pfSense Support Subscription

Author Topic: OpenVPN connection timeout  (Read 14889 times)

0 Members and 1 Guest are viewing this topic.

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
OpenVPN connection timeout
« on: October 08, 2008, 12:46:11 am »
Hi guys,

I've setup a number of OpenVPN site to site as well as road warrior before and all are working fine, and I have this new pfSense box acting as OpenVPN server (site to site) and I can't connect to the server, I'm always getting this error from the logs on the client side:

Oct 8 13:31:05    openvpn[80243]: TCP: connect to 122.xx.xx.xx:1194 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 8 13:29:45    openvpn[80243]: TCP: connect to 122.xx.xx.xx:1194 failed, will try again in 5 seconds: Operation timed out (errno=60)


From the server side it appears to be listening:

Oct 8 13:27:56    openvpn[33870]: Listening for incoming TCP connection on [undef]:1194
Oct 8 13:27:55    openvpn[33859]: /etc/rc.filter_configure tun0 1500 1546 192.168.100.1 192.168.100.2 init
Oct 8 13:27:55    openvpn[33859]: /sbin/ifconfig tun0 192.168.100.1 192.168.100.2 mtu 1500 netmask 255.255.255.255 up
Oct 8 13:27:55    openvpn[33859]: TUN/TAP device /dev/tun0 opened

My configs:

Server LAN: 192.168.0.0/24
Client LAN: 10.10.10.0/24
Address Pool: 192.168.100.0/22
Protocol: TCP
Port: 1194

pfSense server is behind a Cisco router that only acts as an interface for the E1 modem.

TIA for the help.

Jan

Offline GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5066
  • Karma: +4/-0
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: OpenVPN connection timeout
« Reply #1 on: October 08, 2008, 03:09:32 am »
Since the client times out and you have no entries of connection attempts on the server side:
I would start checking if the firewall-rule allowing the inbound connections is valid (correct protocol?).
Then i'd check if the cisco isnt doing anything firewall-related.

After that start wireshark and look at th interface in front of the pfSense if the traffic arrives as it should.
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
Re: OpenVPN connection timeout
« Reply #2 on: October 08, 2008, 08:14:18 pm »
The Cisco router does not do any firewall related thing, I guess my rules are just too restrictive. What I've done is allow any port for the OpenVPN tunnel and voila, it's now connected. AFAIK I should only open port 1194 on the client and create a firewall rule that allows port 1194 connection on the server side but apparently it's not working, might as well stick to what's working for the time being.

Offline kpa

  • Full Member
  • ***
  • Posts: 267
  • Karma: +0/-0
    • View Profile
Re: OpenVPN connection timeout
« Reply #3 on: October 09, 2008, 07:42:27 am »
If you happen to have nobind -option in the client configuration, then the client will use any random port for the connection at the client end. Your firewall rule should be written with that in mind and allow any source port.

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
  • Karma: +0/-0
    • View Profile
Re: OpenVPN connection timeout
« Reply #4 on: October 09, 2008, 11:43:46 pm »
No, I don't have that option in the client configuration, today I've changed again the configuration this time using UDP as protocol with LZO compression and some specified ports besides 1194 and voila, it's working  ;D
I can see that the client used port 1194 instead of any random port, weird, right? Anyways it's working and that is what matters!  ;D