verb 5
I created the certificate authority and the server/user certificate :
Then i had some firewall and NAT rules :
I checked firewall on pfsense it's seems like the port 1194 is open :
The firewall on my windows client is down too.
Thanks in advance !
EDIT 20:42 :
I searched for log on the server and client, i feel like i don't get any logs on the server after the failing login, i just get logs when i start/restart the service
this is my logs on the server :
Apr 7 18:34:54 openvpn 13595 OpenVPN 2.3.14 i386-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Feb 15 2017
Apr 7 18:34:54 openvpn 13595 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Apr 7 18:34:54 openvpn 13883 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 7 18:34:54 openvpn 13883 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Apr 7 18:34:54 openvpn 13883 TUN/TAP device ovpns1 exists previously, keep at program end
Apr 7 18:34:54 openvpn 13883 TUN/TAP device /dev/tun1 opened
Apr 7 18:34:54 openvpn 13883 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Apr 7 18:34:54 openvpn 13883 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 7 18:34:54 openvpn 13883 /sbin/ifconfig ovpns1 192.168.15.1 192.168.15.2 mtu 1500 netmask 255.255.255.0 up
Apr 7 18:34:54 openvpn 13883 /usr/local/sbin/ovpn-linkup ovpns1 1500 1559 192.168.15.1 255.255.255.0 init
Apr 7 18:34:54 openvpn 13883 Listening for incoming TCP connection on [AF_INET]192.168.0.25:1194
Apr 7 18:34:54 openvpn 13883 TCPv4_SERVER link local (bound): [AF_INET]192.168.0.25:1194
Apr 7 18:34:54 openvpn 13883 TCPv4_SERVER link remote: [undef]
Apr 7 18:34:54 openvpn 13883 Initialization Sequence Completed
logs on the client :
Sat Apr 07 20:31:33 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Sat Apr 07 20:31:33 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 07 20:31:33 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Enter Management Password:
Sat Apr 07 20:31:33 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 07 20:31:33 2018 Need hold release from management interface, waiting...
Sat Apr 07 20:31:33 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'state on'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'log all on'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'echo all on'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'bytecount 5'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'hold off'
Sat Apr 07 20:31:33 2018 MANAGEMENT: CMD 'hold release'
Sat Apr 07 20:31:33 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Apr 07 20:31:33 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.28:1194
Sat Apr 07 20:31:33 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 07 20:31:33 2018 Attempting to establish TCP connection with [AF_INET]192.168.0.28:1194 [nonblock]
Sat Apr 07 20:31:33 2018 MANAGEMENT: >STATE:1523125893,TCP_CONNECT,,,,,,
Sat Apr 07 20:33:34 2018 TCP: connect to [AF_INET]192.168.0.28:1194 failed: Unknown error
Sat Apr 07 20:33:34 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sat Apr 07 20:33:34 2018 MANAGEMENT: >STATE:1523126014,RECONNECTING,init_instance,,,,,
Sat Apr 07 20:33:34 2018 Restart pause, 5 second(s)
Sat Apr 07 20:33:39 2018 SIGTERM[hard,init_instance] received, process exiting
Sat Apr 07 20:33:39 2018 MANAGEMENT: >STATE:1523126019,EXITING,init_instance,,,,,
Asked by Maxime.c
(21 rep)
Apr 7, 2018, 03:58 PM
Last activity: May 2, 2025, 04:05 AM
Last activity: May 2, 2025, 04:05 AM