OpenVPN client cannot connect

[medium_grade]

Greetings!

I am new to Opnsense, but I am a long time user of Pfsense so a lot of the fundamentals are familiar to me.

I am trying to setup my first OpenVPN server, but I am getting timeouts when trying to make an inbound connection. I don't see any errors on my client end except "TLS key negotiation failed to occur within 60 seconds."


Here is my setup:
LAN: 10.99.10.0/24
WAN: DHCP (using DDNS)

Server Mode: Remote Access (SSL/TLS + User Auth)
Backend for authentication: Local Database
Enforce local group: (none)
Protocol: UDP4
Device Mode: tun
Interface: WAN
Local port: 1194
DH Parameters Length: 2048 bit
Encryption algorithm: AES-256-CBC
Auth Digest Algorithm: SAH256
Hardware Crypto: No Hardware Crypto
Certificate Depth One
IPv4 Tunnel Network: 10.2.0.0/24
Redirect Gateway: Unchecked
IPv4 Local Network: 10.99.10.0/24


Firewall Rule (WAN)
Protocol: IPv4 UDP
Source: *
Port: *
Destination: WAN address
Port: 1194

Firewall Rule (OpenVPN)
Protocol: IPv4+6*
Source: *
Port: *
Destination: *
Port: *

Yes, I have verified that the DDNS host I am using is resolving to the correct IP as I can enable all inbound traffic and reach the web interface from that hostname. I had a Pfsense box here previously in which OpenVPN worked fine so I do not believe it is anything on the ISP side. Any ideas?

[chemlud]

Do you see traffic on port 1194? Just for testing maybe try "shared key"...

[medium_grade]

Shared key only seems to be an option with a peer-to-peer connection. Will that work?

[Gauss23]

How did you create the config file for the client? TLS Key negotiation sound like a wrong tls auth/crypt info in the config file.

You can enable logging on the WAN rule allowing traffic to port 1194. You should the see the connections in Firewall:Log files:Live view