Tls error  tls key negotiation failed to occur within 60 seconds (check your network connectivity)

Tls error tls key negotiation failed to occur within 60 seconds (check your network connectivity)

Pfsense basics – remote user vpn

I recall having similar/identical issues when attempting to set up via portmapper. Finally, I stopped tracking this issue because I just wanted to set it up as a fallback if IPv6 was not available on the client’s site. The VPN server worked fine when I connected via another WAN interface that was reachable via IPv4, so I believe the portmapper is the problem. Is there something that suggests you shouldn’t set up your server for IPv6? With a reachable IPv6 on your WAN, a portmapper can only be used for clients who do not support IPv6 (it just does not support udp) First and foremost, I previously used a pfsense in the same environment and it worked perfectly. Second, I have an openvpn server in my network that works great (but that server does not have a webgui to handle the vpn, and I no longer want to open ports, which is why I want to use the vpn on the opensense), and I have to use the portmapper because cellphones do not support IPv6 (at least in germany).
SOLVED: It’s an odd solution, but at least it’s a solution.
The firewall rule was ipv4+ipv6 ond wan adress (as set by openvpn), so I changed it to ipv6 on WAN adress (which didn’t work), then changed WAN adress to single hosten and placed in the ipv6/128 and it worked!
I changed it back to a WAN address after that and it still works.
I had a similar problem when I opened a port to a network computer and the alias didn’t work but the IP did.
Now I’ve changed the rule back to alias as well, and it now works.
Perhaps there is a problem with the aliases.

Openvpn tls handshake failed with linux server/windows

Prior to connecting, I run the following script, which is supposed to punch a hole in the firewall (see phase 12 of the guide) – this is supposed to be automatic, but I can’t figure out where to put it to make it happen, but that’s a question for another post. For the time being, I’m going to run this manually: it seems that your problem is with the keys rather than the firewall; one of the most common problems when linking a Raspberry Pi and a VPN server is the OpenVPN version; for example, if the server is using (2.4) and the client is using 2.3 (as I would presume given the tutorial’s date), the keys may not be compatible; make sure both are using the latest version.

Tutorial: pfsense openvpn configuration for remote users

When I try to sign up for Cyberghost using OpenVPN, I get the following error message since 3 days. (And, yes, I am aware that Cyberghost is unquestionably not the Easter candy; this year, I will be using another VPN.) CG’s website has rapidly become “unusable”).
‘V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client’, Fri Oct 25 18:05:42 2019 us=663111 Local Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1574
Planned Remote Options String (VER=V4) for Fri Oct 25 18:05:42 2019 us=663111: ‘V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server’

The ultimate/automated openvpn setup — ovpnsetup (v3

This leads me to believe that there is a misbehaving NAT system somewhere between the client and the server, one with very short-lived state table entries, that is changing the source port number it applies to the client’s formed stream, causing the server to believe that two short-lived communications are in progress instead of one continuous one.
Since such devices usually only do this with UDP, I recommend that you double-check that you’re using UDP and then try TCP instead. You’ve already done this and discovered that it solves the problem. The next move is to find the misbehaving NAT computer, smack it with a club hammer, and substitute it with one that doesn’t make the cardinal error of believing that all UDP communications are ephemeral; however, you’ve stated that you’re fine with switching to TCP as a solution, so the problem is resolved.
Since the VPN on our pfSense firewall had been mounted on the LAN interface rather than the WAN interface by accident, the exported config was set to try to connect to the firewall’s LAN IP address, which would never work because the client was on a different LAN.

About the author


View all posts