Fri Oct 23 13:46:09 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015 Fri Oct 23 13:46:09 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08 Fri Oct 23 13:46:19 2015 Control Channel Authentication: using 'pfSense-udp-443-dmott-tls.key' as a OpenVPN static key file Fri Oct 23 13:46:19 2015 UDPv4 link local (bound): [undef] Fri Oct 23 13:46:19 2015 UDPv4 link remote: [AF_INET]74.74.96.179:443 Fri Oct 23 13:46:19 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Oct 23 13:47:19 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri Oct 23 13:47:19 2015 TLS Error: TLS handshake failed Fri Oct 23 13:47:19 2015 SIGUSR1[soft,tls-error] received, process restarting Fri Oct 23 13:47:24 2015 UDPv4 link local (bound): [undef] Fri Oct 23 13:47:24 2015 UDPv4 link remote: [AF_INET]74.74.96.179:443
Just trying to figure out what I can fix so I can have my VPN going. I have the rules in place on the Firewall side of PFSense
Try disabling TLS authentication, you may not have it configured properly on both ends. If it works after disabling it then check to make sure both the server and client has TLS authentication configured correctly and are using the same pre-shared key.
Do you mean that it's working now? Or that it was working and stopped? If it's not working try changing your verbosity level to 3 or 2 to get more info in the logs. Do you have access to the server log too or is this for a VPN service? Sometimes the server log will have more info on the actual problem while the client will just get a time out error.
I used to have a problem like this a lot but I can't remember what I did to solve it.
dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote xx.xx.xx.179 443 udp lport 0 verify-x509-name "AbyssTech" name auth-user-pass pkcs12 pfSense-udp-443-dmott.p12 tls-auth pfSense-udp-443-dmott-tls.key 1 ns-cert-type server comp-lzo adaptive
Log from the server, the last 50 of them
Oct 24 00:05:49 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:49 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:50 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:50 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:50 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:51 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:51 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:51 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:52 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:53 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:53 openvpn IP packet with unknown IP version=15 seen Oct 24 00:05:53 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:01 openvpn: user 'dmott' authenticated Oct 24 00:06:01 openvpn[17160]: 174.243.78.180:11349 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558' Oct 24 00:06:01 openvpn[17160]: 174.243.78.180:11349 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' Oct 24 00:06:01 openvpn[17160]: 174.243.78.180:11349 [dmott] Peer Connection Initiated with [AF_INET]174.243.78.180:11349 Oct 24 00:06:01 openvpn[17160]: MULTI_sva: pool returned IPv4=192.168.1.6, IPv6=(Not enabled) Oct 24 00:06:02 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:02 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:02 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:02 openvpn send_push_reply(): safe_cap=940 Oct 24 00:06:02 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:03 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:04 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:04 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:04 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:05 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:05 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:05 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:07 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:07 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:07 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:07 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:08 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:09 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:09 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:10 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:10 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:11 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:11 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:11 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:11 openvpn IP packet with unknown IP version=15 seen Oct 24 00:06:11 openvpn IP packet with unknown IP version=15 seen Oct 24 00:08:11 openvpn [dmott] Inactivity timeout (--ping-restart), restarting
This was from the test session i did. I was still connected to my main network when I connected to my VPN server
Fri Oct 23 19:54:25 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015 Fri Oct 23 19:54:25 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08 Enter Management Password: Fri Oct 23 19:54:35 2015 Control Channel Authentication: using 'pfSense-udp-443-dmott-tls.key' as a OpenVPN static key file Fri Oct 23 19:54:35 2015 UDPv4 link local (bound): [undef] Fri Oct 23 19:54:35 2015 UDPv4 link remote: [AF_INET]74.74.96.179:443 Fri Oct 23 19:54:35 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Oct 23 19:54:35 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' Fri Oct 23 19:54:35 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' Fri Oct 23 19:54:35 2015 [AbyssTech] Peer Connection Initiated with [AF_INET]74.74.96.179:443 Fri Oct 23 19:54:37 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Fri Oct 23 19:54:37 2015 open_tun, tt->ipv6=0 Fri Oct 23 19:54:37 2015 TAP-WIN32 device [Ethernet 3] opened: .\Global{A5AF1351-9DCA-4C5A-9BC7-B208331852DD}.tap Fri Oct 23 19:54:37 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.1.6/255.255.255.252 on interface {A5AF1351-9DCA-4C5A-9BC7-B208331852DD} [DHCP-serv: 192.168.1.5, lease-time: 31536000] Fri Oct 23 19:54:37 2015 Successful ARP Flush on interface [8] {A5AF1351-9DCA-4C5A-9BC7-B208331852DD} Fri Oct 23 19:54:42 2015 Initialization Sequence Completed Fri Oct 23 19:55:28 2015 SIGTERM[hard,] received, process exiting
Do you have any MTU setting configured on the server? Because that's pretty weird. Try adding:
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
to both configs and see if that helps. I haven't had to do this with my server but I've used these setting when connecting to VPN services. From the look of the error the server configuration has an incorrect setting for link-mtu.
Your settings are pretty much the same as mine, I'm not really sure what going wrong. Do you have compression enabled on the server? I can't see the option in your screenshots but the logs indicate that it's not enabled.
