Greetings!
I am new to Opnsense, but I am a long time user of Pfsense so a lot of the fundamentals are familiar to me.
I am trying to setup my first OpenVPN server, but I am getting timeouts when trying to make an inbound connection. I don't see any errors on my client end except "TLS key negotiation failed to occur within 60 seconds."
Here is my setup:
LAN: 10.99.10.0/24
WAN: DHCP (using DDNS)
Server Mode: Remote Access (SSL/TLS + User Auth)
Backend for authentication: Local Database
Enforce local group: (none)
Protocol: UDP4
Device Mode: tun
Interface: WAN
Local port: 1194
DH Parameters Length: 2048 bit
Encryption algorithm: AES-256-CBC
Auth Digest Algorithm: SAH256
Hardware Crypto: No Hardware Crypto
Certificate Depth One
IPv4 Tunnel Network: 10.2.0.0/24
Redirect Gateway: Unchecked
IPv4 Local Network: 10.99.10.0/24
Firewall Rule (WAN)
Protocol: IPv4 UDP
Source: *
Port: *
Destination: WAN address
Port: 1194
Firewall Rule (OpenVPN)
Protocol: IPv4+6*
Source: *
Port: *
Destination: *
Port: *
Yes, I have verified that the DDNS host I am using is resolving to the correct IP as I can enable all inbound traffic and reach the web interface from that hostname. I had a Pfsense box here previously in which OpenVPN worked fine so I do not believe it is anything on the ISP side. Any ideas?
Do you see traffic on port 1194? Just for testing maybe try "shared key"...
Shared key only seems to be an option with a peer-to-peer connection. Will that work?
How did you create the config file for the client? TLS Key negotiation sound like a wrong tls auth/crypt info in the config file.
You can enable logging on the WAN rule allowing traffic to port 1194. You should the see the connections in Firewall:Log files:Live view