Netgate SG-1000 microFirewall

Author Topic: OpenVPN server behind router Draytek Virgo 2925  (Read 228 times)

0 Members and 1 Guest are viewing this topic.

Offline thanhtrung411

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
OpenVPN server behind router Draytek Virgo 2925
« on: December 28, 2017, 02:10:18 am »
Dear all,

Im newbie in pfsense forum. So Hi all u guys. I need some help from pfsense-experts in here.
Im setting up an OpenVPN server for UCM6208 Grandstream. All configuration is done, I test to connect into OpenVPN server by PC in local network, it works. But when I test from the internet network there's an error: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity).TLS Error: TLS handshake failed.
I did some research what that error mean. I think the problem is the firewall on router Draytek 2925. So I check the router, open port, port forward for openvpn server, disable firewall. But it doesnot work.
Anyone could give me some tips about this issue.

Thanks a lot so much guys  :o

Online viragomann

  • Hero Member
  • *****
  • Posts: 2826
  • Karma: +310/-1
    • View Profile
Re: OpenVPN server behind router Draytek Virgo 2925
« Reply #1 on: December 28, 2017, 03:22:21 am »
You try to connect over the internet by using the pfSense local IP.  :o

Offline thanhtrung411

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: OpenVPN server behind router Draytek Virgo 2925
« Reply #2 on: December 28, 2017, 03:49:10 am »
Dear bro,
First time I also feel strange about the ip on client file, then I check all step while setup openvpn server, i see no any step configure about public ip for client. Btw i also change the private ip into the public for testing. it's the same error.

Online viragomann

  • Hero Member
  • *****
  • Posts: 2826
  • Karma: +310/-1
    • View Profile
Re: OpenVPN server behind router Draytek Virgo 2925
« Reply #3 on: December 28, 2017, 04:05:06 am »
Of course you have to set the vpn server to listen to its interface address, which may be private. But when you try to connect from the client over the internet, you must use the public IP assigned to the Vigor.
If the error in the client log is the same the packets won't reach the server. Maybe your ISP blocks it.

Offline thanhtrung411

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: OpenVPN server behind router Draytek Virgo 2925
« Reply #4 on: December 28, 2017, 10:59:53 pm »
the server is working now, solution is missing gateway on WAN interface.