Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] OpenVPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] OpenVPN (Read 9797 times)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
[SOLVED] OpenVPN
«
on:
September 28, 2017, 09:09:53 pm »
Hi,
I've setup OpenVPN on my OPNsense box a while ago. Updated the system whenever available.
I can always connect to my OPNsense box. But at work, the last month or so, I'm no longer able to. Not with Windows, IOS or Linux. The logfile shows all sorts of errors.
Here are some:
Sep 27 14:00:59 firewall openvpn[26241]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Sep 27 14:00:59 firewall openvpn[26241]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Sep 27 14:00:59 firewall openvpn[26241]: Peer Connection Initiated with [AF_INET]
Sep 27 14:00:59 firewall openvpn[26241]: MULTI_sva: pool returned IPv4=192.168.10.6, IPv6=(Not enabled)
Sep 27 14:01:01 firewall openvpn[26241]: Authenticate/Decrypt packet error: cipher final failed
Sep 27 14:01:02 firewall openvpn[26241]: Authenticate/Decrypt packet error: cipher final failed
Where do I have to start? At work or on my OPNsense box?
«
Last Edit: October 04, 2017, 06:54:27 pm by franco
»
Logged
bartjsmit
Hero Member
Posts: 2023
Karma: 194
Re: OpenVPN
«
Reply #1 on:
September 28, 2017, 11:08:28 pm »
download the VPN config for your user again and compare the cipher lines. I reckon that's what stops the connection being established.
Bart...
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: OpenVPN
«
Reply #2 on:
October 02, 2017, 02:59:45 pm »
When using Wireshark I see this happen:
OpenVPN MessageType: P_CONTROL_HARD_RESET_CLIENT_V2
Followed by:
ICMP Destination unreachable (Port unreachable)
So I guess the NAT router is blocking incoming UDP traffic in some way.
Logged
bartjsmit
Hero Member
Posts: 2023
Karma: 194
Re: OpenVPN
«
Reply #3 on:
October 02, 2017, 03:31:48 pm »
If OPNsense is behind another firewall, you'll need to ensure that the OpenVPN traffic can get through. By default this is UDP 1194.
It is preferred to have OPNsense as the peripheral firewall, perhaps with a PPPoE connection to a DSL modem.
Bart...
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: OpenVPN
«
Reply #4 on:
October 02, 2017, 03:59:10 pm »
I guess it relies on the other side, the router at the company I try to connect from.
Nothing to do with OPNsense.
Not solved yet, but one step further. :-)
Logged
bartjsmit
Hero Member
Posts: 2023
Karma: 194
Re: OpenVPN
«
Reply #5 on:
October 02, 2017, 04:37:11 pm »
You could use one of the commonly allowed ports, such as TCP 443 or UDP 53 instead of the default, although it's usually best to speak to the firewall administrator on the other end.
Bart...
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: OpenVPN
«
Reply #6 on:
October 04, 2017, 05:27:27 pm »
Fixed
Some strange behavior on the USG60 router NAT settings.
This is why I love OPNsense
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] OpenVPN
