OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: Julien on June 29, 2016, 12:01:03 am
-
Hi Guys,
we are new to the products, we finally our contract with the Cisco and been using pfsense for over 7 years , al our customers are happy with pfsense.
today we have contacted the OPNSense team so they advised us to try it before start deploying it .
the issue now is i can't get the openvpn with two factor authentication .
i've followed the link as explained https://docs.opnsense.org/manual/how-tos/sslvpn_client.html?highlight=vpn but its keeps failing on tls handshake .
on this step :
Create a Certificate
After creating the Authority we will also need a certificate. To create a new certificate, go to System->Trust->Certificates and click add or import certificate in the upper right corner of the form.
Fill in the form with (leave the rest default):
Click Save to create the certificate.
should we create a user or server certificate this step is unclear
can someone point me why ?
-
Hi jamerson,
This should be a server certificate as suggested later on: SSLVPN Server Certificate (CA: SSL VPN CA).
Do you have any logs associated with this TLS failure incident we could use to troubleshoot more?
Cheers,
Franco
-
Thank you for trying to help me.
the logo I could find now after some editing .
waiting for your answer
Wed Jun 29 13:49:41 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed Jun 29 13:49:41 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jun 29 13:49:41 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Wed Jun 29 13:50:00 2016 Control Channel Authentication: using 'firewall-udp-1194-vpn-ssl-tls.key' as a OpenVPN static key file
Wed Jun 29 13:50:00 2016 UDPv4 link local (bound): [undef]
Wed Jun 29 13:50:00 2016 UDPv4 link remote: [AF_INET]192.168.1.100:1194
Wed Jun 29 13:51:00 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 29 13:51:00 2016 TLS Error: TLS handshake failed
Wed Jun 29 13:51:00 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 29 13:51:02 2016 UDPv4 link local (bound): [undef]
Wed Jun 29 13:51:02 2016 UDPv4 link remote: [AF_INET]192.168.1.100:1194
-
i managed to fix this,
Begon networks were blocked .has to disable this
-
A bit unexpected, but glad this is solved. :)