Can't VPN to FreeNAS openVPN

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
rawmetal
OpenVpn Newbie
Posts: 1
Joined: Tue Sep 12, 2017 3:04 pm

Can't VPN to FreeNAS openVPN

Post by rawmetal » Wed Sep 13, 2017 5:09 pm

I'm new to this server and VPN thing, so I'm sorry if I overlooked something really stupid. I tried looking through some of the rules, but I don't know anything about networking and I think I cried a little.

My workplace hadn't used a server prior, and we wanted employees who work remotely to be able to VPN to the server to access files. We don't have a network administrator, so I guess that makes me the network administrator. We have a server with FreeNAS 11 STABLE installed. I followed this guide and confirmed that OpenVPN was running inside the FreeNAS jail @ IP 10.1.10.2. I configured my router to forward port 1194 to the FreeNas server @ 10.1.10.225 (Maybe the wrong port?). I went home and installed the OpenVPN GUI and imported my client config file. I tried to use the GUI to VPN to the network, but I got an error about the keys and certificates not being available. I grabbed my keys and certificate and moved them to the proper location. I tried to VPN again, but I get this:

Code: Select all

Wed Sep 13 09:45:08 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 13 09:45:08 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 13 09:45:08 2017 MANAGEMENT: >STATE:1505321108,RESOLVE,,,,,,
Wed Sep 13 09:45:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]73.xx.xx.xxx:443
Wed Sep 13 09:45:08 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Sep 13 09:45:08 2017 UDP link local: (not bound)
Wed Sep 13 09:45:08 2017 UDP link remote: [AF_INET]73.xx.xx.xxx:443
Wed Sep 13 09:45:08 2017 MANAGEMENT: >STATE:1505321108,WAIT,,,,,,
Wed Sep 13 09:46:08 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 13 09:46:08 2017 TLS Error: TLS handshake failed
Wed Sep 13 09:46:08 2017 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 13 09:46:08 2017 MANAGEMENT: >STATE:1505321168,RECONNECTING,tls-error,,,,,
If I try to use the Windows VPN service, it gives me error 807

Code: Select all

The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
This sounds like I may not have a configuration file set up properly? I have my openvpn client configuration file set up like so:
Client config
client
dev tun
proto udp
remote 73.xx.xx.xxx 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert nickh.crt
key nickh.key
remote-cert-tls server
cipher AES-256-CBC
tls-auth ta.key 1
#dhcp-option DNS 0.0.0.0
#redirect-gateway def1
comp-lzo
verb 3
float
My OpenVPN server config file is set up like this:
Server config
port 10011
proto udp
dev tun
ca ca.crt
cert openvpn-server.crt #Server public key
key openvpn-server.key #Server private key
dh dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 73.xx.xx.xxx 255.255.255.0" #Yellow network
tls-auth ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3
I feel like I'm very close here, but maybe I really screwed up somewhere. If I'm not in the right spot, please let me know. I'm going crazy here.

Post Reply