Messages

It looks like when I'm in the outside LAN  that the WAN is connected to, the TLS handshake is failing, dunno why.

Dec 18 3:36:20 PM: State changed to Connecting
Dec 18 3:36:20 PM: Viscosity Windows 1.9 (1695)
Dec 18 3:36:20 PM: Running on Windows 10 1903 (18362) 64 bit
Dec 18 3:36:20 PM: Running on .NET Framework Version 4.8.03752.528040
Dec 18 3:36:20 PM: Checking reachability status of connection...
Dec 18 3:36:20 PM: Connection is reachable. Starting connection attempt.
Dec 18 3:36:20 PM: Bringing up interface...
Dec 18 3:36:21 PM: OpenVPN 2.4.9 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Oct  6 2020
Dec 18 3:36:21 PM: library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Dec 18 3:36:32 PM: Valid endpoint found: 10.50.65.10:11094:udp
Dec 18 3:36:32 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]10.50.65.10:11094
Dec 18 3:36:32 PM: UDP link local (bound): [AF_INET][undef]:0
Dec 18 3:36:32 PM: UDP link remote: [AF_INET]10.50.65.10:11094
Dec 18 3:37:33 PM: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 18 3:37:33 PM: TLS Error: TLS handshake failed
Dec 18 3:37:33 PM: SIGUSR1[soft,tls-error] received, process restarting
Dec 18 3:37:33 PM: State changed to Connecting
Dec 18 3:37:43 PM: Valid endpoint found: 10.50.65.10:11094:udp
Dec 18 3:37:43 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]10.50.65.10:11094
Dec 18 3:37:43 PM: UDP link local (bound): [AF_INET][undef]:0
Dec 18 3:37:43 PM: UDP link remote: [AF_INET]10.50.65.10:11094
Dec 18 3:38:44 PM: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 18 3:38:44 PM: TLS Error: TLS handshake failed
Dec 18 3:38:44 PM: SIGUSR1[soft,tls-error] received, process restarting
Dec 18 3:38:44 PM: State changed to Connecting
Dec 18 3:38:54 PM: Valid endpoint found: 10.50.65.10:11094:udp
Dec 18 3:38:54 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]10.50.65.10:11094
Dec 18 3:38:54 PM: UDP link local (bound): [AF_INET][undef]:0
Dec 18 3:38:54 PM: UDP link remote: [AF_INET]10.50.65.10:11094

Thanks for your response, I have tried to add a firewall rule on the WAN to allow in RFC1918 and nothing.

I have tried to change to a TAP device, Change the port to 1194, made sure that it was allowed on the firewall.

This is what I'm getting in openvpn client log when trying to connect from the local LAN..

Dec 16 4:19:47 PM: State changed to Connecting
Dec 16 4:19:47 PM: Viscosity Windows 1.9 (1695)
Dec 16 4:19:47 PM: Running on Windows 10 1903 (18362) 64 bit
Dec 16 4:19:47 PM: Running on .NET Framework Version 4.8.03752.528040
Dec 16 4:19:47 PM: Checking reachability status of connection...
Dec 16 4:19:47 PM: Connection is reachable. Starting connection attempt.
Dec 16 4:19:48 PM: Bringing up interface...
Dec 16 4:19:48 PM: OpenVPN 2.4.9 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Oct  6 2020
Dec 16 4:19:48 PM: library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Dec 16 4:20:00 PM: Valid endpoint found: 10.50.65.10:1194:udp
Dec 16 4:20:00 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]10.50.65.10:1194
Dec 16 4:20:00 PM: UDP link local (bound): [AF_INET][undef]:0
Dec 16 4:20:00 PM: UDP link remote: [AF_INET]10.50.65.10:1194

This is when I try from the internet.

Dec 16 4:30:12 PM: State changed to Connecting
Dec 16 4:30:12 PM: Viscosity Windows 1.9 (1695)
Dec 16 4:30:12 PM: Running on Windows 10 1903 (18362) 64 bit
Dec 16 4:30:12 PM: Running on .NET Framework Version 4.8.03752.528040
Dec 16 4:30:12 PM: Checking reachability status of connection...
Dec 16 4:30:13 PM: Connection is reachable. Starting connection attempt.
Dec 16 4:30:13 PM: Bringing up interface...
Dec 16 4:30:13 PM: OpenVPN 2.4.9 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Oct  6 2020
Dec 16 4:30:13 PM: library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Dec 16 4:30:23 PM: Valid endpoint found: 96.###.###.138:11094:udp
Dec 16 4:30:24 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]96.###.###.138:11094
Dec 16 4:30:24 PM: UDP link local (bound): [AF_INET][undef]:0
Dec 16 4:30:24 PM: UDP link remote: [AF_INET]96.###.###.138:11094
Dec 16 4:30:24 PM: State changed to Authenticating
Dec 16 4:30:24 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 16 4:30:25 PM: [Router Cert] Peer Connection Initiated with [AF_INET]96.###.###.138:11094
Dec 16 4:30:25 PM: State changed to Connecting
Dec 16 4:30:25 PM: Awaiting adapter to come up...
Dec 16 4:30:26 PM: TAP-WIN32 device [client1 netgear R7000] opened: \\.\Global\{1B7D26D8-38BD-4DDC-ABDB-240F93F13D3B}.tap, index: 6
Dec 16 4:30:27 PM: Waiting for DNS Setup to complete...
Dec 16 4:30:27 PM: Successful ARP Flush on interface [6] {1B7D26D8-38BD-4DDC-ABDB-240F93F13D3B}
Dec 16 4:30:33 PM: Initialization Sequence Completed
Dec 16 4:30:33 PM: WARNING: Split DNS is being used however no DNS domains are present. The DNS server/s for this connection may not be used. For more information please see: https://www.sparklabs.com/support/kb/article/warning-split-dns-is-being-used-however-no-dns-domains-are-present/
Server - 10.100.1.11:53; Lookup Type - Any; Domains - sei.local.
Server - 10.100.1.12:53; Lookup Type - Any; Domains - sei.local.
Server - 8.8.8.8:53; Lookup Type - Any; Domains - sei.local.
Server - [2600:381:1b19:564d::ce]:53; Lookup Type - Any; Domains - None
Server - 192.168.42.129:53; Lookup Type - Any; Domains - None

