Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TrickyD

Pages1
#1
Virtual private networks / Re: OpenVPN Server, TLS Error: TLS key negotiation failed to occur within 60 seconds
December 11, 2024, 06:31:59 PM
Hello ludarkstar99,

Thank you for getting back to me so quickly. I tried the official documentation last week but without 2FA.  I can try again.

Quote- Verify that the Windows client is connecting from a WAN network (i.e., dialing in from outside your local network). You can simulate this by sharing your mobile broadband connection with your laptop.

- Based on the attached logs, I see the Windows 11 client is trying to connect to the address 192.168.3.16, which is an internal address. When exporting the profile (Client Export), ensure you set the hostname to your internet-routable address (e.g., your WAN IP if your firewall has a public IP, or the public IP of your modem if your firewall is behind it).

The WAN interface is connected to a local network on which the Windows PC is also present [n.b. second NIC used to connect to OpnSense LAN [192.168.1.0/24]).  This is the Use Case for the VPN connection but also avoids the need to worry about other routers.

Quote- Have you created a firewall rule on your WAN interface to allow incoming connections on port 1401/udp?

Yes.

Quote- If your OPNsense WAN interface is behind a routed modem (not a bridge modem), have you configured your ISP modem to forward all ports (or at least port 1401) to your firewall's WAN IP address?

No router involved.

Quote- Can you open and redirect other ports on your firewall? To test, try connecting on a closed port and check the live logs for any activity. Avoid testing port 1401, as it uses UDP/TLS and will not respond unless the correct encryption key is provided.

Not sure what other ports to test right now but the log (see first attached screenshot) seems to show port 1401 is open.

I've just created a firewall rule for the WAN allowing anything from anyone but can't ping the WAN port from the PC (see second attached screenshot).  Does that make sense?


#2
Virtual private networks / OpenVPN Server, TLS Error: TLS key negotiation failed to occur within 60 seconds
December 11, 2024, 02:45:39 PM
I have spent many hours trying to set up a Community Edition of OpnSense to act an OpenVPN Server but I am unable to connect to it, with OpenVPN GUI on a Windows 11 PC reporting:
QuoteWed Dec 11 13:20:12 2024 UDP link local (bound): [AF_INET][undef]:0
Wed Dec 11 13:20:12 2024 UDP link remote: [AF_INET]192.168.3.16:1401
Wed Dec 11 13:20:12 2024 MANAGEMENT: >STATE:1733923212,WAIT,,,,,,
Wed Dec 11 13:21:12 2024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Dec 11 13:21:12 2024 TLS Error: TLS handshake failed
Wed Dec 11 13:21:12 2024 Closing DCO interface
Wed Dec 11 13:21:12 2024 SIGUSR1[soft,tls-error] received, process restarting

I have tried every tutorial I can find, used OpnSense generated certificates, used my own certificates, reloaded OpnSense and tried everything I can think of.  Using OpnSense as an OpenVPN client works as expected.

If I use the same physical Windows 11 PC to access the same physical hardware but with pfSense running the OpenVPN server, it works.  This implies to me that the Windows 11 PC is not the problem, but OpnSense is.

My OpnSense box is an AMD based SBC with firmware is as follows:

QuoteOPNsense 24.7.10_2-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

So two simple questions:

  • Does the Community Edition of OpnSense support OpenVPN servers?
  • If so, can anybody give me a clue to what I am doing wrong, or where I can start looking for clues?

Thanks
Pages1