OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: Julien on June 29, 2016, 12:01:03 am

Title: new to OPNSense
Post by: Julien on June 29, 2016, 12:01:03 am

Hi Guys,
we are new to the products, we finally our contract with the Cisco and been using pfsense for over 7 years , al our customers are happy with pfsense.
today we have contacted the OPNSense team so they advised us to try it before start deploying it .
the issue now is i can't get the openvpn with two factor authentication .
i've followed the link as explained https://docs.opnsense.org/manual/how-tos/sslvpn_client.html?highlight=vpn but its keeps failing on tls handshake .
on this step :

Code: [Select]

Create a Certificate

After creating the Authority we will also need a certificate. To create a new certificate, go to System->Trust->Certificates and click add or import certificate in the upper right corner of the form.

Fill in the form with (leave the rest default):

Click Save to create the certificate.should we create a user or server certificate this step is unclear


can someone point me why ?

Title: Re: new to OPNSense
Post by: franco on June 29, 2016, 07:34:38 am

Hi jamerson,

This should be a server certificate as suggested later on: SSLVPN Server Certificate (CA: SSL VPN CA).

Do you have any logs associated with this TLS failure incident we could use to troubleshoot more?


Cheers,
Franco

Title: Re: new to OPNSense
Post by: Julien on June 29, 2016, 08:25:28 am

Thank you for trying to help me.
the logo I could find now after some editing .
waiting for your answer

Quote

Wed Jun 29 13:49:41 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed Jun 29 13:49:41 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jun 29 13:49:41 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Wed Jun 29 13:50:00 2016 Control Channel Authentication: using 'firewall-udp-1194-vpn-ssl-tls.key' as a OpenVPN static key file
Wed Jun 29 13:50:00 2016 UDPv4 link local (bound): [undef]
Wed Jun 29 13:50:00 2016 UDPv4 link remote: [AF_INET]192.168.1.100:1194
Wed Jun 29 13:51:00 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 29 13:51:00 2016 TLS Error: TLS handshake failed
Wed Jun 29 13:51:00 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 29 13:51:02 2016 UDPv4 link local (bound): [undef]
Wed Jun 29 13:51:02 2016 UDPv4 link remote: [AF_INET]192.168.1.100:1194

Title: Re: new to OPNSense
Post by: Julien on June 29, 2016, 05:29:52 pm

i managed to fix this,
Begon networks were blocked .has to disable this

Title: Re: new to OPNSense
Post by: franco on June 29, 2016, 07:20:32 pm

A bit unexpected, but glad this is solved.  :)