Dec 16 4:30:34 PM: State changed to Connected


Regards,

I figured out. Thanks

I have a opnsense firewall behind a router so is natted. I have the port forwarding from the first router to the WAN interface that has a private ip assigned via DHCP (10.50.65.10) from the first router and I'm forwarding port 11094 to the WAN with the DHCP reservation. I can VPN into the OpenVPN service in opnsense firewall from the internet but I can't if I'm in the network that is in the WAN interface. I have unchecked the block private networks on the WAN interface but I cannot connect to it when I change the IP in viscosity to be the 10.50.65.10. Do I need to create a firewall rule for it ?

Any help will be greatly appreciated.

Here is a diagram of what I'm trying to do.

I have setup my opnsense firewall to connect as a network on OpenVPN Cloud service.

I can access the LAN & LAN2 interfaces on my opnsense, 10.10.10.1 & 192.168.0.1 respectively.

So far so good, but I cannot reach any hosts on either LAN.

I have read the document for setting the route on OpenVPN Cloud documentation and I cannot get the static route configured correctly to be able to connect to any host behind any of the LANs.

Here is the document

https://openvpn.net/cloud-docs/connecting-networks-to-openvpn-cloud-using-connectors-2/

Any help will be greatly appreciated.

Regards,

The NIC is an Intel I211-AT- 10/100/1000 Controller.

Thanks for the quick responses guys.

I did a power cycle on both cable modem and Firewall and the speed of the WAN nic in the firewall is Gigabit now.

Let's hope that it continues to work fine.

Thanks

I just got a new Arris T25 Cable modem that I registered fine with Xfinity, but the WAN interface only connects on 100baseT not gigabit. I take the cable from the cable modem and plug it to another interface it connects fine to gigabit speeds. I have checked the interface speed and duplex settings and they are set to default on the WAN interface and also the others. Do I have a bad port ?

Any ideas ?

Any help will greatly appreciated.

I have an instance of OPNsense hosted in vultr. I have the ExpressVPN OpenVPN client configured correctly and it connects fine. But I haven't been able to route the OpenVPN clients traffic thru the ExpressVPN interface.
I have played with the outbound rules in manual mode but as soon as one of the openvpn clients connect they lose internet access.

Any help with be greatly appreciated.

Never mind guys and gals, I figured out.

See attachments to see what worked for me, in case somebody has the same problem.

Regards,

I have been reading this, on how to wake a computer from the internet via IP directed broadcast.

How do you setup the forwarding rule on the wan to accomplish this ?

Any help will be greatly appreciated.

Thanks !!!

and this

Here are my other settings

I have OpenVPN setup in my OPNsense firewall and I cannot connect using my android cell or my viscosity client in Windows 10. This is the log that I get in Viscosity:


Jun 06 11:04:27 AM: State changed to Creating...
Jun 06 11:04:28 AM: State changed to Disconnected
Jun 06 11:04:31 AM: State changed to Connecting
Jun 06 11:04:31 AM: Viscosity Windows 1.7.9 (1566)
Jun 06 11:04:31 AM: Running on Microsoft Windows 10 Pro
Jun 06 11:04:31 AM: Running on .NET Framework Version 4.7.02556.461308
Jun 06 11:04:31 AM: Bringing up interface...
Jun 06 11:04:31 AM: OpenVPN 2.4.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Jun 06 11:04:31 AM: library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.09
Jun 06 11:04:43 AM: Checking remote host "76.26.21.117" is reachable...
Jun 06 11:04:43 AM: Server reachable. Connecting to 76.26.21.117.
Jun 06 11:04:44 AM: TCP/UDP: Preserving recently used remote address: [AF_INET]76.26.21.117:443
Jun 06 11:04:44 AM: UDP link local (bound): [AF_INET][undef]:0
Jun 06 11:04:44 AM: UDP link remote: [AF_INET]76.26.21.117:443
Jun 06 11:05:44 AM: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 06 11:05:44 AM: TLS Error: TLS handshake failed
Jun 06 11:05:44 AM: SIGUSR1[soft,tls-error] received, process restarting
Jun 06 11:05:44 AM: State changed to Connecting
Jun 06 11:05:55 AM: Checking remote host "76.26.21.117" is reachable...
Jun 06 11:05:55 AM: Server reachable. Connecting to 76.26.21.117.
Jun 06 11:05:56 AM: TCP/UDP: Preserving recently used remote address: [AF_INET]76.26.21.117:443
Jun 06 11:05:56 AM: UDP link local (bound): [AF_INET][undef]:0
Jun 06 11:05:56 AM: UDP link remote: [AF_INET]76.26.21.117:443


any help is greatly appreciated.