OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Gargamel on November 04, 2017, 07:18:05 pm
-
I setup a OpenVPN server using the wizard, and pointed it to WAN, let the wizard to configure the firewall rules.
I used client export to export an "inline config" for android.
In the server logs i see:
Nov 4 19:12:54 openvpn[45682]: MANAGEMENT: Client disconnected
Nov 4 19:12:54 openvpn[45682]: MANAGEMENT: CMD 'quit'
Nov 4 19:12:54 openvpn[45682]: MANAGEMENT: CMD 'status 2'
Nov 4 19:12:54 openvpn[45682]: MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Nov 4 19:12:43 openvpn[45682]: Initialization Sequence Completed
Nov 4 19:12:43 openvpn[45682]: IFCONFIG POOL: base=10.222.0.4 size=62, ipv6=0
Nov 4 19:12:43 openvpn[45682]: MULTI: multi_init called, r=256 v=256
Nov 4 19:12:43 openvpn[45682]: UDPv6 link remote: [AF_UNSPEC]
Nov 4 19:12:43 openvpn[45682]: UDPv6 link local (bound): [AF_INET6][undef]:11194
Nov 4 19:12:43 openvpn[45682]: setsockopt(IPV6_V6ONLY=0)
Nov 4 19:12:43 openvpn[45682]: Socket Buffers: R=[42080->42080] S=[57344->57344]
Nov 4 19:12:43 openvpn[45682]: Could not determine IPv4/IPv6 protocol. Using AF_INET6
Nov 4 19:12:43 openvpn[45682]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Nov 4 19:12:43 openvpn[45682]: /sbin/route add -net 10.222.0.0 10.222.0.2 255.255.255.0
Nov 4 19:12:42 openvpn[45682]: /usr/local/sbin/ovpn-linkup ovpns3 1500 1622 10.222.0.1 10.222.0.2 init
Nov 4 19:12:42 openvpn[45682]: /sbin/ifconfig ovpns3 10.222.0.1 10.222.0.2 mtu 1500 netmask 255.255.255.255 up
Nov 4 19:12:42 openvpn[45682]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Nov 4 19:12:42 openvpn[45682]: TUN/TAP device /dev/tun3 opened
Nov 4 19:12:42 openvpn[45682]: TUN/TAP device ovpns3 exists previously, keep at program end
Nov 4 19:12:42 openvpn[45682]: ROUTE_GATEWAY 155.4.197.1/255.255.255.0 IFACE=em1 HWADDR=00:e8:4c:68:50:fe
Nov 4 19:12:42 openvpn[45682]: TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Nov 4 19:12:42 openvpn[45682]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 4 19:12:42 openvpn[45682]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 4 19:12:42 openvpn[45682]: Diffie-Hellman initialized with 2048 bit key
Nov 4 19:12:42 openvpn[45682]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 4 19:12:42 openvpn[45682]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server3.sock
Nov 4 19:12:42 openvpn[45623]: library versions: LibreSSL 2.5.5, LZO 2.10
Nov 4 19:12:42 openvpn[45623]: OpenVPN 2.4.4 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 4 2017
Nov 4 19:12:42 openvpn[45623]: auth_user_pass_file = '[UNDEF]'
Nov 4 19:12:42 openvpn[45623]: pull = DISABLED
Nov 4 19:12:42 openvpn[45623]: client = DISABLED
Nov 4 19:12:42 openvpn[45623]: port_share_port = '[UNDEF]'
Nov 4 19:12:42 openvpn[45623]: port_share_host = '[UNDEF]'
Nov 4 19:12:42 openvpn[45623]: auth_token_lifetime = 0
Nov 4 19:12:42 openvpn[45623]: auth_token_generate = DISABLED
Nov 4 19:12:42 openvpn[45623]: auth_user_pass_verify_script_via_file = DISABLED
Nov 4 19:12:42 openvpn[45623]: auth_user_pass_verify_script = '/usr/local/sbin/ovpn_auth_verify user 'Local Database' 'false' 'server3''
Nov 4 19:12:42 openvpn[45623]: max_routes_per_client = 256
Nov 4 19:12:42 openvpn[45623]: max_clients = 1024
Nov 4 19:12:42 openvpn[45623]: cf_per = 0
Nov 4 19:12:42 openvpn[45623]: cf_max = 0
Nov 4 19:12:42 openvpn[45623]: duplicate_cn = DISABLED
Nov 4 19:12:42 openvpn[45623]: enable_c2c = DISABLED
Nov 4 19:12:42 openvpn[45623]: push_ifconfig_ipv6_remote = ::
Nov 4 19:12:42 openvpn[45623]: push_ifconfig_ipv6_local = ::/0
Nov 4 19:12:42 openvpn[45623]: push_ifconfig_ipv6_defined = DISABLED
Nov 4 19:12:42 openvpn[45623]: push_ifconfig_remote_netmask = 0.0.0.0
Nov 4 19:12:42 openvpn[45623]: push_ifconfig_local = 0.0.0.0
Nov 4 19:12:42 openvpn[45623]: push_ifconfig_defined = DISABLED
Nov 4 19:12:42 openvpn[45623]: tmp_dir = '/tmp'
So it SEEMS that the server sort of works, but the android client says:
EVENT: CONNECTING
EVENT: RESOLVE
Contacting <my ip>:11194 via UDP
Server poll timeout, trying next remote entry.
What could be the problem? And how to solve it so clients can connect?