OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Choots »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Choots

Pages: [1]
1
Virtual private networks / Re: Client can't connect to new OpenVPN Server
« on: March 13, 2022, 10:51:54 pm »
Thanks for the response - I got busy and didn't know a reply had been posted.  I just thought to try to get this working again this weekend, and deleted everything to start over.  Got the server created again, the cert authority, the certs, the user and got it setup along with the firewall rules.

As mentioned in your post, I WAS using OpenVPN connect on my android phone, so switched over to OpenVPN for Android app.  But I still can't connect.   On the client app it mentioned "TLS negotiation failed to occur in 60 seconds" (which might be a function of me using MFA and OTP Server for authentication).  But that error is also indicating something with network connectivity or firewalls, so I looked at the server logs live as I was attempting to connect, and I saw my phone IP's trying to connect with UDP on the right port.  Every time it was denied with a "Default Deny rule".  So I'm assuming I have to figure out how my firewall rules are preventing this from connecting.

But I think my firewall rules are basic and my pass rule for OPENVPN looks correct...I don't know what's wrong.  Hopefully someone with more experience can help me get this figured out.

2
Virtual private networks / Client can't connect to new OpenVPN Server
« on: September 04, 2021, 08:52:45 pm »
I've had OPNSense running as my router for a year and a half now.  I've had an OpenVPN server running on my ESXi server for the last year, and had to play with (and try to understand) a couple Firewall rules to finally get it to connect.  However, now I want to run OpenVPN on my OPNSense machine and free up resources on my ESXi Server.

So I finally upgraded to 21.7.1 and setup the SSL VPN Roadwarrior config from the guide.  I did it manually the first time, created CA, server cert, and user Cert, created my user ID, and got the 2FA working using Microsoft Authenticator.  I was able to use the tester to show that the authentication using the Token (OTP) Plus the User Password works.

I downloaded the client profile for testing with OpenVPN Connect my android phone, and imported the profile.  While it contains the CA Key, the Server Key and my private key in the profile, the client will not connect (or even see) the OpenVPN server from outside the network (over my cell service).

So I deleted all that and setup OpenVPN using the Wizard.  New user and certs and everything, replacing all profiles and still no luck. 

One thing is that I'm not using a domain name, but rather the dynamic IP from my ISP, but that IP stays active for weeks and weeks according to my testing.   I also disable "block private networks" on the WAN as described in the guide.  I also just disabled the Firewall rules that I created on the first try for now...while it replaced those with the Wizard installed rules.

I'll try to show my configuration if anyone could help  me figure out what's going wrong...

Thanks!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2